diff --git a/Makefile.am b/Makefile.am index 5888bc0266..91a9113d22 100644 --- a/Makefile.am +++ b/Makefile.am @@ -66,6 +66,7 @@ MODULES = \ guix/gnu-maintenance.scm \ guix/upstream.scm \ guix/licenses.scm \ + guix/git.scm \ guix/graph.scm \ guix/cache.scm \ guix/cve.scm \ @@ -78,6 +79,7 @@ MODULES = \ guix/build-system/dub.scm \ guix/build-system/emacs.scm \ guix/build-system/font.scm \ + guix/build-system/minify.scm \ guix/build-system/asdf.scm \ guix/build-system/glib-or-gtk.scm \ guix/build-system/gnu.scm \ @@ -104,6 +106,7 @@ MODULES = \ guix/build/cmake-build-system.scm \ guix/build/dub-build-system.scm \ guix/build/emacs-build-system.scm \ + guix/build/minify-build-system.scm \ guix/build/font-build-system.scm \ guix/build/asdf-build-system.scm \ guix/build/git.scm \ @@ -207,13 +210,6 @@ MODULES += \ endif HAVE_GUILE_SSH -if HAVE_GUILE_GIT - -MODULES += \ - guix/git.scm - -endif HAVE_GUILE_GIT - if BUILD_DAEMON_OFFLOAD MODULES += \ diff --git a/build-aux/build-self.scm b/build-aux/build-self.scm index 8fb9af23ca..4933e02712 100644 --- a/build-aux/build-self.scm +++ b/build-aux/build-self.scm @@ -224,6 +224,23 @@ files." (current-error-port) (%make-void-port "w"))))) + (unless guile-git + ;; XXX: Guix before February 2017 lacks a 'guile-git' package altogether. + ;; If we try to upgrade anyway, the logic in (guix scripts pull) will not + ;; build (guix git), which will leave us with an unusable 'guix pull'. To + ;; avoid that, fail early. + (format (current-error-port) + "\ +Your installation is too old and lacks a '~a' package. +Please upgrade to an intermediate version first, for instance with: + + guix pull --url=https://git.savannah.gnu.org/cgit/guix.git/snapshot/v0.13.0.tar.gz +\n" + (match (effective-version) + ("2.0" "guile2.0-git") + (_ "guile-git"))) + (exit 1)) + (mlet %store-monad ((guile (guile-for-build))) (gexp->derivation "guix-latest" builder #:modules '((guix build pull) diff --git a/configure.ac b/configure.ac index 2b75c900cc..9ad7598f8b 100644 --- a/configure.ac +++ b/configure.ac @@ -100,14 +100,16 @@ if test "x$have_gnutls" != "xyes"; then AC_MSG_ERROR([The Guile bindings of GnuTLS are missing; please install them.]) fi +dnl Check for Guile-Git. +GUILE_MODULE_AVAILABLE([have_guile_git], [(git)]) +if test "x$have_guile_git" != "xyes"; then + AC_MSG_ERROR([Guile-Git is missing; please install it.]) +fi + dnl Guile-JSON is used in various places. GUILE_MODULE_AVAILABLE([have_guile_json], [(json)]) AM_CONDITIONAL([HAVE_GUILE_JSON], [test "x$have_guile_json" = "xyes"]) -dnl Check for Guile-Git. -GUILE_MODULE_AVAILABLE([have_guile_git], [(git)]) -AM_CONDITIONAL([HAVE_GUILE_GIT], [test "x$have_guile_git" = "xyes"]) - dnl Make sure we have a full-fledged Guile. GUIX_ASSERT_GUILE_FEATURES([regex posix socket net-db threads]) diff --git a/doc/contributing.texi b/doc/contributing.texi index 00edd47710..98971a9bbc 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -110,10 +110,13 @@ actually installing them. So that you can distinguish between your To that end, all the command-line tools can be used even if you have not run @code{make install}. To do that, prefix each command with @command{./pre-inst-env} (the @file{pre-inst-env} script lives in the -top build tree of Guix), as in: +top build tree of Guix), as in@footnote{The @option{-E} flag to +@command{sudo} guarantees that @code{GUILE_LOAD_PATH} is correctly set +such that @command{guix-daemon} and the tools it uses can find the Guile +modules they need.}: @example -$ sudo ./pre-inst-env guix-daemon --build-users-group=guixbuild +$ sudo -E ./pre-inst-env guix-daemon --build-users-group=guixbuild $ ./pre-inst-env guix build hello @end example diff --git a/doc/guix.texi b/doc/guix.texi index 6b4b19d0cf..88bf0bb621 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -580,6 +580,10 @@ later, including 2.2.x; @uref{http://gnutls.org/, GnuTLS}, specifically its Guile bindings (@pxref{Guile Preparations, how to install the GnuTLS bindings for Guile,, gnutls-guile, GnuTLS-Guile}); +@item +@c FIXME: Specify a version number once a release has been made. +@uref{https://gitlab.com/guile-git/guile-git, Guile-Git}, from August +2017 or later; @item @url{http://www.gnu.org/software/make/, GNU Make}. @end itemize @@ -2473,7 +2477,8 @@ Packages are installed or upgraded to the latest version available in the distribution currently available on your local machine. To update that distribution, along with the Guix tools, you must run @command{guix pull}: the command downloads the latest Guix source code and package -descriptions, and deploys it. +descriptions, and deploys it. Source code is downloaded from a +@uref{https://git-scm.com, Git} repository. On completion, @command{guix package} will use packages and package versions from this just-retrieved copy of Guix. Not only that, but all @@ -2499,24 +2504,18 @@ but it supports the following options: Produce verbose output, writing build logs to the standard error output. @item --url=@var{url} -Download the source tarball of Guix from @var{url}. +Download Guix from the Git repository at @var{url}. -By default, the tarball is taken from its canonical address at +By default, the source is taken from its canonical Git repository at @code{gnu.org}, for the stable branch of Guix. -With some Git servers, this can be used to deploy any version of Guix. -For example, to download and deploy version 0.12.0 of Guix from the -canonical Git repo: +@item --commit=@var{commit} +Deploy @var{commit}, a valid Git commit ID represented as a hexadecimal +string. -@example -guix pull --url=https://git.savannah.gnu.org/cgit/guix.git/snapshot/v0.12.0.tar.gz -@end example - -It can also be used to deploy arbitrary Git revisions: - -@example -guix pull --url=https://git.savannah.gnu.org/cgit/guix.git/snapshot/74d862e8a.tar.gz -@end example +@item --branch=@var{branch} +Deploy the tip of @var{branch}, the name of a Git branch available on +the repository at @var{url}. @item --bootstrap Use the bootstrap Guile to build the latest Guix. This option is only @@ -3291,7 +3290,8 @@ used. For version control checkouts, it is recommended to provide the file name explicitly because the default is not very descriptive. @item @code{patches} (default: @code{'()}) -A list of file names containing patches to be applied to the source. +A list of file names, origins, or file-like objects (@pxref{G-Expressions, +file-like objects}) pointing to patches to be applied to the source. This list of patches must be unconditional. In particular, it cannot depend on the value of @code{%current-system} or @@ -3576,6 +3576,21 @@ specified with the @code{#:glib} parameter. Both phases are executed after the @code{install} phase. @end defvr +@defvr {Scheme Variable} minify-build-system +This variable is exported by @code{(guix build-system minify)}. It +implements a minification procedure for simple JavaScript packages. + +It adds @code{uglify-js} to the set of inputs and uses it to compress +all JavaScript files in the @file{src} directory. A different minifier +package can be specified with the @code{#:uglify-js} parameter, but it +is expected that the package writes the minified code to the standard +output. + +When the input JavaScript files are not all located in the @file{src} +directory, the parameter @code{#:javascript-files} can be used to +specify a list of file names to feed to the minifier. +@end defvr + @defvr {Scheme Variable} ocaml-build-system This variable is exported by @code{(guix build-system ocaml)}. It implements a build procedure for @uref{https://ocaml.org, OCaml} packages, which consists diff --git a/gnu/bootloader/grub.scm b/gnu/bootloader/grub.scm index 3a3456ca46..ef62fe059b 100644 --- a/gnu/bootloader/grub.scm +++ b/gnu/bootloader/grub.scm @@ -55,6 +55,7 @@ grub-bootloader grub-efi-bootloader + grub-mkrescue-bootloader grub-configuration)) @@ -410,6 +411,11 @@ submenu \"GNU system, old configurations...\" {~%") (name 'grub-efi) (package grub-efi))) +(define* grub-mkrescue-bootloader + (bootloader + (inherit grub-efi-bootloader) + (package grub-hybrid))) + ;;; ;;; Compatibility macros. diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm index 299c0728cb..9c58370ec3 100644 --- a/gnu/build/activation.scm +++ b/gnu/build/activation.scm @@ -313,6 +313,7 @@ they already exist." (false-if-exception (delete-file file))) (format #t "populating /etc from ~a...~%" etc) + (mkdir-p "/etc") ;; Create the /etc/ssl -> /run/current-system/profile/etc/ssl symlink. This ;; symlink, to a target outside of the store, probably doesn't belong in the diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index b6930497d6..203fbdfffb 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -373,15 +373,16 @@ not valid header was found." (define (disk-partitions) "Return the list of device names corresponding to valid disk partitions." - (define (last-character str) - (string-ref str (- (string-length str) 1))) - (define (partition? name major minor) - ;; Select device names that end in a digit, like libblkid's 'probe_all' - ;; function does. Checking for "/sys/dev/block/MAJOR:MINOR/partition" - ;; doesn't work for partitions coming from mapped devices. - (and (char-set-contains? char-set:digit (last-character name)) - (> major 2))) ;ignore RAM disks and floppy disks + ;; grub-mkrescue does some funny things for EFI support which + ;; makes it a lot more difficult than one would expect to support + ;; booting an ISO-9660 image from an USB flash drive. + ;; For example there's a buggy (too small) hidden partition in it + ;; which Linux mounts and then proceeds to fail while trying to + ;; fall off the edge. + ;; In any case, partition tables are supposed to be optional so + ;; here we allow checking entire disks for file systems, too. + (> major 2)) ;ignore RAM disks and floppy disks (call-with-input-file "/proc/partitions" (lambda (port) diff --git a/gnu/local.mk b/gnu/local.mk index 3f27a5f973..acdadd6294 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -582,7 +582,6 @@ dist_patch_DATA = \ %D%/packages/patches/eudev-rules-directory.patch \ %D%/packages/patches/evilwm-lost-focus-bug.patch \ %D%/packages/patches/exim-CVE-2017-1000369.patch \ - %D%/packages/patches/fabric-tests.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ %D%/packages/patches/fastcap-mulSetup.patch \ %D%/packages/patches/fasthenry-spAllocate.patch \ @@ -620,6 +619,7 @@ dist_patch_DATA = \ %D%/packages/patches/gcr-disable-failing-tests.patch \ %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch \ %D%/packages/patches/gdk-pixbuf-list-dir.patch \ + %D%/packages/patches/gd-CVE-2017-7890.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ @@ -637,6 +637,11 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glibc-CVE-2015-5180.patch \ + %D%/packages/patches/glibc-CVE-2015-7547.patch \ + %D%/packages/patches/glibc-CVE-2016-3075.patch \ + %D%/packages/patches/glibc-CVE-2016-3706.patch \ + %D%/packages/patches/glibc-CVE-2016-4429.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index 02d9baf493..e8a1cb552c 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -1718,7 +1718,7 @@ throughput (in the same interval).") (define-public thefuck (package (name "thefuck") - (version "3.18") + (version "3.19") (source (origin (method url-fetch) (uri (string-append "https://github.com/nvbn/thefuck/archive/" @@ -1726,7 +1726,7 @@ throughput (in the same interval).") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1xsvkqh89rgxq5w03mnlcfkn9y39nfwhb2pjabjspcc2mi2mq5y6")) + "191zbvkyc02h0wwd46xwj4zzg7jhlr8xv0ji6knqkgjnk0nvqq01")) (patches (search-patches "thefuck-test-environ.patch")))) (build-system python-build-system) (arguments @@ -2105,28 +2105,22 @@ Intel DRM Driver.") (define-public fabric (package (name "fabric") - (version "1.13.1") + (version "1.13.2") (source (origin (method url-fetch) (uri (pypi-uri "Fabric" version)) (sha256 (base32 - "1z17hw0yiqp1blq217zxkg2jzkv8qd79saqhscgsw14mwlcqpwd0")) - (patches (search-patches "fabric-tests.patch")))) + "0k944dxr41whw7ib6380q9x15wyskx7fqni656icdn8rzshn9bwq")))) (build-system python-build-system) (arguments - `(#:python ,python-2)) ;Python 2 only + `(#:python ,python-2)) ; Python 2 only (native-inputs - `(("python2-fudge" ,python2-fudge) ; Requires < 1.0 - ("python2-jinja2" ,python2-jinja2) ; Requires < 3.0 - ("python2-nose" ,python2-nose))) ; Requires < 2.0 + `(("python2-fudge" ,python2-fudge) + ("python2-jinja2" ,python2-jinja2) + ("python2-nose" ,python2-nose))) (propagated-inputs - ;; Required upgrading python-paramiko 1.17.4 to fix an incompatibility - ;; between python-paramiko and newer python-pycrypto. Without this, the - ;; `fab` command fails with "ValueError: CTR mode needs counter - ;; parameter, not IV". See: - ;; https://github.com/paramiko/paramiko/pull/714#issuecomment-281191548. `(("python2-paramiko" ,python2-paramiko))) (home-page "http://fabfile.org") (synopsis "Simple Pythonic remote execution and deployment tool") diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 725d91b976..1ccff1fcf5 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -790,6 +790,7 @@ GLIBC/HURD for a Hurd host" "glibc-versioned-locpath.patch" "glibc-o-largefile.patch" "glibc-vectorized-strcspn-guards.patch" + "glibc-CVE-2015-5180.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -809,6 +810,10 @@ GLIBC/HURD for a Hurd host" "glibc-versioned-locpath.patch" "glibc-o-largefile.patch" "glibc-vectorized-strcspn-guards.patch" + "glibc-CVE-2015-5180.patch" + "glibc-CVE-2016-3075.patch" + "glibc-CVE-2016-3706.patch" + "glibc-CVE-2016-4429.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -826,6 +831,11 @@ GLIBC/HURD for a Hurd host" "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) (patches (search-patches "glibc-ldd-x86_64.patch" "glibc-vectorized-strcspn-guards.patch" + "glibc-CVE-2015-5180.patch" + "glibc-CVE-2015-7547.patch" + "glibc-CVE-2016-3075.patch" + "glibc-CVE-2016-3706.patch" + "glibc-CVE-2016-4429.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))) diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm index 2b4b400c19..84f070f0fd 100644 --- a/gnu/packages/bioinformatics.scm +++ b/gnu/packages/bioinformatics.scm @@ -48,6 +48,7 @@ #:use-module (gnu packages boost) #:use-module (gnu packages compression) #:use-module (gnu packages cpio) + #:use-module (gnu packages cran) #:use-module (gnu packages curl) #:use-module (gnu packages documentation) #:use-module (gnu packages databases) @@ -1636,7 +1637,7 @@ databases.") (build-system python-build-system) (arguments `(#:python ,python-2)) ; only Python 2 is supported (inputs - `(("htseq" ,htseq) + `(("htseq" ,python2-htseq) ("python-pybedtools" ,python2-pybedtools) ("python-cython" ,python2-cython) ("python-scikit-learn" ,python2-scikit-learn) @@ -2981,22 +2982,22 @@ HMMs).") (define-public htseq (package (name "htseq") - (version "0.6.1") + (version "0.9.1") (source (origin (method url-fetch) - (uri (string-append - "https://pypi.python.org/packages/source/H/HTSeq/HTSeq-" - version ".tar.gz")) + (uri (pypi-uri "HTSeq" version)) (sha256 (base32 - "1i85ppf2j2lj12m0x690qq5nn17xxk23pbbx2c83r8ayb5wngzwv")))) + "11flgb1381xdhk43bzbfm3vhnszkpqg6jk76rpa5xd1zbrvvlnxg")))) (build-system python-build-system) - (arguments `(#:python ,python-2)) ; only Python 2 is supported + (native-inputs + `(("python-cython" ,python-cython))) ;; Numpy needs to be propagated when htseq is used as a Python library. (propagated-inputs - `(("python-numpy" ,python2-numpy))) + `(("python-numpy" ,python-numpy))) (inputs - `(("python-pysam" ,python2-pysam))) + `(("python-pysam" ,python-pysam) + ("python-matplotlib" ,python-matplotlib))) (home-page "http://www-huber.embl.de/users/anders/HTSeq/") (synopsis "Analysing high-throughput sequencing data with Python") (description @@ -3004,6 +3005,9 @@ HMMs).") from high-throughput sequencing assays.") (license license:gpl3+))) +(define-public python2-htseq + (package-with-python2 htseq)) + (define-public java-htsjdk (package (name "java-htsjdk") @@ -5757,14 +5761,14 @@ high-throughput sequencing experiments.") (define-public r-deseq2 (package (name "r-deseq2") - (version "1.16.0") + (version "1.16.1") (source (origin (method url-fetch) (uri (bioconductor-uri "DESeq2" version)) (sha256 (base32 - "0m0apn3xi4kdkinsj4xkw5cwysicyjr6xxlxhpa4scyv589am1s5")))) + "01pvyljxkwazxl510v7h0971nx65iqd2bdkbdhw3xzind0n9pdvq")))) (properties `((upstream-name . "DESeq2"))) (build-system r-build-system) (propagated-inputs @@ -5794,14 +5798,14 @@ distribution.") (define-public r-annotationforge (package (name "r-annotationforge") - (version "1.18.0") + (version "1.18.1") (source (origin (method url-fetch) (uri (bioconductor-uri "AnnotationForge" version)) (sha256 (base32 - "01kd86vvgpa4a5zivcy4g6z8rhcykasdskrz8yqsqz211sd1xsr3")))) + "1366qvykd9cpcvwgc5g9mm9adw9rxw6p4814dd6l5fyb0pwpmysx")))) (properties `((upstream-name . "AnnotationForge"))) (build-system r-build-system) @@ -5872,14 +5876,14 @@ Enrichment Analysis} (GSEA).") (define-public r-category (package (name "r-category") - (version "2.42.0") + (version "2.42.1") (source (origin (method url-fetch) (uri (bioconductor-uri "Category" version)) (sha256 (base32 - "0swcmihyjg0fhaaydl9hm24aj9zffw3bibza9y6sqs6jaqd97f09")))) + "1w186nhc85bglcgmbcrsdbb8l6rph21pl5kdwjqwkp0jnr9z0ifn")))) (properties `((upstream-name . "Category"))) (build-system r-build-system) (propagated-inputs @@ -6384,13 +6388,13 @@ also known as views, in a controlled vocabulary.") (define-public r-bookdown (package (name "r-bookdown") - (version "0.3") + (version "0.4") (source (origin (method url-fetch) (uri (cran-uri "bookdown" version)) (sha256 (base32 - "0r9bchzg7im6psc3jphvshzbidc5bv5xaih1qg7b5518jy4iyvb9")))) + "1fp1k7hivrb7s2dwgrsqy9s7xg6pk9hczhrc149y1dwh901j6qvv")))) (build-system r-build-system) (propagated-inputs `(("r-htmltools" ,r-htmltools) @@ -6406,13 +6410,13 @@ authoring books and technical documents with R Markdown.") (define-public r-biocstyle (package (name "r-biocstyle") - (version "2.4.0") + (version "2.4.1") (source (origin (method url-fetch) (uri (bioconductor-uri "BiocStyle" version)) (sha256 (base32 - "1n2c8rj920wmk3q2khmjfnhn5i4b3lmhx1whnghk0zk3jf88hvbi")))) + "0bmgmsfll923v573g0kyzlmjd7gly5jwgd8vkrcwvbam1gz75f2c")))) (properties `((upstream-name . "BiocStyle"))) (build-system r-build-system) @@ -6500,14 +6504,14 @@ support for default values, positional argument support, etc.") (define-public r-optparse (package (name "r-optparse") - (version "1.3.2") + (version "1.4.4") (source (origin (method url-fetch) (uri (cran-uri "optparse" version)) (sha256 (base32 - "1g8as89r91xxi5j5azsd6vrfrhg84mnfx2683j7pacdp8s33radw")))) + "1ff4wmsszrb3spwfp7ynfs8w11qpy1sdzfxm1wk8dqqvdwris7qb")))) (build-system r-build-system) (propagated-inputs `(("r-getopt" ,r-getopt))) @@ -6523,13 +6527,13 @@ that accept short and long options.") (define-public r-dnacopy (package (name "r-dnacopy") - (version "1.50.0") + (version "1.50.1") (source (origin (method url-fetch) (uri (bioconductor-uri "DNAcopy" version)) (sha256 (base32 - "0112ry62z18m7rdyrn3gvbxq2f6m44cawhcfb1f02z9xzlsj0k28")))) + "0f0x83db7rm5xf9fg5pjhvs4i165qqaf01lbwb8kj13fsqpwx15p")))) (properties `((upstream-name . "DNAcopy"))) (build-system r-build-system) @@ -6572,14 +6576,14 @@ S4Vectors package itself.") (define-public r-seqinr (package (name "r-seqinr") - (version "3.3-6") + (version "3.4-5") (source (origin (method url-fetch) (uri (cran-uri "seqinr" version)) (sha256 (base32 - "13d0qxm2244wgdl2dy2s8vnrnf5fx4n47if9gkb49dqx6c0sx8s2")))) + "17zv0n5cji17izwmwg0jcbxbjl3w5rls91w15svcnlpxjms38ahn")))) (build-system r-build-system) (propagated-inputs `(("r-ade4" ,r-ade4) @@ -6597,13 +6601,13 @@ utilities for sequence data management under the ACNUC system.") (define-public r-iranges (package (name "r-iranges") - (version "2.10.0") + (version "2.10.2") (source (origin (method url-fetch) (uri (bioconductor-uri "IRanges" version)) (sha256 (base32 - "0zp4mxm9h1p4krj7m7cinkvwa2ibqkq59jwpan97yvhb4z8q0d6n")))) + "1brmzs3rsf97gymridrh9c9r3vws8b3rpghaanxnniw36lmcajfy")))) (properties `((upstream-name . "IRanges"))) (build-system r-build-system) @@ -6649,13 +6653,13 @@ ID and species. It is used by functions in the GenomeInfoDb package.") (define-public r-genomeinfodb (package (name "r-genomeinfodb") - (version "1.12.0") + (version "1.12.2") (source (origin (method url-fetch) (uri (bioconductor-uri "GenomeInfoDb" version)) (sha256 (base32 - "1bwwhscjl376a5p43mx8ijrqajxmgypbqhv049pgagl22hkkf0y3")))) + "1hjxgmcnrngp1307ipqaq9hgxz4j0ldn7d46knhzs30k2r4qnrfp")))) (properties `((upstream-name . "GenomeInfoDb"))) (build-system r-build-system) @@ -6704,13 +6708,13 @@ CAGE.") (define-public r-variantannotation (package (name "r-variantannotation") - (version "1.22.0") + (version "1.22.3") (source (origin (method url-fetch) (uri (bioconductor-uri "VariantAnnotation" version)) (sha256 (base32 - "05hpm4as36kvpiqhgnkfjwfx0a05p304c21ggba29iac4nanm8b3")))) + "0sr3vdn85x5zdxh80cfwlpfdpi2hmjy3fwi00ac3jya4v145vawr")))) (properties `((upstream-name . "VariantAnnotation"))) (inputs @@ -6742,13 +6746,13 @@ coding changes and predict coding outcomes.") (define-public r-limma (package (name "r-limma") - (version "3.32.0") + (version "3.32.5") (source (origin (method url-fetch) (uri (bioconductor-uri "limma" version)) (sha256 (base32 - "0q7rqm86nwq0rg4fjggfr7xqybjrxj425vni3cva70b4c8d1h425")))) + "0p2ayha9g9w5r8s7pgdf16mkmdbqwh6f35jh07g3b8gyra48gwiw")))) (build-system r-build-system) (home-page "http://bioinf.wehi.edu.au/limma") (synopsis "Package for linear models for microarray and RNA-seq data") @@ -6826,13 +6830,13 @@ manipulating genomic intervals and variables defined along a genome.") (define-public r-biobase (package (name "r-biobase") - (version "2.36.0") + (version "2.36.2") (source (origin (method url-fetch) (uri (bioconductor-uri "Biobase" version)) (sha256 (base32 - "0x7pf5xsdcj12dbf5qqki2c6bd5madqg2fbiq5xgisarpc9v6c1m")))) + "0sr48nqx5bqid4g6lr9zr9286xh842w717yvmssvddb5xxynib6f")))) (properties `((upstream-name . "Biobase"))) (build-system r-build-system) @@ -6848,13 +6852,13 @@ on Bioconductor or which replace R functions.") (define-public r-annotationdbi (package (name "r-annotationdbi") - (version "1.38.0") + (version "1.38.2") (source (origin (method url-fetch) (uri (bioconductor-uri "AnnotationDbi" version)) (sha256 (base32 - "1xffm98s817mfc827cnr0by6167nlrl1glxzjawzz0rkghs41g27")))) + "1lsamnbf07zzsy5asy5hn97n2a4layv58w2bzd90ikcdx0gmzarj")))) (properties `((upstream-name . "AnnotationDbi"))) (build-system r-build-system) @@ -6875,13 +6879,13 @@ annotation data packages using SQLite data storage.") (define-public r-biomart (package (name "r-biomart") - (version "2.32.0") + (version "2.32.1") (source (origin (method url-fetch) (uri (bioconductor-uri "biomaRt" version)) (sha256 (base32 - "0knkxh23vl9pa0by03xr6dy9aiah714cmf54jl828k51l9wv5l2j")))) + "0fhpbjlsgbqxrpj6nzhhk9q3ph81n5x4p7mmd097xjjn6b05w1d8")))) (properties `((upstream-name . "biomaRt"))) (build-system r-build-system) @@ -6905,13 +6909,13 @@ powerful online queries from gene annotation to database mining.") (define-public r-biocparallel (package (name "r-biocparallel") - (version "1.10.0") + (version "1.10.1") (source (origin (method url-fetch) (uri (bioconductor-uri "BiocParallel" version)) (sha256 (base32 - "01ph0kq70b5gkd7n6a4myjlvwzgc0hi4xfwz8h17h06n9p5sdwa9")))) + "08mdfxyk9nwz77v0xhlvs19p2wj0phgm5c5b25vm0xh3749njsp0")))) (properties `((upstream-name . "BiocParallel"))) (build-system r-build-system) @@ -6929,13 +6933,13 @@ objects.") (define-public r-biostrings (package (name "r-biostrings") - (version "2.44.0") + (version "2.44.2") (source (origin (method url-fetch) (uri (bioconductor-uri "Biostrings" version)) (sha256 (base32 - "0ixgx12cx2z4n2khxq83crz9gc21qckj2v78y2p31567kfsw7clg")))) + "12c5abgshwq86357jr0r9039y6vl4d6ngysy89rsnr23ldnsirjp")))) (properties `((upstream-name . "Biostrings"))) (build-system r-build-system) @@ -6999,13 +7003,13 @@ files.") (define-public r-delayedarray (package (name "r-delayedarray") - (version "0.2.0") + (version "0.2.7") (source (origin (method url-fetch) (uri (bioconductor-uri "DelayedArray" version)) (sha256 (base32 - "0pcsk0f2dg2ldzprs1cccqrk53jrysmm6ccgjj5wh6z3x17g7g2r")))) + "02dfqp4md9xaqjj712ijc3jswghmipr5hwkd5hr0x1xi6l2fb69g")))) (properties `((upstream-name . "DelayedArray"))) (build-system r-build-system) @@ -7029,13 +7033,13 @@ array-like objects like @code{DataFrame} objects (typically with Rle columns), (define-public r-summarizedexperiment (package (name "r-summarizedexperiment") - (version "1.6.0") + (version "1.6.3") (source (origin (method url-fetch) (uri (bioconductor-uri "SummarizedExperiment" version)) (sha256 (base32 - "1szjbzzz4pyip891nji71caalxh0rhqiv7rpv6q54swlrqpfkqkw")))) + "0j7xn7pk52d383fb1wplcggacl2586c4zi0alkgfc3wz7qq9w13s")))) (properties `((upstream-name . "SummarizedExperiment"))) (build-system r-build-system) @@ -7060,13 +7064,13 @@ samples.") (define-public r-genomicalignments (package (name "r-genomicalignments") - (version "1.12.0") + (version "1.12.1") (source (origin (method url-fetch) (uri (bioconductor-uri "GenomicAlignments" version)) (sha256 (base32 - "1aagyrdk5309a7awg42lg0bpirp91i6i2ddvpmrs38pzriwahnjy")))) + "127690sys4i5q3l4vxnjg4xg8q19qlw2258vgs5d1156w9ypp04h")))) (properties `((upstream-name . "GenomicAlignments"))) (build-system r-build-system) @@ -7093,13 +7097,13 @@ alignments.") (define-public r-rtracklayer (package (name "r-rtracklayer") - (version "1.36.0") + (version "1.36.4") (source (origin (method url-fetch) (uri (bioconductor-uri "rtracklayer" version)) (sha256 (base32 - "0dv7p3wzmx57inznf6fb06417zcm48g7fpazyahxny7bqgzwq0ig")))) + "050q1rv04w31168ljr975vxva31n9lqdx84rnmsk6zcr6p640ffp")))) (build-system r-build-system) (arguments `(#:phases @@ -7138,13 +7142,13 @@ as well as query and modify the browser state, such as the current viewport.") (define-public r-genomicfeatures (package (name "r-genomicfeatures") - (version "1.28.0") + (version "1.28.4") (source (origin (method url-fetch) (uri (bioconductor-uri "GenomicFeatures" version)) (sha256 (base32 - "1pjxlr34ygv8pvfwpyq268wpgqzphiwpij85fyhjqdwdp0a253ik")))) + "01ylvg275iy0cvsbxkbfxcf9pi9al597v5wnlqi2xdpmrcxyc3q0")))) (properties `((upstream-name . "GenomicFeatures"))) (build-system r-build-system) @@ -7817,7 +7821,7 @@ throughput genetic sequencing data sets using regression methods.") (define-public r-qtl (package (name "r-qtl") - (version "1.40-8") + (version "1.41-6") (source (origin (method url-fetch) @@ -7825,7 +7829,7 @@ throughput genetic sequencing data sets using regression methods.") version ".tar.gz")) (sha256 (base32 - "05bj1x2ry0i7yqiydlswb3d2h4pxg70z8w1072az1mrv1m54k8sp")))) + "067az4v432zxp6lxck8d7vlh9w4r13r0mvw5zsglyaqwsh3d9sad")))) (build-system r-build-system) (home-page "http://rqtl.org/") (synopsis "R package for analyzing QTL experiments in genetics") @@ -8067,14 +8071,14 @@ in SNV base substitution data.") (define-public r-wgcna (package (name "r-wgcna") - (version "1.51") + (version "1.60") (source (origin (method url-fetch) (uri (cran-uri "WGCNA" version)) (sha256 (base32 - "0hzvnhw76vwg8bl8x368f0c5szpwb8323bmrb3bir93i5bmfjsxx")))) + "16mxhwzhh5q48wmz1iba2r21cp0n0v8g11am4pi52iv6g0663ixl")))) (properties `((upstream-name . "WGCNA"))) (build-system r-build-system) (propagated-inputs @@ -8584,14 +8588,14 @@ GenomicRanges Bioconductor package.") (define-public r-copywriter (package (name "r-copywriter") - (version "2.8.0") + (version "2.8.1") (source (origin (method url-fetch) (uri (bioconductor-uri "CopywriteR" version)) (sha256 (base32 - "183nmrqmdf9syqljslvwv7mhs9ar5xizzq98imgsc80q0m25ncjf")))) + "0xgqnq5v5213b3nzvlmjysjb7w1bc0iblqpmzbjqn7n0ib0qyhbm")))) (properties `((upstream-name . "CopywriteR"))) (build-system r-build-system) (propagated-inputs @@ -8624,18 +8628,21 @@ number detection tools.") (define-public r-sva (package (name "r-sva") - (version "3.24.0") + (version "3.24.4") (source (origin (method url-fetch) (uri (bioconductor-uri "sva" version)) (sha256 (base32 - "04pxl61iyc845wmqca1qv8kbb8zcp0qp72zgvgki3zzmrph9a362")))) + "0wcway4ai9im81xnrzb1vij2iidq5pw24qhjfgacmhxvx3dzhbsc")))) (build-system r-build-system) (propagated-inputs `(("r-genefilter" ,r-genefilter) - ("r-mgcv" ,r-mgcv))) + ("r-mgcv" ,r-mgcv) + ("r-biocparallel" ,r-biocparallel) + ("r-matrixstats" ,r-matrixstats) + ("r-limma" ,r-limma))) (home-page "http://bioconductor.org/packages/sva") (synopsis "Surrogate variable analysis") (description @@ -8651,14 +8658,14 @@ unmodeled, or latent sources of noise.") (define-public r-seqminer (package (name "r-seqminer") - (version "5.9") + (version "6.0") (source (origin (method url-fetch) (uri (cran-uri "seqminer" version)) (sha256 (base32 - "0sfkxrc9gy5a8fadzyzfzh7l5grasm8cj6cd2nnpv85ws6mqr6qd")))) + "057j1l6dip35l1aivilapl2zv9db677b3di2pb3sfgq2sxg0ps3l")))) (build-system r-build-system) (inputs `(("zlib" ,zlib))) diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 1f6b0fc730..864b1a2698 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -183,6 +183,39 @@ menu to select one of the installed operating systems.") "/bin/mcopy\""))) #t)))))))))) +;; Because grub searches hardcoded paths it's easiest to just build grub +;; again to make it find both grub-pc and grub-efi. There is a command +;; line argument which allows you to specify ONE platform - but +;; grub-mkrescue will use multiple platforms if they are available +;; in the installation directory (without command line argument). +(define-public grub-hybrid + (package + (inherit grub-efi) + (name "grub-hybrid") + (synopsis "GRand Unified Boot loader (hybrid version)") + (inputs + `(("grub" ,grub) + ,@(package-inputs grub-efi))) + (arguments + (substitute-keyword-arguments (package-arguments grub-efi) + ((#:modules modules `((guix build utils) (guix build gnu-build-system))) + `((ice-9 ftw) ,@modules)) + ((#:phases phases) + `(modify-phases ,phases + (add-after 'install 'install-non-efi + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((input-dir (string-append (assoc-ref inputs "grub") + "/lib/grub")) + (output-dir (string-append (assoc-ref outputs "out") + "/lib/grub"))) + (for-each + (lambda (basename) + (if (not (string-prefix? "." basename)) + (symlink (string-append input-dir "/" basename) + (string-append output-dir "/" basename)))) + (scandir input-dir)) + #t))))))))) + (define-public syslinux (let ((commit "bb41e935cc83c6242de24d2271e067d76af3585c")) (package diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 7237931b7d..f2989d9c15 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -736,19 +736,20 @@ time for compression ratio.") (define-public python-lz4 (package (name "python-lz4") - (version "0.8.2") + (version "0.10.1") (source (origin (method url-fetch) (uri (pypi-uri "lz4" version)) (sha256 (base32 - "1irad4sq4hdr30fr53smvv3zzk4rddcf9b4jx19w8s9xsxhr1x3b")))) + "0ghv1xbaq693kgww1x9c22bplz479ls9szjsaa4ig778ls834hm0")))) (build-system python-build-system) (native-inputs - `(("python-nose" ,python-nose))) + `(("python-nose" ,python-nose) + ("python-setuptools-scm" ,python-setuptools-scm))) (home-page "https://github.com/python-lz4/python-lz4") - (synopsis "LZ4 Bindings for Python") + (synopsis "LZ4 bindings for Python") (description "This package provides python bindings for the lz4 compression library by Yann Collet. The project contains bindings for the LZ4 block format and diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm index 9ebfbbed2d..feae801116 100644 --- a/gnu/packages/cran.scm +++ b/gnu/packages/cran.scm @@ -42,3 +42,109 @@ including RGB, HSV, HLS, CIEXYZ, CIELUV, HCL (polar CIELUV), CIELAB and polar CIELAB. Qualitative, sequential, and diverging color palettes based on HCL colors are provided.") (license license:bsd-3))) + +(define-public r-glue + (package + (name "r-glue") + (version "1.1.1") + (source + (origin + (method url-fetch) + (uri (cran-uri "glue" version)) + (sha256 + (base32 + "01awmqby7rwzhzr51m7d87wqibx7ggl6xair8fi3z3q1hkyyv7ih")))) + (build-system r-build-system) + (home-page "https://github.com/tidyverse/glue") + (synopsis "Interpreted string literals") + (description + "This package provides an implementation of interpreted string literals, +inspired by Python's Literal String Interpolation (PEP-0498) and +Docstrings (PEP-0257) and Julia's Triple-Quoted String Literals.") + (license license:expat))) + +(define-public r-plogr + (package + (name "r-plogr") + (version "0.1-1") + (source + (origin + (method url-fetch) + (uri (cran-uri "plogr" version)) + (sha256 + (base32 + "13zliqlbkl8b04k9ga0sx5jsh7k867gracgl84l2a9kcqy9mqx92")))) + (build-system r-build-system) + (home-page "https://github.com/krlmlr/plogr") + (synopsis "R bindings for the plog C++ logging library") + (description + "This package provides the header files for a stripped-down version of +the plog header-only C++ logging library, and a method to log to R's standard +error stream.") + (license license:expat))) + +(define-public r-rcpp + (package + (name "r-rcpp") + (version "0.12.12") + (source + (origin + (method url-fetch) + (uri (cran-uri "Rcpp" version)) + (sha256 + (base32 "1byyqvlgb2p46p1gv243k73rk69fa8pa4l5m5asmckag2pkb2glz")))) + (build-system r-build-system) + (home-page "http://www.rcpp.org") + (synopsis "Seamless R and C++ integration") + (description + "The Rcpp package provides R functions as well as C++ classes which offer +a seamless integration of R and C++. Many R data types and objects can be +mapped back and forth to C++ equivalents which facilitates both writing of new +code as well as easier integration of third-party libraries. Documentation +about Rcpp is provided by several vignettes included in this package, via the +'Rcpp Gallery' site at , the paper by Eddelbuettel +and Francois (2011, JSS), and the book by Eddelbuettel (2013, Springer); see +'citation(\"Rcpp\")' for details on these last two.") + (license license:gpl2+))) + +(define-public r-bindr + (package + (name "r-bindr") + (version "0.1") + (source + (origin + (method url-fetch) + (uri (cran-uri "bindr" version)) + (sha256 + (base32 + "0d95ifm0x4mrfzi20xf39f5pzd7rfzqsld0vjqf6xzga5rhnd8fc")))) + (build-system r-build-system) + (home-page "https://github.com/krlmlr/bindr") + (synopsis "Parametrized active bindings") + (description + "This package provides a simple interface for creating active bindings +where the bound function accepts additional arguments.") + (license license:expat))) + +(define-public r-bindrcpp + (package + (name "r-bindrcpp") + (version "0.2") + (source + (origin + (method url-fetch) + (uri (cran-uri "bindrcpp" version)) + (sha256 + (base32 + "0l1l22zl87wiyl79m3gj2vlxmkhxvrkl4alhyy08h55q7hqs3vyh")))) + (build-system r-build-system) + (propagated-inputs + `(("r-bindr" ,r-bindr) + ("r-plogr" ,r-plogr) + ("r-rcpp" ,r-rcpp))) + (home-page "https://github.com/krlmlr/bindrcpp") + (synopsis "Rcpp interface to active bindings") + (description + "This package provides an easy way to fill an environment with active +bindings that call a C++ function.") + (license license:expat))) diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm index bbb127a7d9..32f4f3b2d1 100644 --- a/gnu/packages/ebook.scm +++ b/gnu/packages/ebook.scm @@ -41,6 +41,7 @@ #:use-module (gnu packages pkg-config) #:use-module (gnu packages python) #:use-module (gnu packages qt) + #:use-module (gnu packages serialization) #:use-module (gnu packages tls) #:use-module (gnu packages web) #:use-module (gnu packages xorg)) @@ -126,6 +127,8 @@ ("python2-lxml" ,python2-lxml) ("python2-markdown" ,python2-markdown) ("python2-mechanize" ,python2-mechanize) + ;; python2-msgpack is needed for the network content server to work. + ("python2-msgpack" ,python2-msgpack) ("python2-netifaces" ,python2-netifaces) ("python2-pillow" ,python2-pillow) ("python2-pygments" ,python2-pygments) diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm index 917c511f32..4aa713346f 100644 --- a/gnu/packages/emacs.scm +++ b/gnu/packages/emacs.scm @@ -4631,7 +4631,7 @@ It should enable you to implement low-level X11 applications.") (define-public emacs-exwm (package (name "emacs-exwm") - (version "0.14") + (version "0.15") (synopsis "Emacs X window manager") (source (origin (method url-fetch) @@ -4639,7 +4639,7 @@ It should enable you to implement low-level X11 applications.") version ".tar")) (sha256 (base32 - "14hjjpbasm84p54fxy73fg7g1fdwqkvisdw8dwwgzkflmd647mkx")))) + "1y7nqry9y0a99bsdqkk9f554vczfw4sz6raadw3138835qy697jg")))) (build-system emacs-build-system) (propagated-inputs `(("emacs-xelb" ,emacs-xelb))) @@ -4673,12 +4673,9 @@ It should enable you to implement low-level X11 applications.") TryExec=~@*~a~@ Type=Application~%" ,name ,synopsis exwm-executable))) ;; Add a shell wrapper to bin - ;; Set DISPLAY variable to work around - ;; https://github.com/ch11ng/exwm/issues/213 (with-output-to-file exwm-executable (lambda _ (format #t "#!~a ~@ - export DISPLAY=:0 ~@ ~a +SI:localuser:$USER ~@ exec ~a --exit-with-session ~a \"$@\" --eval '~s' ~%" (string-append (assoc-ref inputs "bash") "/bin/sh") @@ -4770,12 +4767,9 @@ other operations.") TryExec=~@*~a~@ Type=Application~%" ,name ,synopsis exwm-executable))) ;; Add a shell wrapper to bin - ;; Set DISPLAY variable to work around - ;; https://github.com/ch11ng/exwm/issues/213 (with-output-to-file exwm-executable (lambda _ (format #t "#!~a ~@ - export DISPLAY=:0 ~@ ~a +SI:localuser:$USER ~@ exec ~a --exit-with-session ~a \"$@\" --eval '~s' ~%" (string-append (assoc-ref inputs "bash") "/bin/sh") diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm index 49e7214991..eb108491a4 100644 --- a/gnu/packages/ftp.scm +++ b/gnu/packages/ftp.scm @@ -46,7 +46,7 @@ (define-public lftp (package (name "lftp") - (version "4.7.5") + (version "4.7.8") (source (origin (method url-fetch) ;; See https://lftp.tech/get.html for mirrors. @@ -58,7 +58,7 @@ "ftp/lftp/lftp-" version ".tar.xz"))) (sha256 (base32 - "1n6h3y5jz1rxlx7ap46vykgm0q2rvzr7c5s5ry5l32z3lbmwbdak")))) + "19ijsmbb5589vg5ga355ys3075z6s2x2h0bdbga343hfqmnid2pi")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index 6b1bc762ba..eee91c32bf 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -340,6 +340,7 @@ where the OS part is overloaded to denote a specific ABI---into GCC for several languages, including C, C++, Objective-C, Fortran, Java, Ada, and Go. It also includes runtime support libraries for these languages.") (license gpl3+) + (supported-systems (delete "aarch64-linux" %supported-systems)) (home-page "https://gcc.gnu.org/")))) (define-public gcc-4.8 @@ -352,7 +353,8 @@ Go. It also includes runtime support libraries for these languages.") (sha256 (base32 "08yggr18v373a1ihj0rg2vd6psnic42b518xcgp3r9k81xz1xyr2")) - (patches (search-patches "gcc-arm-link-spec-fix.patch")))))) + (patches (search-patches "gcc-arm-link-spec-fix.patch")))) + (supported-systems %supported-systems))) (define-public gcc-4.9 (package (inherit gcc-4.7) @@ -366,7 +368,8 @@ Go. It also includes runtime support libraries for these languages.") "14l06m7nvcvb0igkbip58x59w3nq6315k6jcz3wr9ch1rn9d44bc")) (patches (search-patches "gcc-arm-bug-71399.patch" "gcc-libvtv-runpath.patch")))) - (native-inputs `(("texinfo" ,texinfo))))) + (native-inputs `(("texinfo" ,texinfo))) + (supported-systems %supported-systems))) (define-public gcc-5 ;; Note: GCC >= 5 ships with .info files but 'make install' fails to install diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index c2e5bbc47c..ca4f1d34f2 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -330,14 +330,14 @@ libskba (working with X.509 certificates and CMS data).") (define-public gnupg-1 (package (inherit gnupg) - (version "1.4.21") + (version "1.4.22") (source (origin (method url-fetch) (uri (string-append "mirror://gnupg/gnupg/gnupg-" version ".tar.bz2")) (sha256 (base32 - "0xi2mshq8f6zbarb5f61c9w2qzwrdbjm4q8fqsrwlzc51h8a6ivb")))) + "1d1hz4szh1kvwhsw7w2zxa6q5ndrk3qy6hj289l1b8k3xi5s554m")))) (native-inputs '()) (inputs `(("zlib" ,zlib) diff --git a/gnu/packages/graphics.scm b/gnu/packages/graphics.scm index 6c813e8a37..d0e50106fa 100644 --- a/gnu/packages/graphics.scm +++ b/gnu/packages/graphics.scm @@ -339,7 +339,11 @@ visual effects work for film.") #:configure-flags (list (string-append "-DCMAKE_INSTALL_RPATH=" (assoc-ref %outputs "out") "/lib:" - (assoc-ref %outputs "out") "/lib64")))) + (assoc-ref %outputs "out") "/lib64") + ;; We need to set this flag or otherwise 'rd' will be added + ;; to the name of the library binaries and break linking + ;; with other programs. + "-DCMAKE_BUILD_TYPE=Release"))) (native-inputs `(("unzip" ,unzip))) (inputs diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 5bc9a77174..b9e16a11c3 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -14,7 +14,7 @@ ;;; Copyright © 2016 Eric Bavier ;;; Copyright © 2016 Arun Isaac ;;; Copyright © 2016, 2017 Kei Kebreau -;;; Copyright © 2017 ng0 +;;; Copyright © 2017 ng0 ;;; Copyright © 2017 Hartmut Goebel ;;; ;;; This file is part of GNU Guix. @@ -92,13 +92,32 @@ library. It supports almost all PNG features and is extensible.") (license license:zlib) (home-page "http://www.libpng.org/pub/png/libpng.html"))) +;; libpng-apng should be updated when the APNG patch is released: +;; (define-public libpng-apng (package - (inherit libpng) (name "libpng-apng") - (version (package-version libpng)) + (version "1.6.28") + (source + (origin + (method url-fetch) + (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" + version "/libpng-" version ".tar.xz") + (string-append + "ftp://ftp.simplesystems.org/pub/libpng/png/src" + "/libpng16/libpng-" version ".tar.xz") + (string-append + "ftp://ftp.simplesystems.org/pub/libpng/png/src/history" + "/libpng16/libpng-" version ".tar.xz"))) + (sha256 + (base32 + "0ylgyx93hnk38haqrh8prd3ax5ngzwvjqw5cxw7p9nxmwsfyrlyq")))) + (build-system gnu-build-system) (arguments - `(#:phases + `(#:modules ((guix build gnu-build-system) + (guix build utils) + (srfi srfi-1)) + #:phases (modify-phases %standard-phases (add-after 'unpack 'patch-apng (lambda* (#:key inputs #:allow-other-keys) @@ -108,11 +127,10 @@ library. It supports almost all PNG features and is extensible.") (let ((apng.gz (assoc-ref inputs "apng"))) (format #t "Applying APNG patch '~a'...~%" apng.gz) - (system (string-append "gunzip < " apng.gz " > the-patch")) - (and (apply-patch "the-patch") - (for-each apply-patch - (find-files "\\.patch")))) - #t)) + (and + (zero? + (system (string-append "gunzip < " apng.gz " > the-patch"))) + (apply-patch "the-patch"))))) (add-before 'configure 'no-checks (lambda _ (substitute* "Makefile.in" @@ -127,15 +145,19 @@ library. It supports almost all PNG features and is extensible.") version "/libpng-" version "-apng.patch.gz")) (sha256 (base32 - "026r0gbkf6d6v54wca02cdxln8sj4m2c1yk62sj2aasv2ki2ffh5")))))) + "0m5nv70n9903x3xzxw9qqc6sgf2rp106ha0x6gix0xf8wcrljaab")))))) (native-inputs `(("libtool" ,libtool))) + ;; libpng.la says "-lz", so propagate it. + (propagated-inputs + `(("zlib" ,zlib))) (synopsis "APNG patch for libpng") (description "APNG (Animated Portable Network Graphics) is an unofficial extension of the APNG (Portable Network Graphics) format. APNG patch provides APNG support to libpng.") - (home-page "https://sourceforge.net/projects/libpng-apng/"))) + (home-page "https://sourceforge.net/projects/libpng-apng/") + (license license:zlib))) (define-public libpng-1.2 (package diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm index 43bc0bbf6d..12f12bf8f1 100644 --- a/gnu/packages/javascript.scm +++ b/gnu/packages/javascript.scm @@ -26,7 +26,9 @@ #:use-module (gnu packages lisp) #:use-module (guix packages) #:use-module (guix download) - #:use-module (guix build-system trivial)) + #:use-module (guix git-download) + #:use-module (guix build-system trivial) + #:use-module (guix build-system minify)) (define-public js-mathjax (package @@ -134,3 +136,190 @@ be able to view it naturally and easily."))) script to enable responsive web designs in browsers that don't support CSS3 Media Queries.") (license license:expat))) + +(define-public js-html5shiv + (package + (name "js-html5shiv") + (version "3.7.3") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/aFarkas/html5shiv/" + "archive/" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0inlbpxpqzdyi24lqagzf7l24zxg0y02xcpqs2h4npjscazzw7hg")))) + (build-system minify-build-system) + (home-page "https://github.com/aFarkas/html5shiv") + (synopsis "Enable HTML5 sectioning elements in legacy browsers") + (description "The HTML5 Shiv enables use of HTML5 sectioning elements in +legacy Internet Explorer and provides basic HTML5 styling for Internet +Explorer 6-9, Safari 4.x (and iPhone 3.x), and Firefox 3.x.") + ;; From the file "MIT and GPL2 licenses.md": + ;; + ;; This software is licensed under a dual license system (MIT or GPL + ;; version 2). This means you are free to choose with which of both + ;; licenses (MIT or GPL version 2) you want to use this library. + (license (list license:expat license:gpl2)))) + +(define-public js-json2 + (let ((commit "031b1d9e6971bd4c433ca85e216cc853f5a867bd") + (revision "1")) + (package + (name "js-json2") + (version (string-append "2016-10-28." revision "-" (string-take commit 7))) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/douglascrockford/JSON-js.git") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "1fvb6b2y5sd3sqdgcj683sdxcbxdii34q0ysc9wg0dq1sy81l11v")))) + (build-system minify-build-system) + (arguments + `(#:javascript-files '("json2.js" + "json_parse.js" + "json_parse_state.js" + "cycle.js"))) + (home-page "https://github.com/douglascrockford/JSON-js") + (synopsis "JSON encoders and decoders") + (description "The files in this collection implement JSON +encoders/decoders in JavaScript. + +@code{json2.js}: This file creates a JSON property in the global object, if +there isn't already one, setting its value to an object containing a stringify +method and a parse method. The @code{parse} method uses the @code{eval} +method to do the parsing, guarding it with several regular expressions to +defend against accidental code execution hazards. On current browsers, this +file does nothing, preferring the built-in JSON object. + +@code{json_parse.js}: This file contains an alternative JSON @code{parse} +function that uses recursive descent instead of @code{eval}. + +@code{json_parse_state.js}: This files contains an alternative JSON +@code{parse} function that uses a state machine instead of @code{eval}. + +@code{cycle.js}: This file contains two functions, @code{JSON.decycle} and +@code{JSON.retrocycle}, which make it possible to encode cyclical structures +and DAGs in JSON, and to then recover them. This is a capability that is not +provided by ES5. @code{JSONPath} is used to represent the links.") + (license license:public-domain)))) + +(define-public js-strftime + (package + (name "js-strftime") + (version "0.10.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/samsonjs/strftime/" + "archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1iya43w7y26y2dp9l4d40bhjc4scb5a9mng5ng5c8hsqr82f1375")))) + (build-system minify-build-system) + (arguments + `(#:javascript-files '("strftime.js"))) + (home-page "https://github.com/samsonjs/strftime") + (synopsis "Implementation of strftime to JavaScript") + (description "This is an implementation of the @code{strftime} procedure +for JavaScript. It works in (at least) node.js and browsers. It supports +localization and timezones. Most standard specifiers from C are supported as +well as some other extensions from Ruby.") + (license license:expat))) + +(define-public js-highlight + (package + (name "js-highlight") + (version "9.12.0") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/isagalaev/highlight.js/" + "archive/" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "1jjn9mj7fwq4zpr6is438bscf03b3q8jkj0k5c3fc6pkmjnhw939")))) + (build-system minify-build-system) + (arguments + `(#:javascript-files '("src/highlight.js"))) + (home-page "https://github.com/isagalaev/highlight.js") + (synopsis "Syntax highlighting for JavaScript") + (description "Highlight.js is a syntax highlighter written in JavaScript. +It works in the browser as well as on the server. It works with pretty much +any markup, doesn’t depend on any framework and has automatic language +detection.") + (license license:bsd-3))) + +(define-public js-datatables + (package + (name "js-datatables") + (version "1.10.15") + (source (origin + (method url-fetch) + (uri (string-append "https://datatables.net/releases/DataTables-" + version ".zip")) + (sha256 + (base32 + "1y9xqyqyz7x1ls3ska71pshl2hpiy3qnw1f7wygyslbhy4ssgf57")))) + (build-system minify-build-system) + (arguments + `(#:javascript-files '("media/js/dataTables.bootstrap.js" + "media/js/jquery.dataTables.js"))) + (native-inputs + `(("unzip" ,unzip))) + (home-page "https://datatables.net") + (synopsis "DataTables plug-in for jQuery") + (description "DataTables is a table enhancing plug-in for the jQuery +Javascript library, adding sorting, paging and filtering abilities to plain +HTML tables with minimal effort.") + (license license:expat))) + +(define-public js-selectize + (package + (name "js-selectize") + (version "0.12.4") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/selectize/selectize.js/" + "archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0756p49aaz34mw2dx8k1gxf210mngfrri25vkba0j7wihd2af8gn")))) + (build-system minify-build-system) + (arguments `(#:javascript-files '("src/selectize.js"))) + (home-page "http://selectize.github.io/selectize.js/") + (synopsis "Hybrid widget between a textbox and } +box. It's jQuery based and it has autocomplete and native-feeling keyboard +navigation; it is useful for tagging, contact lists, etc.") + (license license:asl2.0))) + +(define-public js-es5-shim + (package + (name "js-es5-shim") + (version "4.5.9") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/es-shims/es5-shim/" + "archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0yfndyijz0ykddzprpvfjb2453gzpn528klmwycwbqc1bqd3m1hl")))) + (build-system minify-build-system) + (arguments `(#:javascript-files + '("es5-sham.js" + "es5-shim.js"))) + (home-page "https://github.com/es-shims/es5-shim") + (synopsis "ECMAScript 5 compatibility shims for legacy JavaScript engines") + (description "@code{es5-shim.js} patches a JavaScript context to contain +all ECMAScript 5 methods that can be faithfully emulated with a legacy +JavaScript engine. @code{es5-sham.js} patches other ES5 methods as closely as +possible. Many of these shams are intended only to allow code to be written +to ES5 without causing run-time errors in older engines. In many cases, this +means that these shams cause many ES5 methods to silently fail.") + (license license:expat))) diff --git a/gnu/packages/lego.scm b/gnu/packages/lego.scm index d47be5dfb4..d5e5de1c1f 100644 --- a/gnu/packages/lego.scm +++ b/gnu/packages/lego.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2016 Eric Bavier +;;; Copyright © 2016, 2017 Eric Bavier ;;; ;;; This file is part of GNU Guix. ;;; @@ -23,7 +23,10 @@ #:use-module (guix build-system gnu) #:use-module (gnu packages) #:use-module (gnu packages bison) - #:use-module (gnu packages flex)) + #:use-module (gnu packages compression) + #:use-module (gnu packages flex) + #:use-module (gnu packages gl) + #:use-module (gnu packages qt)) (define-public nqc (package @@ -65,3 +68,57 @@ MINDSTORMS products. The preprocessor and control structures of NQC are very similar to C. NQC is not a general purpose language -- there are many restrictions that stem from limitations of the standard RCX firmware.") (license license:mpl1.0))) + +(define-public leocad + (package + (name "leocad") + (version "17.07") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/leozide/leocad/" + "archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "02gm4950zlmsw4sxmdwypgkybn51b02qnmmk6rzjdr8si4k6gikq")))) + (build-system gnu-build-system) + (native-inputs + `(("qttools" ,qttools))) ;for lrelease + (inputs + `(("mesa" ,mesa) + ("qtbase" ,qtbase) + ("zlib" ,zlib))) + (arguments + '(#:tests? #f + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key outputs inputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (zero? (system* "qmake" + (string-append "INSTALL_PREFIX=" out) + ;; Otherwise looks for lrelease-qt4 + "QMAKE_LRELEASE=lrelease" + ;; Don't pester users about updates + "DISABLE_UPDATE_CHECK=1"))))) + (add-after 'configure 'reset-resource-timestamps + (lambda _ + ;; The contents of build/release/.qrc/qrc_leocad.cpp generated by + ;; qt's rcc tool depends on the timestamps in resources/*, in + ;; particular the leocad_*.qm files that are created by qmake + ;; above. So reset those timestamps for a reproducible build. + (with-directory-excursion "resources" + (for-each (lambda (file) + (let* ((base (basename file ".qm")) + (src (string-append base ".ts")) + (st (stat src))) + (set-file-time file st))) + (find-files "." "leocad_.*\\.qm")))))))) + (home-page "http://www.leocad.org") + (synopsis "Create virtual Lego models") + (description + "LeoCAD is a program for creating virtual LEGO models. It has an +intuitive interface, designed to allow new users to start creating new models +without having to spend too much time learning the application. LeoCAD is +fully compatible with the LDraw Standard and related tools.") + (license license:gpl2+))) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 0ee0a5acd0..01b11c4ffb 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -824,36 +824,36 @@ ext3 or ext4 partition.") (define-public zerofree (package (name "zerofree") - (version "1.0.3") - (home-page "http://intgat.tigress.co.uk/rmy/uml/") + (version "1.1.0") + (home-page "https://frippery.org/uml/") (source (origin (method url-fetch) (uri (string-append home-page name "-" version ".tgz")) (sha256 (base32 - "1xncw3dn2cp922ly42m96p6fh7jv8ysg6bwqbk5xvw701f3dmkrs")))) + "059g29x5r1xj6wcj4xj85l8w6qrxyl86yqbybjqqz6nxz4falxzf")))) (build-system gnu-build-system) (arguments - '(#:phases (alist-replace - 'install - (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (bin (string-append out "/bin"))) - (mkdir-p bin) - (copy-file "zerofree" - (string-append bin "/zerofree")) - (chmod (string-append bin "/zerofree") - #o555) - #t)) - (alist-delete 'configure %standard-phases)) - #:tests? #f)) ;no tests + '(#:phases + (modify-phases %standard-phases + (delete 'configure) ; no configure script + (replace 'install + ;; The Makefile lacks an ‘install’ target. + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (chmod "zerofree" #o555) + (install-file "zerofree" bin) + #t)))) + #:tests? #f)) ; no tests (inputs `(("libext2fs" ,e2fsprogs))) (synopsis "Zero non-allocated regions in ext2/ext3/ext4 file systems") (description - "The zerofree command scans the free blocks in an ext2 file system and -fills any non-zero blocks with zeroes. This is a useful way to make disk -images more compressible.") + "Zerofree finds the unallocated blocks with non-zero value content in an +ext2, ext3, or ext4 file system and fills them with zeroes (or another value). +This is a simple way to make disk images more compressible. +Zerofree requires the file system to be unmounted or mounted read-only.") (license license:gpl2))) (define-public strace @@ -1747,7 +1747,7 @@ UnionFS-FUSE additionally supports copy-on-write.") (define-public sshfs-fuse (package (name "sshfs-fuse") - (version "2.9") + (version "2.10") (source (origin (method url-fetch) (uri (string-append "https://github.com/libfuse/sshfs/releases/" @@ -1755,7 +1755,7 @@ UnionFS-FUSE additionally supports copy-on-write.") ".tar.gz")) (sha256 (base32 - "1pp5wsl1jx11apkv2fpp559miifqhi8ka400npy5awp9ghlf3la6")))) + "00fir2iykdx11g8nv5gijg0zjrp2g3ldypnv0yi6lq3h5pg5v13h")))) (build-system gnu-build-system) (inputs `(("fuse" ,fuse) diff --git a/gnu/packages/machine-learning.scm b/gnu/packages/machine-learning.scm index d39e77d978..c5132faf58 100644 --- a/gnu/packages/machine-learning.scm +++ b/gnu/packages/machine-learning.scm @@ -32,6 +32,7 @@ #:use-module (gnu packages autotools) #:use-module (gnu packages boost) #:use-module (gnu packages compression) + #:use-module (gnu packages cran) #:use-module (gnu packages dejagnu) #:use-module (gnu packages gcc) #:use-module (gnu packages image) diff --git a/gnu/packages/markup.scm b/gnu/packages/markup.scm index 4afe8c3c0e..121e6cdbf4 100644 --- a/gnu/packages/markup.scm +++ b/gnu/packages/markup.scm @@ -105,7 +105,7 @@ convert it to structurally valid XHTML (or HTML).") (define-public cmark (package (name "cmark") - (version "0.27.1") + (version "0.28.0") (source (origin (method url-fetch) (uri (string-append "https://github.com/jgm/cmark/archive/" @@ -113,7 +113,7 @@ convert it to structurally valid XHTML (or HTML).") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "1da62ispca9aal2a36gaj87175rv5013pl7x740vk32y6lclr6v6")))) + "03pypf2mcacfa7lrwz66lh5hydsycc33arp1nx1lljbq98gikkv8")))) (build-system cmake-build-system) (arguments '(#:test-target "test")) diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm index 3d461c7602..45884c20ff 100644 --- a/gnu/packages/maths.scm +++ b/gnu/packages/maths.scm @@ -561,18 +561,17 @@ computations.") (define-public hdf4 (package (name "hdf4") - (version "4.2.12") + (version "4.2.13") (source (origin (method url-fetch) (uri (string-append "https://support.hdfgroup.org/ftp/HDF/releases/HDF" version "/src/hdf-" version ".tar.bz2")) (sha256 - (base32 "020jh563sjyxsgml8l809d2i1d4ms9shivwj3gbm7n0ilxbll8id")) + (base32 "1wz0586zh91pqb95wvr0pbh71a8rz358fdj6n2ksp85x2cis9lsm")) (patches (search-patches "hdf4-architectures.patch" "hdf4-reproducibility.patch" "hdf4-shared-fortran.patch")))) - (build-system gnu-build-system) (native-inputs `(("gfortran" ,gfortran) @@ -1627,12 +1626,12 @@ programming problems.") (define-public r-pracma (package (name "r-pracma") - (version "2.0.4") + (version "2.0.7") (source (origin (method url-fetch) (uri (cran-uri "pracma" version)) (sha256 - (base32 "1z3i90mkzwvp9di17caf4934z2xlb2imm3hwxllcrbwvmnmhrwyc")))) + (base32 "0hxa0rbbp54j0c05qj7vfwhqfdmiz5ax8vhqxd09g33x7c0hqbc5")))) (build-system r-build-system) (propagated-inputs `(("r-quadprog" ,r-quadprog))) @@ -3068,6 +3067,8 @@ instruction sets. Thus, an application written with Vc can be compiled for: @item NVIDIA GPUs / CUDA (in development) @end enumerate\n") (home-page "https://github.com/VcDevel/Vc") + ;; "No support_???.cpp file exists for this architecture." + (supported-systems '("x86_64-linux" "i686-linux")) (license license:bsd-3))) (define-public reducelcs @@ -3196,3 +3197,46 @@ as equations, scalars, vectors, and matrices.") theories} (SMT) solver. It provides a C/C++ API.") (home-page "https://github.com/Z3Prover/z3") (license license:expat))) + +(define-public cubicle + (package + (name "cubicle") + (version "1.1.1") + (source (origin + (method url-fetch) + (uri (string-append "http://cubicle.lri.fr/cubicle-" + version ".tar.gz")) + (sha256 + (base32 + "1sny9c4fm14k014pk62ibpwbrjjirkx8xmhs9jg7q1hk7y7x3q2h")))) + (build-system gnu-build-system) + (native-inputs + `(("ocaml" ,ocaml) + ("which" ,which))) + (propagated-inputs + `(("z3" ,z3))) + (arguments + `(#:configure-flags (list "--with-z3") + #:tests? #f + #:phases + (modify-phases %standard-phases + (add-before 'configure 'configure-for-release + (lambda _ + (substitute* "Makefile.in" + (("SVNREV=") "#SVNREV=")))) + (add-before 'configure 'fix-/bin/sh + (lambda _ + (substitute* "configure" + (("/bin/sh") (which "sh"))))) + (add-before 'configure 'fix-smt-z3wrapper.ml + (lambda _ + (substitute* "Makefile.in" + (("\\\\n") ""))))))) + (home-page "http://cubicle.lri.fr/") + (synopsis "Model checker for array-based systems") + (description "Cubicle is an open source model checker for verifying safety +properties of array-based systems. This is a syntactically restricted class of +parametrized transition systems with states represented as arrays indexed by an +arbitrary number of processes. Cache coherence protocols and mutual exclusion +algorithms are typical examples of such systems.") + (license license:asl2.0))) diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm index 789e596f84..37885c9e34 100644 --- a/gnu/packages/mp3.scm +++ b/gnu/packages/mp3.scm @@ -462,7 +462,7 @@ compression format (.mpc files).") (define-public eyed3 (package (name "eyed3") - (version "0.7.10") + (version "0.8") (source (origin (method url-fetch) (uri (string-append @@ -470,14 +470,13 @@ compression format (.mpc files).") version ".tar.gz")) (sha256 (base32 - "0wjicszs64ksj2y5jbk09yjd08znc1qnarlq8ssmx13f2d4x59wq")))) + "1dcswb0f6w3b05s1v43pq8fmavkd5g88ysndn9160wlaa1v9n40h")))) (build-system python-build-system) (arguments - `(#:python ,python-2)) - (native-inputs - `(("python2-nose" ,python2-nose) - ("python2-sphinx" ,python2-sphinx) - ("python2-coverage" ,python2-coverage))) + `(#:tests? #f)) ; the required test data contains copyrighted material. + (propagated-inputs + `(("python-six" ,python-six) + ("python-grako" ,python-grako))) (synopsis "MP3 tag ID3 metadata editor") (description "eyeD3 is a Python tool for working with audio files, specifically mp3 files containing ID3 metadata (i.e. song info). It provides a diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm index 506d1f94e7..3c1a4d9567 100644 --- a/gnu/packages/package-management.scm +++ b/gnu/packages/package-management.scm @@ -523,7 +523,7 @@ transactions from C or Python.") ;; Below are modules used for tests. ("python-pytest" ,python-pytest) ("python-chardet" ,python-chardet))) - (home-page "http://diffoscope.org/") + (home-page "https://diffoscope.org/") (synopsis "Compare files, archives, and directories in depth") (description "Diffoscope tries to get to the bottom of what makes files or directories @@ -661,7 +661,12 @@ This package provides Conda as a library.") (license bsd-3))) (define-public python2-conda - (package-with-python2 python-conda)) + (let ((base (package-with-python2 + (strip-python2-variant python-conda)))) + (package (inherit base) + (native-inputs + `(("python2-enum34" ,python2-enum34) + ,@(package-native-inputs base)))))) (define-public conda (package (inherit python-conda) diff --git a/gnu/packages/patches/fabric-tests.patch b/gnu/packages/patches/fabric-tests.patch deleted file mode 100644 index 4a0ca9f8f1..0000000000 --- a/gnu/packages/patches/fabric-tests.patch +++ /dev/null @@ -1,15 +0,0 @@ -The `fab` excecutable doesn't exist during the test phase as it is created -dynamically during installation. Refer to the equivalent Python module -directly. - ---- a/tests/test_utils.py -+++ b/tests/test_utils.py -@@ -93,7 +93,7 @@ - # perform when they are allowed to bubble all the way to the top. So, we - # invoke a subprocess and look at its stderr instead. - with quiet(): -- result = local("fab -f tests/support/aborts.py kaboom", capture=True) -+ result = local("python -m fabric -f tests/support/aborts.py kaboom", capture=True) - # When error in #1318 is present, this has an extra "It burns!" at end of - # stderr string. - eq_(result.stderr, "Fatal error: It burns!\n\nAborting.") \ No newline at end of file diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch new file mode 100644 index 0000000000..66034c5703 --- /dev/null +++ b/gnu/packages/patches/gd-CVE-2017-7890.patch @@ -0,0 +1,30 @@ +From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001 +From: LEPILLER Julien +Date: Thu, 3 Aug 2017 17:04:17 +0200 +Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory. + +The stack allocated color map buffers were not zeroed before usage, and +so undefined palette indexes could cause information leakage. + +This is CVE-2017-7890. +--- + src/gd_gif_in.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c +index 008d1ec..c195448 100644 +--- a/src/gd_gif_in.c ++++ b/src/gd_gif_in.c +@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) + + gdImagePtr im = 0; + ++ memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE); ++ memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE); ++ + if(!ReadOK(fd, buf, 6)) { + return 0; + } +-- +2.13.3 + diff --git a/gnu/packages/patches/glibc-CVE-2015-5180.patch b/gnu/packages/patches/glibc-CVE-2015-5180.patch new file mode 100644 index 0000000000..92e3740fc1 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2015-5180.patch @@ -0,0 +1,311 @@ +From b3b37f1a5559a7620e31c8053ed1b44f798f2b6d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Sat, 31 Dec 2016 20:22:09 +0100 +Subject: [PATCH] CVE-2015-5180: resolv: Fix crash with internal QTYPE [BZ + #18784] + +Also rename T_UNSPEC because an upcoming public header file +update will use that name. + +(cherry picked from commit fc82b0a2dfe7dbd35671c10510a8da1043d746a5) +--- + ChangeLog | 14 ++++ + NEWS | 6 ++ + include/arpa/nameser_compat.h | 6 +- + resolv/Makefile | 5 ++ + resolv/nss_dns/dns-host.c | 2 +- + resolv/res_mkquery.c | 4 + + resolv/res_query.c | 6 +- + resolv/tst-resolv-qtypes.c | 185 ++++++++++++++++++++++++++++++++++++++++++ + 8 files changed, 221 insertions(+), 7 deletions(-) + create mode 100644 resolv/tst-resolv-qtypes.c + +diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h +index 2e735ed..7c0deed 100644 +--- a/include/arpa/nameser_compat.h ++++ b/include/arpa/nameser_compat.h +@@ -1,8 +1,8 @@ + #ifndef _ARPA_NAMESER_COMPAT_ + #include + +-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e., +- T_A and T_AAAA). */ +-#define T_UNSPEC 62321 ++/* The number is outside the 16-bit RR type range and is used ++ internally by the implementation. */ ++#define T_QUERY_A_AND_AAAA 439963904 + + #endif +diff --git a/resolv/Makefile b/resolv/Makefile +index 8be41d3..a4c86b9 100644 +--- a/resolv/Makefile ++++ b/resolv/Makefile +@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes) + extra-libs += libanl + routines += gai_sigqueue + tests += tst-res_hconf_reorder ++ ++# This test sends millions of packets and is rather slow. ++xtests += tst-resolv-qtypes + endif + extra-libs-others = $(extra-libs) + libresolv-routines := gethnamaddr res_comp res_debug \ +@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace + $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out + $(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \ + $(evaluate-test) ++ ++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index 5f9e357..d16fa4b 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, + + int olderr = errno; + enum nss_status status; +- int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC, ++ int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA, + host_buffer.buf->buf, 2048, &host_buffer.ptr, + &ans2p, &nans2p, &resplen2, &ans2p_malloced); + if (n >= 0) +diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c +index 12f9730..d80b531 100644 +--- a/resolv/res_mkquery.c ++++ b/resolv/res_mkquery.c +@@ -103,6 +103,10 @@ res_nmkquery(res_state statp, + int n; + u_char *dnptrs[20], **dpp, **lastdnptr; + ++ if (class < 0 || class > 65535 ++ || type < 0 || type > 65535) ++ return -1; ++ + #ifdef DEBUG + if (statp->options & RES_DEBUG) + printf(";; res_nmkquery(%s, %s, %s, %s)\n", +diff --git a/resolv/res_query.c b/resolv/res_query.c +index 944d1a9..07dc6f6 100644 +--- a/resolv/res_query.c ++++ b/resolv/res_query.c +@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp, + int n, use_malloc = 0; + u_int oflags = statp->_flags; + +- size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE; ++ size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE; + u_char *buf = alloca (bufsize); + u_char *query1 = buf; + int nquery1 = -1; +@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp, + printf(";; res_query(%s, %d, %d)\n", name, class, type); + #endif + +- if (type == T_UNSPEC) ++ if (type == T_QUERY_A_AND_AAAA) + { + n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL, + query1, bufsize); +@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp, + if (__builtin_expect (n <= 0, 0) && !use_malloc) { + /* Retry just in case res_nmkquery failed because of too + short buffer. Shouldn't happen. */ +- bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET; ++ bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET; + buf = malloc (bufsize); + if (buf != NULL) { + query1 = buf; +diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c +new file mode 100644 +index 0000000..b3e60c6 +--- /dev/null ++++ b/resolv/tst-resolv-qtypes.c +@@ -0,0 +1,185 @@ ++/* Exercise low-level query functions with different QTYPEs. ++ Copyright (C) 2016 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* If ture, the response function will send the actual response packet ++ over TCP instead of UDP. */ ++static volatile bool force_tcp; ++ ++/* Send back a fake resource record matching the QTYPE. */ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ if (force_tcp && ctx->tcp) ++ { ++ resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 }); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ return; ++ } ++ ++ resolv_response_init (b, (struct resolv_response_flags) { }); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ resolv_response_section (b, ns_s_an); ++ resolv_response_open_record (b, qname, qclass, qtype, 0); ++ resolv_response_add_data (b, &qtype, sizeof (qtype)); ++ resolv_response_close_record (b); ++} ++ ++static const const char *domain = "www.example.com"; ++ ++static int ++wrap_res_query (int type, unsigned char *answer, int answer_length) ++{ ++ return res_query (domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_search (int type, unsigned char *answer, int answer_length) ++{ ++ return res_query (domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_querydomain (int type, unsigned char *answer, int answer_length) ++{ ++ return res_querydomain ("www", "example.com", C_IN, type, ++ answer, answer_length); ++} ++ ++static int ++wrap_res_send (int type, unsigned char *answer, int answer_length) ++{ ++ unsigned char buf[512]; ++ int ret = res_mkquery (QUERY, domain, C_IN, type, ++ (const unsigned char *) "", 0, NULL, ++ buf, sizeof (buf)); ++ if (type < 0 || type >= 65536) ++ { ++ /* res_mkquery fails for out-of-range record types. */ ++ TEST_VERIFY_EXIT (ret == -1); ++ return -1; ++ } ++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */ ++ return res_send (buf, ret, answer, answer_length); ++} ++ ++static int ++wrap_res_nquery (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_nsearch (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length); ++} ++ ++static int ++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length) ++{ ++ return res_nquerydomain (&_res, "www", "example.com", C_IN, type, ++ answer, answer_length); ++} ++ ++static int ++wrap_res_nsend (int type, unsigned char *answer, int answer_length) ++{ ++ unsigned char buf[512]; ++ int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type, ++ (const unsigned char *) "", 0, NULL, ++ buf, sizeof (buf)); ++ if (type < 0 || type >= 65536) ++ { ++ /* res_mkquery fails for out-of-range record types. */ ++ TEST_VERIFY_EXIT (ret == -1); ++ return -1; ++ } ++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */ ++ return res_nsend (&_res, buf, ret, answer, answer_length); ++} ++ ++static void ++test_function (const char *fname, ++ int (*func) (int type, ++ unsigned char *answer, int answer_length)) ++{ ++ unsigned char buf[512]; ++ for (int tcp = 0; tcp < 2; ++tcp) ++ { ++ force_tcp = tcp; ++ for (unsigned int type = 1; type <= 65535; ++type) ++ { ++ if (test_verbose) ++ printf ("info: sending QTYPE %d with %s (tcp=%d)\n", ++ type, fname, tcp); ++ int ret = func (type, buf, sizeof (buf)); ++ if (ret != 47) ++ FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d", ++ fname,tcp, type, ret); ++ /* One question, one answer record. */ ++ TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0); ++ /* Question section. */ ++ static const char qname[] = "\3www\7example\3com"; ++ size_t qname_length = sizeof (qname); ++ TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0); ++ /* RDATA part of answer. */ ++ uint16_t type16 = type; ++ TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0); ++ } ++ } ++ ++ TEST_VERIFY (func (-1, buf, sizeof (buf) == -1)); ++ TEST_VERIFY (func (65536, buf, sizeof (buf) == -1)); ++} ++ ++static int ++do_test (void) ++{ ++ struct resolv_redirect_config config = ++ { ++ .response_callback = response, ++ }; ++ struct resolv_test *obj = resolv_test_start (config); ++ ++ test_function ("res_query", &wrap_res_query); ++ test_function ("res_search", &wrap_res_search); ++ test_function ("res_querydomain", &wrap_res_querydomain); ++ test_function ("res_send", &wrap_res_send); ++ ++ test_function ("res_nquery", &wrap_res_nquery); ++ test_function ("res_nsearch", &wrap_res_nsearch); ++ test_function ("res_nquerydomain", &wrap_res_nquerydomain); ++ test_function ("res_nsend", &wrap_res_nsend); ++ ++ resolv_test_end (obj); ++ return 0; ++} ++ ++#define TIMEOUT 300 ++#include +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2015-7547.patch b/gnu/packages/patches/glibc-CVE-2015-7547.patch new file mode 100644 index 0000000000..12abeb76d4 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2015-7547.patch @@ -0,0 +1,590 @@ +From b995d95a5943785be3ab862b2d3276f3b4a22481 Mon Sep 17 00:00:00 2001 +From: Carlos O'Donell +Date: Tue, 16 Feb 2016 21:26:37 -0500 +Subject: [PATCH] CVE-2015-7547: getaddrinfo() stack-based buffer overflow (Bug + 18665). + +* A stack-based buffer overflow was found in libresolv when invoked from + libnss_dns, allowing specially crafted DNS responses to seize control + of execution flow in the DNS client. The buffer overflow occurs in + the functions send_dg (send datagram) and send_vc (send TCP) for the + NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC + family. The use of AF_UNSPEC triggers the low-level resolver code to + send out two parallel queries for A and AAAA. A mismanagement of the + buffers used for those queries could result in the response of a query + writing beyond the alloca allocated buffer created by + _nss_dns_gethostbyname4_r. Buffer management is simplified to remove + the overflow. Thanks to the Google Security Team and Red Hat for + reporting the security impact of this issue, and Robert Holiday of + Ciena for reporting the related bug 18665. (CVE-2015-7547) + +See also: +https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html +https://sourceware.org/ml/libc-alpha/2016-02/msg00418.html + +(cherry picked from commit e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca) +--- + ChangeLog | 15 +++ + NEWS | 14 +++ + resolv/nss_dns/dns-host.c | 111 ++++++++++++++++++- + resolv/res_query.c | 3 + + resolv/res_send.c | 264 ++++++++++++++++++++++++++++++++++------------ + 5 files changed, 338 insertions(+), 69 deletions(-) + +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index 357ac04..a0fe9a8 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -1031,7 +1031,10 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, + int h_namelen = 0; + + if (ancount == 0) +- return NSS_STATUS_NOTFOUND; ++ { ++ *h_errnop = HOST_NOT_FOUND; ++ return NSS_STATUS_NOTFOUND; ++ } + + while (ancount-- > 0 && cp < end_of_message && had_error == 0) + { +@@ -1208,7 +1211,14 @@ gaih_getanswer_slice (const querybuf *answer, int anslen, const char *qname, + /* Special case here: if the resolver sent a result but it only + contains a CNAME while we are looking for a T_A or T_AAAA record, + we fail with NOTFOUND instead of TRYAGAIN. */ +- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; ++ if (canon != NULL) ++ { ++ *h_errnop = HOST_NOT_FOUND; ++ return NSS_STATUS_NOTFOUND; ++ } ++ ++ *h_errnop = NETDB_INTERNAL; ++ return NSS_STATUS_TRYAGAIN; + } + + +@@ -1222,11 +1232,101 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, + + enum nss_status status = NSS_STATUS_NOTFOUND; + ++ /* Combining the NSS status of two distinct queries requires some ++ compromise and attention to symmetry (A or AAAA queries can be ++ returned in any order). What follows is a breakdown of how this ++ code is expected to work and why. We discuss only SUCCESS, ++ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns ++ that apply (though RETURN and MERGE exist). We make a distinction ++ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). ++ A recoverable TRYAGAIN is almost always due to buffer size issues ++ and returns ERANGE in errno and the caller is expected to retry ++ with a larger buffer. ++ ++ Lastly, you may be tempted to make significant changes to the ++ conditions in this code to bring about symmetry between responses. ++ Please don't change anything without due consideration for ++ expected application behaviour. Some of the synthesized responses ++ aren't very well thought out and sometimes appear to imply that ++ IPv4 responses are always answer 1, and IPv6 responses are always ++ answer 2, but that's not true (see the implementation of send_dg ++ and send_vc to see response can arrive in any order, particularly ++ for UDP). However, we expect it holds roughly enough of the time ++ that this code works, but certainly needs to be fixed to make this ++ a more robust implementation. ++ ++ ---------------------------------------------- ++ | Answer 1 Status / | Synthesized | Reason | ++ | Answer 2 Status | Status | | ++ |--------------------------------------------| ++ | SUCCESS/SUCCESS | SUCCESS | [1] | ++ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | ++ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | ++ | SUCCESS/NOTFOUND | SUCCESS | [1] | ++ | SUCCESS/UNAVAIL | SUCCESS | [1] | ++ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | ++ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | ++ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | ++ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | ++ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | ++ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | ++ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | ++ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | ++ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | ++ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | ++ | NOTFOUND/SUCCESS | SUCCESS | [3] | ++ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | ++ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | ++ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | ++ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | ++ | UNAVAIL/SUCCESS | UNAVAIL | [4] | ++ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | ++ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | ++ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | ++ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | ++ ---------------------------------------------- ++ ++ [1] If the first response is a success we return success. ++ This ignores the state of the second answer and in fact ++ incorrectly sets errno and h_errno to that of the second ++ answer. However because the response is a success we ignore ++ *errnop and *h_errnop (though that means you touched errno on ++ success). We are being conservative here and returning the ++ likely IPv4 response in the first answer as a success. ++ ++ [2] If the first response is a recoverable TRYAGAIN we return ++ that instead of looking at the second response. The ++ expectation here is that we have failed to get an IPv4 response ++ and should retry both queries. ++ ++ [3] If the first response was not a SUCCESS and the second ++ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, ++ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the ++ result from the second response, otherwise the first responses ++ status is used. Again we have some odd side-effects when the ++ second response is NOTFOUND because we overwrite *errnop and ++ *h_errnop that means that a first answer of NOTFOUND might see ++ its *errnop and *h_errnop values altered. Whether it matters ++ in practice that a first response NOTFOUND has the wrong ++ *errnop and *h_errnop is undecided. ++ ++ [4] If the first response is UNAVAIL we return that instead of ++ looking at the second response. The expectation here is that ++ it will have failed similarly e.g. configuration failure. ++ ++ [5] Testing this code is complicated by the fact that truncated ++ second response buffers might be returned as SUCCESS if the ++ first answer is a SUCCESS. To fix this we add symmetry to ++ TRYAGAIN with the second response. If the second response ++ is a recoverable error we now return TRYAGIN even if the first ++ response was SUCCESS. */ ++ + if (anslen1 > 0) + status = gaih_getanswer_slice(answer1, anslen1, qname, + &pat, &buffer, &buflen, + errnop, h_errnop, ttlp, + &first); ++ + if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND + || (status == NSS_STATUS_TRYAGAIN + /* We want to look at the second answer in case of an +@@ -1242,8 +1342,15 @@ gaih_getanswer (const querybuf *answer1, int anslen1, const querybuf *answer2, + &pat, &buffer, &buflen, + errnop, h_errnop, ttlp, + &first); ++ /* Use the second response status in some cases. */ + if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) + status = status2; ++ /* Do not return a truncated second response (unless it was ++ unavoidable e.g. unrecoverable TRYAGAIN). */ ++ if (status == NSS_STATUS_SUCCESS ++ && (status2 == NSS_STATUS_TRYAGAIN ++ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) ++ status = NSS_STATUS_TRYAGAIN; + } + + return status; +diff --git a/resolv/res_query.c b/resolv/res_query.c +index 4a9b3b3..95470a9 100644 +--- a/resolv/res_query.c ++++ b/resolv/res_query.c +@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + } +@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + +@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, + { + free (*answerp2); + *answerp2 = NULL; ++ *nanswerp2 = 0; + *answerp2_malloced = 0; + } + if (saved_herrno != -1) +diff --git a/resolv/res_send.c b/resolv/res_send.c +index 5e53cc2..6511bb1 100644 +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -1,3 +1,20 @@ ++/* Copyright (C) 2016 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ + /* + * Copyright (c) 1985, 1989, 1993 + * The Regents of the University of California. All rights reserved. +@@ -363,6 +380,8 @@ __libc_res_nsend(res_state statp, const u_char *buf, int buflen, + #ifdef USE_HOOKS + if (__glibc_unlikely (statp->qhook || statp->rhook)) { + if (anssiz < MAXPACKET && ansp) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *buf = malloc (MAXPACKET); + if (buf == NULL) + return (-1); +@@ -638,6 +657,77 @@ get_nsaddr (res_state statp, int n) + return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; + } + ++/* The send_vc function is responsible for sending a DNS query over TCP ++ to the nameserver numbered NS from the res_state STATP i.e. ++ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and ++ IPv6 queries at the same serially on the same socket. ++ ++ Please note that for TCP there is no way to disable sending both ++ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP ++ and sends the queries serially and waits for the result after each ++ sent query. This implemetnation should be corrected to honour these ++ options. ++ ++ Please also note that for TCP we send both queries over the same ++ socket one after another. This technically violates best practice ++ since the server is allowed to read the first query, respond, and ++ then close the socket (to service another client). If the server ++ does this, then the remaining second query in the socket data buffer ++ will cause the server to send the client an RST which will arrive ++ asynchronously and the client's OS will likely tear down the socket ++ receive buffer resulting in a potentially short read and lost ++ response data. This will force the client to retry the query again, ++ and this process may repeat until all servers and connection resets ++ are exhausted and then the query will fail. It's not known if this ++ happens with any frequency in real DNS server implementations. This ++ implementation should be corrected to use two sockets by default for ++ parallel queries. ++ ++ The query stored in BUF of BUFLEN length is sent first followed by ++ the query stored in BUF2 of BUFLEN2 length. Queries are sent ++ serially on the same socket. ++ ++ Answers to the query are stored firstly in *ANSP up to a max of ++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP ++ is non-NULL (to indicate that modifying the answer buffer is allowed) ++ then malloc is used to allocate a new response buffer and ANSCP and ++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes ++ are needed but ANSCP is NULL, then as much of the response as ++ possible is read into the buffer, but the results will be truncated. ++ When truncation happens because of a small answer buffer the DNS ++ packets header field TC will bet set to 1, indicating a truncated ++ message and the rest of the socket data will be read and discarded. ++ ++ Answers to the query are stored secondly in *ANSP2 up to a max of ++ *ANSSIZP2 bytes, with the actual response length stored in ++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 ++ is non-NULL (required for a second query) then malloc is used to ++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer ++ size and *ANSP2_MALLOCED is set to 1. ++ ++ The ANSP2_MALLOCED argument will eventually be removed as the ++ change in buffer pointer can be used to detect the buffer has ++ changed and that the caller should use free on the new buffer. ++ ++ Note that the answers may arrive in any order from the server and ++ therefore the first and second answer buffers may not correspond to ++ the first and second queries. ++ ++ It is not supported to call this function with a non-NULL ANSP2 ++ but a NULL ANSCP. Put another way, you can call send_vc with a ++ single unmodifiable buffer or two modifiable buffers, but no other ++ combination is supported. ++ ++ It is the caller's responsibility to free the malloc allocated ++ buffers by detecting that the pointers have changed from their ++ original values i.e. *ANSCP or *ANSP2 has changed. ++ ++ If errors are encountered then *TERRNO is set to an appropriate ++ errno value and a zero result is returned for a recoverable error, ++ and a less-than zero result is returned for a non-recoverable error. ++ ++ If no errors are encountered then *TERRNO is left unmodified and ++ a the length of the first response in bytes is returned. */ + static int + send_vc(res_state statp, + const u_char *buf, int buflen, const u_char *buf2, int buflen2, +@@ -647,11 +737,7 @@ send_vc(res_state statp, + { + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; +- u_char *ans = *ansp; +- int orig_anssizp = *anssizp; +- // XXX REMOVE +- // int anssiz = *anssizp; +- HEADER *anhp = (HEADER *) ans; ++ HEADER *anhp = (HEADER *) *ansp; + struct sockaddr *nsap = get_nsaddr (statp, ns); + int truncating, connreset, n; + /* On some architectures compiler might emit a warning indicating +@@ -743,6 +829,8 @@ send_vc(res_state statp, + * Receive length & response + */ + int recvresp1 = 0; ++ /* Skip the second response if there is no second query. ++ To do that we mark the second response as received. */ + int recvresp2 = buf2 == NULL; + uint16_t rlen16; + read_len: +@@ -779,40 +867,14 @@ send_vc(res_state statp, + u_char **thisansp; + int *thisresplenp; + if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { ++ /* We have not received any responses ++ yet or we only have one response to ++ receive. */ + thisanssizp = anssizp; + thisansp = anscp ?: ansp; + assert (anscp != NULL || ansp2 == NULL); + thisresplenp = &resplen; + } else { +- if (*anssizp != MAXPACKET) { +- /* No buffer allocated for the first +- reply. We can try to use the rest +- of the user-provided buffer. */ +-#if __GNUC_PREREQ (4, 7) +- DIAG_PUSH_NEEDS_COMMENT; +- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); +-#endif +-#if _STRING_ARCH_unaligned +- *anssizp2 = orig_anssizp - resplen; +- *ansp2 = *ansp + resplen; +-#else +- int aligned_resplen +- = ((resplen + __alignof__ (HEADER) - 1) +- & ~(__alignof__ (HEADER) - 1)); +- *anssizp2 = orig_anssizp - aligned_resplen; +- *ansp2 = *ansp + aligned_resplen; +-#endif +-#if __GNUC_PREREQ (4, 7) +- DIAG_POP_NEEDS_COMMENT; +-#endif +- } else { +- /* The first reply did not fit into the +- user-provided buffer. Maybe the second +- answer will. */ +- *anssizp2 = orig_anssizp; +- *ansp2 = *ansp; +- } +- + thisanssizp = anssizp2; + thisansp = ansp2; + thisresplenp = resplen2; +@@ -820,10 +882,14 @@ send_vc(res_state statp, + anhp = (HEADER *) *thisansp; + + *thisresplenp = rlen; +- if (rlen > *thisanssizp) { +- /* Yes, we test ANSCP here. If we have two buffers +- both will be allocatable. */ +- if (__glibc_likely (anscp != NULL)) { ++ /* Is the answer buffer too small? */ ++ if (*thisanssizp < rlen) { ++ /* If the current buffer is not the the static ++ user-supplied buffer then we can reallocate ++ it. */ ++ if (thisansp != NULL && thisansp != ansp) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *newp = malloc (MAXPACKET); + if (newp == NULL) { + *terrno = ENOMEM; +@@ -835,6 +901,9 @@ send_vc(res_state statp, + if (thisansp == ansp2) + *ansp2_malloced = 1; + anhp = (HEADER *) newp; ++ /* A uint16_t can't be larger than MAXPACKET ++ thus it's safe to allocate MAXPACKET but ++ read RLEN bytes instead. */ + len = rlen; + } else { + Dprint(statp->options & RES_DEBUG, +@@ -997,6 +1066,66 @@ reopen (res_state statp, int *terrno, int ns) + return 1; + } + ++/* The send_dg function is responsible for sending a DNS query over UDP ++ to the nameserver numbered NS from the res_state STATP i.e. ++ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries ++ along with the ability to send the query in parallel for both stacks ++ (default) or serially (RES_SINGLKUP). It also supports serial lookup ++ with a close and reopen of the socket used to talk to the server ++ (RES_SNGLKUPREOP) to work around broken name servers. ++ ++ The query stored in BUF of BUFLEN length is sent first followed by ++ the query stored in BUF2 of BUFLEN2 length. Queries are sent ++ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). ++ ++ Answers to the query are stored firstly in *ANSP up to a max of ++ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP ++ is non-NULL (to indicate that modifying the answer buffer is allowed) ++ then malloc is used to allocate a new response buffer and ANSCP and ++ ANSP will both point to the new buffer. If more than *ANSSIZP bytes ++ are needed but ANSCP is NULL, then as much of the response as ++ possible is read into the buffer, but the results will be truncated. ++ When truncation happens because of a small answer buffer the DNS ++ packets header field TC will bet set to 1, indicating a truncated ++ message, while the rest of the UDP packet is discarded. ++ ++ Answers to the query are stored secondly in *ANSP2 up to a max of ++ *ANSSIZP2 bytes, with the actual response length stored in ++ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 ++ is non-NULL (required for a second query) then malloc is used to ++ allocate a new response buffer, *ANSSIZP2 is set to the new buffer ++ size and *ANSP2_MALLOCED is set to 1. ++ ++ The ANSP2_MALLOCED argument will eventually be removed as the ++ change in buffer pointer can be used to detect the buffer has ++ changed and that the caller should use free on the new buffer. ++ ++ Note that the answers may arrive in any order from the server and ++ therefore the first and second answer buffers may not correspond to ++ the first and second queries. ++ ++ It is not supported to call this function with a non-NULL ANSP2 ++ but a NULL ANSCP. Put another way, you can call send_vc with a ++ single unmodifiable buffer or two modifiable buffers, but no other ++ combination is supported. ++ ++ It is the caller's responsibility to free the malloc allocated ++ buffers by detecting that the pointers have changed from their ++ original values i.e. *ANSCP or *ANSP2 has changed. ++ ++ If an answer is truncated because of UDP datagram DNS limits then ++ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to ++ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 ++ if any progress was made reading a response from the nameserver and ++ is used by the caller to distinguish between ECONNREFUSED and ++ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). ++ ++ If errors are encountered then *TERRNO is set to an appropriate ++ errno value and a zero result is returned for a recoverable error, ++ and a less-than zero result is returned for a non-recoverable error. ++ ++ If no errors are encountered then *TERRNO is left unmodified and ++ a the length of the first response in bytes is returned. */ + static int + send_dg(res_state statp, + const u_char *buf, int buflen, const u_char *buf2, int buflen2, +@@ -1006,8 +1135,6 @@ send_dg(res_state statp, + { + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; +- u_char *ans = *ansp; +- int orig_anssizp = *anssizp; + struct timespec now, timeout, finish; + struct pollfd pfd[1]; + int ptimeout; +@@ -1040,6 +1167,8 @@ send_dg(res_state statp, + int need_recompute = 0; + int nwritten = 0; + int recvresp1 = 0; ++ /* Skip the second response if there is no second query. ++ To do that we mark the second response as received. */ + int recvresp2 = buf2 == NULL; + pfd[0].fd = EXT(statp).nssocks[ns]; + pfd[0].events = POLLOUT; +@@ -1203,55 +1332,56 @@ send_dg(res_state statp, + int *thisresplenp; + + if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { ++ /* We have not received any responses ++ yet or we only have one response to ++ receive. */ + thisanssizp = anssizp; + thisansp = anscp ?: ansp; + assert (anscp != NULL || ansp2 == NULL); + thisresplenp = &resplen; + } else { +- if (*anssizp != MAXPACKET) { +- /* No buffer allocated for the first +- reply. We can try to use the rest +- of the user-provided buffer. */ +-#if _STRING_ARCH_unaligned +- *anssizp2 = orig_anssizp - resplen; +- *ansp2 = *ansp + resplen; +-#else +- int aligned_resplen +- = ((resplen + __alignof__ (HEADER) - 1) +- & ~(__alignof__ (HEADER) - 1)); +- *anssizp2 = orig_anssizp - aligned_resplen; +- *ansp2 = *ansp + aligned_resplen; +-#endif +- } else { +- /* The first reply did not fit into the +- user-provided buffer. Maybe the second +- answer will. */ +- *anssizp2 = orig_anssizp; +- *ansp2 = *ansp; +- } +- + thisanssizp = anssizp2; + thisansp = ansp2; + thisresplenp = resplen2; + } + + if (*thisanssizp < MAXPACKET +- /* Yes, we test ANSCP here. If we have two buffers +- both will be allocatable. */ +- && anscp ++ /* If the current buffer is not the the static ++ user-supplied buffer then we can reallocate ++ it. */ ++ && (thisansp != NULL && thisansp != ansp) + #ifdef FIONREAD ++ /* Is the size too small? */ + && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 + || *thisanssizp < *thisresplenp) + #endif + ) { ++ /* Always allocate MAXPACKET, callers expect ++ this specific size. */ + u_char *newp = malloc (MAXPACKET); + if (newp != NULL) { +- *anssizp = MAXPACKET; +- *thisansp = ans = newp; ++ *thisanssizp = MAXPACKET; ++ *thisansp = newp; + if (thisansp == ansp2) + *ansp2_malloced = 1; + } + } ++ /* We could end up with truncation if anscp was NULL ++ (not allowed to change caller's buffer) and the ++ response buffer size is too small. This isn't a ++ reliable way to detect truncation because the ioctl ++ may be an inaccurate report of the UDP message size. ++ Therefore we use this only to issue debug output. ++ To do truncation accurately with UDP we need ++ MSG_TRUNC which is only available on Linux. We ++ can abstract out the Linux-specific feature in the ++ future to detect truncation. */ ++ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { ++ Dprint(statp->options & RES_DEBUG, ++ (stdout, ";; response may be truncated (UDP)\n") ++ ); ++ } ++ + HEADER *anhp = (HEADER *) *thisansp; + socklen_t fromlen = sizeof(struct sockaddr_in6); + assert (sizeof(from) <= fromlen); +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2016-3075.patch b/gnu/packages/patches/glibc-CVE-2016-3075.patch new file mode 100644 index 0000000000..d16722806e --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-3075.patch @@ -0,0 +1,43 @@ +From 146b58d11fddbef15b888906e3be4f33900c416f Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Tue, 29 Mar 2016 12:57:56 +0200 +Subject: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ + #19879] + +The defensive copy is not needed because the name may not alias the +output buffer. + +(cherry picked from commit 317b199b4aff8cfa27f2302ab404d2bb5032b9a4) +(cherry picked from commit 883dceebc8f11921a9890211a4e202e5be17562f) +--- + ChangeLog | 7 +++++++ + NEWS | 10 ++++++++-- + resolv/nss_dns/dns-network.c | 5 +---- + 3 files changed, 16 insertions(+), 6 deletions(-) + +diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c +index 2eb2f67..8f301a7 100644 +--- a/resolv/nss_dns/dns-network.c ++++ b/resolv/nss_dns/dns-network.c +@@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result, + } net_buffer; + querybuf *orig_net_buffer; + int anslen; +- char *qbuf; + enum nss_status status; + + if (__res_maybe_init (&_res, 0) == -1) + return NSS_STATUS_UNAVAIL; + +- qbuf = strdupa (name); +- + net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024); + +- anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf, ++ anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf, + 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL); + if (anslen < 0) + { +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2016-3706.patch b/gnu/packages/patches/glibc-CVE-2016-3706.patch new file mode 100644 index 0000000000..617242df24 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-3706.patch @@ -0,0 +1,188 @@ +From 1a8a7c12950a0026a3c406a7cb1608f96aa1460e Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Fri, 29 Apr 2016 10:35:34 +0200 +Subject: [PATCH] CVE-2016-3706: getaddrinfo: stack overflow in hostent + conversion [BZ #20010] + +When converting a struct hostent response to struct gaih_addrtuple, the +gethosts macro (which is called from gaih_inet) used alloca, without +malloc fallback for large responses. This commit changes this code to +use calloc unconditionally. + +This commit also consolidated a second hostent-to-gaih_addrtuple +conversion loop (in gaih_inet) to use the new conversion function. + +(cherry picked from commit 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9) +--- + ChangeLog | 10 ++++ + sysdeps/posix/getaddrinfo.c | 130 +++++++++++++++++++++++--------------------- + 2 files changed, 79 insertions(+), 61 deletions(-) + +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 1ef3f20..fed2d3b 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -168,9 +168,58 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + return 0; + } + ++/* Convert struct hostent to a list of struct gaih_addrtuple objects. ++ h_name is not copied, and the struct hostent object must not be ++ deallocated prematurely. *RESULT must be NULL or a pointer to an ++ object allocated using malloc, which is freed. */ ++static bool ++convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, ++ int family, ++ struct hostent *h, ++ struct gaih_addrtuple **result) ++{ ++ free (*result); ++ *result = NULL; ++ ++ /* Count the number of addresses in h->h_addr_list. */ ++ size_t count = 0; ++ for (char **p = h->h_addr_list; *p != NULL; ++p) ++ ++count; ++ ++ /* Report no data if no addresses are available, or if the incoming ++ address size is larger than what we can store. */ ++ if (count == 0 || h->h_length > sizeof (((struct gaih_addrtuple) {}).addr)) ++ return true; ++ ++ struct gaih_addrtuple *array = calloc (count, sizeof (*array)); ++ if (array == NULL) ++ return false; ++ ++ for (size_t i = 0; i < count; ++i) ++ { ++ if (family == AF_INET && req->ai_family == AF_INET6) ++ { ++ /* Perform address mapping. */ ++ array[i].family = AF_INET6; ++ memcpy(array[i].addr + 3, h->h_addr_list[i], sizeof (uint32_t)); ++ array[i].addr[2] = htonl (0xffff); ++ } ++ else ++ { ++ array[i].family = family; ++ memcpy (array[i].addr, h->h_addr_list[i], h->h_length); ++ } ++ array[i].next = array + i + 1; ++ } ++ array[0].name = h->h_name; ++ array[count - 1].next = NULL; ++ ++ *result = array; ++ return true; ++} ++ + #define gethosts(_family, _type) \ + { \ +- int i; \ + int herrno; \ + struct hostent th; \ + struct hostent *h; \ +@@ -219,36 +268,23 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + } \ + else if (h != NULL) \ + { \ +- for (i = 0; h->h_addr_list[i]; i++) \ ++ /* Make sure that addrmem can be freed. */ \ ++ if (!malloc_addrmem) \ ++ addrmem = NULL; \ ++ if (!convert_hostent_to_gaih_addrtuple (req, _family,h, &addrmem)) \ + { \ +- if (*pat == NULL) \ +- { \ +- *pat = __alloca (sizeof (struct gaih_addrtuple)); \ +- (*pat)->scopeid = 0; \ +- } \ +- uint32_t *addr = (*pat)->addr; \ +- (*pat)->next = NULL; \ +- (*pat)->name = i == 0 ? strdupa (h->h_name) : NULL; \ +- if (_family == AF_INET && req->ai_family == AF_INET6) \ +- { \ +- (*pat)->family = AF_INET6; \ +- addr[3] = *(uint32_t *) h->h_addr_list[i]; \ +- addr[2] = htonl (0xffff); \ +- addr[1] = 0; \ +- addr[0] = 0; \ +- } \ +- else \ +- { \ +- (*pat)->family = _family; \ +- memcpy (addr, h->h_addr_list[i], sizeof(_type)); \ +- } \ +- pat = &((*pat)->next); \ ++ _res.options |= old_res_options & RES_USE_INET6; \ ++ result = -EAI_SYSTEM; \ ++ goto free_and_return; \ + } \ ++ *pat = addrmem; \ ++ /* The conversion uses malloc unconditionally. */ \ ++ malloc_addrmem = true; \ + \ + if (localcanon != NULL && canon == NULL) \ + canon = strdupa (localcanon); \ + \ +- if (_family == AF_INET6 && i > 0) \ ++ if (_family == AF_INET6 && *pat != NULL) \ + got_ipv6 = true; \ + } \ + } +@@ -612,44 +648,16 @@ gaih_inet (const char *name, const struct gaih_service *service, + { + if (h != NULL) + { +- int i; +- /* We found data, count the number of addresses. */ +- for (i = 0; h->h_addr_list[i]; ++i) +- ; +- if (i > 0 && *pat != NULL) +- --i; +- +- if (__libc_use_alloca (alloca_used +- + i * sizeof (struct gaih_addrtuple))) +- addrmem = alloca_account (i * sizeof (struct gaih_addrtuple), +- alloca_used); +- else +- { +- addrmem = malloc (i +- * sizeof (struct gaih_addrtuple)); +- if (addrmem == NULL) +- { +- result = -EAI_MEMORY; +- goto free_and_return; +- } +- malloc_addrmem = true; +- } +- +- /* Now convert it into the list. */ +- struct gaih_addrtuple *addrfree = addrmem; +- for (i = 0; h->h_addr_list[i]; ++i) ++ /* We found data, convert it. */ ++ if (!convert_hostent_to_gaih_addrtuple ++ (req, AF_INET, h, &addrmem)) + { +- if (*pat == NULL) +- { +- *pat = addrfree++; +- (*pat)->scopeid = 0; +- } +- (*pat)->next = NULL; +- (*pat)->family = AF_INET; +- memcpy ((*pat)->addr, h->h_addr_list[i], +- h->h_length); +- pat = &((*pat)->next); ++ result = -EAI_MEMORY; ++ goto free_and_return; + } ++ *pat = addrmem; ++ /* The conversion uses malloc unconditionally. */ ++ malloc_addrmem = true; + } + } + else +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2016-4429.patch b/gnu/packages/patches/glibc-CVE-2016-4429.patch new file mode 100644 index 0000000000..5eebd10543 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2016-4429.patch @@ -0,0 +1,58 @@ +From bdce95930e1d9a7d013d1ba78740243491262879 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 23 May 2016 20:18:34 +0200 +Subject: [PATCH] CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call [BZ + #20112] + +The call is technically in a loop, and under certain circumstances +(which are quite difficult to reproduce in a test case), alloca +can be invoked repeatedly during a single call to clntudp_call. +As a result, the available stack space can be exhausted (even +though individual alloca sizes are bounded implicitly by what +can fit into a UDP packet, as a side effect of the earlier +successful send operation). + +(cherry picked from commit bc779a1a5b3035133024b21e2f339fe4219fb11c) +--- + ChangeLog | 7 +++++++ + NEWS | 4 ++++ + sunrpc/clnt_udp.c | 10 +++++++++- + 3 files changed, 20 insertions(+), 1 deletion(-) + +diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c +index a6cf5f1..4d9acb1 100644 +--- a/sunrpc/clnt_udp.c ++++ b/sunrpc/clnt_udp.c +@@ -388,9 +388,15 @@ send_again: + struct sock_extended_err *e; + struct sockaddr_in err_addr; + struct iovec iov; +- char *cbuf = (char *) alloca (outlen + 256); ++ char *cbuf = malloc (outlen + 256); + int ret; + ++ if (cbuf == NULL) ++ { ++ cu->cu_error.re_errno = errno; ++ return (cu->cu_error.re_status = RPC_CANTRECV); ++ } ++ + iov.iov_base = cbuf + 256; + iov.iov_len = outlen; + msg.msg_name = (void *) &err_addr; +@@ -415,10 +421,12 @@ send_again: + cmsg = CMSG_NXTHDR (&msg, cmsg)) + if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) + { ++ free (cbuf); + e = (struct sock_extended_err *) CMSG_DATA(cmsg); + cu->cu_error.re_errno = e->ee_errno; + return (cu->cu_error.re_status = RPC_CANTRECV); + } ++ free (cbuf); + } + #endif + do +-- +2.9.3 + diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index 7d569eef3e..d0afab0931 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -49,10 +49,21 @@ #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:prefix license:)) +(define gd-for-php + (package + (inherit gd) + (source (origin + (inherit (package-source gd)) + (patches + (append + (origin-patches (package-source gd)) + (search-patches "gd-CVE-2017-7890.patch"))))))) + + (define-public php (package (name "php") - (version "7.1.6") + (version "7.1.8") (home-page "https://secure.php.net/") (source (origin (method url-fetch) @@ -60,7 +71,7 @@ name "-" version ".tar.xz")) (sha256 (base32 - "0nr49gqhk4pv8kcdc60cl1mgwlinawpraq9ba15whzmb472lsn01")) + "1aramb6dm57pr2iz61id9vzfy7h5qkb6bf7dxhrwnjk0723qahw9")) (modules '((guix build utils))) (snippet '(with-directory-excursion "ext" @@ -282,7 +293,7 @@ ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("freetype" ,freetype) - ("gd" ,gd) + ("gd" ,gd-for-php) ("gdbm" ,gdbm) ("glibc" ,glibc) ("gmp" ,gmp) diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index f8300a1752..d2b6c6dd59 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -5172,6 +5172,34 @@ Python language binding specification.") (define-public python2-drmaa (package-with-python2 python-drmaa)) +(define-public python-grako + (package + (name "python-grako") + (version "3.99.9") + (source + (origin + (method url-fetch) + (uri + (pypi-uri "grako" version ".zip")) + (sha256 + (base32 + "0r63i68wcnv63rfjkasq1ah81frz61a6mzbcnaxhrkdpx84p7hzw")))) + (build-system python-build-system) + (arguments '(#:tests? #f)) ; Test file 'grako.ebnf' is missing from archive. + (native-inputs + `(("unzip" ,unzip) + ("python-pytest" ,python-pytest-3.0) + ("python-pytest-runner" ,python-pytest-runner))) + (home-page "https://bitbucket.org/neogeny/grako") + (synopsis "EBNF parser generator") + (description + "Grako takes a grammar in a variation of EBNF as input, and outputs a +memoizing PEG/Packrat parser in Python.") + (license license:bsd-3))) + +(define-public python2-grako + (package-with-python2 python-grako)) + (define-public python-gridmap (package (name "python-gridmap") diff --git a/gnu/packages/rdesktop.scm b/gnu/packages/rdesktop.scm index 3eb82f22f3..7946cde790 100644 --- a/gnu/packages/rdesktop.scm +++ b/gnu/packages/rdesktop.scm @@ -72,15 +72,14 @@ to remotely control a user's Windows desktop.") (define-public freerdp (package (name "freerdp") - (version "1.2.0-beta1+android9") + (version "2.0.0-rc0") (source (origin - (method git-fetch) - (uri (git-reference - (url "git://github.com/FreeRDP/FreeRDP.git") - (commit version))) - (file-name (git-file-name name version)) + (method url-fetch) + (uri (string-append "https://github.com/FreeRDP/FreeRDP/archive/" + version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 "1m0lzrr7hkxfvc5f9p8snimv0rmin2463zhg25mv36wig8g5k7l3")))) + (base32 "0r36zwhl7fhmdng5pvl2a106gqbcqq184g2i2klz6ilna8pxjcml")))) (build-system cmake-build-system) (native-inputs `(("pkg-config" ,pkg-config) @@ -111,15 +110,6 @@ to remotely control a user's Windows desktop.") '("-DCMAKE_INSTALL_LIBDIR=lib" "-DWITH_PULSE=ON" "-DWITH_CUPS=ON") - #:phases - (modify-phases %standard-phases - (add-before 'configure 'patch-cmakelists - (lambda _ - ;; CMake would return an error on REMOVE_DUPLICATES because this - ;; list is empty. - (substitute* "channels/client/CMakeLists.txt" - (("list\\(REMOVE_DUPLICATES CHANNEL_STATIC_CLIENT_ENTRIES\\)") - ""))))) #:tests? #f)) ; no 'test' target (home-page "https://www.freerdp.com") (synopsis "Remote Desktop Protocol implementation") diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm index 8d2a957eae..4603fd49b3 100644 --- a/gnu/packages/shells.scm +++ b/gnu/packages/shells.scm @@ -366,14 +366,14 @@ ksh, and tcsh.") (define-public xonsh (package (name "xonsh") - (version "0.5.9") + (version "0.5.12") (source (origin (method url-fetch) (uri (pypi-uri "xonsh" version)) (sha256 (base32 - "09s5k7fh4p0vkq0fha4ikwqlqsyv84vmlbqn8ggn0ymd47ajv38z")) + "1yz595hx5bni524m73cx8a08vcr6vfksfci14nx2ylz53igzva2c")) (modules '((guix build utils))) (snippet `(begin diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm index 99fd2e8d12..55a8a2a483 100644 --- a/gnu/packages/statistics.scm +++ b/gnu/packages/statistics.scm @@ -264,14 +264,14 @@ available, greatly increasing its breadth and scope.") (define-public r-boot (package (name "r-boot") - (version "1.3-19") + (version "1.3-20") (source (origin (method url-fetch) (uri (cran-uri "boot" version)) (sha256 (base32 - "16hsw4bw9pkfc2lqxfwycm1sbvbrm4linvm0ci71n8sxc7srvkis")))) + "0ai1qpm0p4z07xr0dvag8sdn9jrxcwanrsk9khzmww094jvr1jxd")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/boot") (synopsis "Bootstrap functions for R") @@ -366,14 +366,14 @@ Hubert, based on Kaufman and Rousseeuw (1990) \"Finding Groups in Data\".") (define-public r-foreign (package (name "r-foreign") - (version "0.8-67") + (version "0.8-69") (source (origin (method url-fetch) (uri (cran-uri "foreign" version)) (sha256 (base32 - "0j0z815zyp8n97rk6hlk68d1r8b26vls39s03viq0pnx3cbpwyga")))) + "0s1lxmd85dd0kxx8hwk02w9l7pmpk4bpy7787fbyh2dbq5g9ys0k")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/foreign") (synopsis "Read data stored by other statistics software") @@ -428,14 +428,14 @@ also flexible enough to handle most nonstandard requirements.") (define-public r-matrix (package (name "r-matrix") - (version "1.2-8") + (version "1.2-10") (source (origin (method url-fetch) (uri (cran-uri "Matrix" version)) (sha256 (base32 - "1dyv42d7ranb85y8hvi57hbg5xnvhdzqn56wcq3qmhazqj3s3liw")))) + "0r3qjcz92xwgdzrfz444mqzwnja5sv9abaf252fh6k48qbyahahh")))) (properties `((upstream-name . "Matrix"))) (build-system r-build-system) (propagated-inputs @@ -473,14 +473,14 @@ nonlinear mixed-effects models.") (define-public r-mgcv (package (name "r-mgcv") - (version "1.8-17") + (version "1.8-18") (source (origin (method url-fetch) (uri (cran-uri "mgcv" version)) (sha256 (base32 - "1zj223l4a3j15d3c01wv7dkzn9w6084gxrq5600ck9rvr0lfpwwg")))) + "011mgcypr56xvm9nizsfsb2285kzql93x0d3lzg849g39vbpp4s2")))) (build-system r-build-system) (propagated-inputs `(("r-matrix" ,r-matrix) @@ -622,14 +622,14 @@ binary booleans, @code{TRUE} and @code{FALSE} can be stored with 1 bit only.") (define-public r-bit64 (package (name "r-bit64") - (version "0.9-5") + (version "0.9-7") (source (origin (method url-fetch) (uri (cran-uri "bit64" version)) (sha256 (base32 - "0fz5m3fhvxgwjl76maag7yn0zdw24rx34gy6v77378fajag9yllg")))) + "07znvz9vp1nz1y5ljng4qyskvm943cdbmy996s67560ijxzsm6kv")))) (build-system r-build-system) (propagated-inputs `(("r-bit" ,r-bit))) @@ -793,30 +793,6 @@ see package vignette. To quote Rene Magritte, \"Ceci n'est pas un pipe.\"") Munsell colour system.") (license license:expat))) -(define-public r-rcpp - (package - (name "r-rcpp") - (version "0.12.10") - (source - (origin - (method url-fetch) - (uri (cran-uri "Rcpp" version)) - (sha256 - (base32 "108p485agxwgmnl9p54vsyy94w96lcimlk08v71ddm77gfl13y2f")))) - (build-system r-build-system) - (home-page "http://www.rcpp.org") - (synopsis "Seamless R and C++ Integration") - (description - "The Rcpp package provides R functions as well as C++ classes which offer -a seamless integration of R and C++. Many R data types and objects can be -mapped back and forth to C++ equivalents which facilitates both writing of new -code as well as easier integration of third-party libraries. Documentation -about Rcpp is provided by several vignettes included in this package, via the -'Rcpp Gallery' site at , the paper by Eddelbuettel -and Francois (2011, JSS), and the book by Eddelbuettel (2013, Springer); see -'citation(\"Rcpp\")' for details on these last two.") - (license license:gpl2+))) - (define-public r-permute (package (name "r-permute") @@ -1144,13 +1120,13 @@ evaluation (NSE) in R.") (define-public r-dbi (package (name "r-dbi") - (version "0.6-1") + (version "0.7") (source (origin (method url-fetch) (uri (cran-uri "DBI" version)) (sha256 (base32 - "1fg158k4n6l3rzx9nrwhp4nwkwpbmv1q7z2xz5rw138zws68fkgr")))) + "04fyrxdpqcygg5wviy637y6lgk64xqjjq31lvv4hwqj5kbaxamr5")))) (build-system r-build-system) (home-page "https://github.com/rstats-db/DBI") (synopsis "R database interface") @@ -1182,13 +1158,13 @@ for template use among CRAN packages.") (define-public r-evaluate (package (name "r-evaluate") - (version "0.10") + (version "0.10.1") (source (origin (method url-fetch) (uri (cran-uri "evaluate" version)) (sha256 (base32 - "0mwna7rjyrmc76651a1fm7c76ippdsc2wsp3sj3iwb1c73mvlqv1")))) + "070vvmnbdlp7sz2zhza7fhd2a6mlwiln8fn4hyzhsiizbn4n79y9")))) (build-system r-build-system) (propagated-inputs `(("r-stringr" ,r-stringr))) @@ -1204,13 +1180,13 @@ adapted for other output formats, such as HTML or LaTeX.") (define-public r-formatr (package (name "r-formatr") - (version "1.4") + (version "1.5") (source (origin (method url-fetch) (uri (cran-uri "formatR" version)) (sha256 (base32 - "1fvynq0fj1r9grg9vvfdh5fl2riv6qki9f2rfpyvbvqq3xxpmi3f")))) + "19sd23vgs4ac0fwlw40j3676k6mramb0ajlq8hdw23kjwdx1jk47")))) (build-system r-build-system) (home-page "http://yihui.name/formatR") (synopsis "Format R code automatically") @@ -1305,13 +1281,13 @@ emitter (http://pyyaml.org/wiki/LibYAML) for R.") (define-public r-knitr (package (name "r-knitr") - (version "1.15.1") + (version "1.16") (source (origin (method url-fetch) (uri (cran-uri "knitr" version)) (sha256 (base32 - "1pbxd3k7kv5sa1a5gxm0zc2bhjxdgx2nfch9xap5k85djmgsfqc1")))) + "02balmhvc955rkqv4v0wkxbw4vjphydajgcpy4ml0s3b4sziyj0h")))) (build-system r-build-system) (propagated-inputs `(("r-evaluate" ,r-evaluate) @@ -1333,14 +1309,14 @@ generation in R using Literate Programming techniques.") (define-public r-knitrbootstrap (package (name "r-knitrbootstrap") - (version "1.0.0") + (version "1.0.1") (source (origin (method url-fetch) (uri (cran-uri "knitrBootstrap" version)) (sha256 (base32 - "0pshn2slzqwpryklslsxwh1dmqcnwv6bwi7yfm6m342wjybpk0wl")))) + "089147g7nqp99rwdxxsfmklsrwc8aia09sr8ndmrc335r33v6r6p")))) (properties `((upstream-name . "knitrBootstrap"))) (build-system r-build-system) (propagated-inputs @@ -1485,13 +1461,13 @@ flexible and easy to set up.") (define-public r-r6 (package (name "r-r6") - (version "2.2.0") + (version "2.2.2") (source (origin (method url-fetch) (uri (cran-uri "R6" version)) (sha256 (base32 - "1ir51pb0y6yj05qaxsflk4a6hv8n73cwlb0qajcskbrz632dsyvx")))) + "13xfdr19ca7ymisidsanm6w7hsk3qmy5l8c0mlz3nk48f7s5cxq8")))) (build-system r-build-system) (home-page "https://github.com/wch/R6/") (synopsis "Classes with reference semantics in R") @@ -1504,20 +1480,38 @@ private members, and they support inheritance, even when the classes are defined in different packages.") (license license:expat))) +(define-public r-rlang + (package + (name "r-rlang") + (version "0.1.1") + (source (origin + (method url-fetch) + (uri (cran-uri "rlang" version)) + (sha256 + (base32 + "0grwqy3zkvz96mvpwfbfyqid4jkfrqh3ldy2n6dpv2kjd1fzj0ar")))) + (build-system r-build-system) + (home-page "http://rlang.tidyverse.org") + (synopsis "Functions for base types, core R and Tidyverse features") + (description "This package provides a toolbox for working with base types, +core R features like the condition system, and core @code{Tidyverse} features +like tidy evaluation.") + (license license:gpl3))) + (define-public r-tibble (package (name "r-tibble") - (version "1.3.0") + (version "1.3.3") (source (origin (method url-fetch) (uri (cran-uri "tibble" version)) (sha256 (base32 - "1q25i1cv3qms6d3lw7jd3z142w188znkcbyam460gn9si8l8g2bk")))) + "1bhq4pm56l7l6s1k44ajrcr7hz56h37m9ck4zji9f8xfdqschbl0")))) (build-system r-build-system) (propagated-inputs - `(("r-lazyeval" ,r-lazyeval) + `(("r-rlang" ,r-rlang) ("r-rcpp" ,r-rcpp))) (home-page "https://github.com/hadley/tibble") (synopsis "Simple data frames") @@ -1529,20 +1523,23 @@ and printing capabilities than traditional data frames.") (define-public r-dplyr (package (name "r-dplyr") - (version "0.5.0") + (version "0.7.2") (source (origin (method url-fetch) (uri (cran-uri "dplyr" version)) (sha256 (base32 - "0ks5cklb03laqf5ygcw986g1lv7wk1ipvypjlha8xly2y4lvilwk")))) + "0jpb32ca1c0mr660igna4yw4fmzydzfhxshd0g8wgmggkynx2qi2")))) (build-system r-build-system) (propagated-inputs `(("r-assertthat" ,r-assertthat) ("r-r6" ,r-r6) ("r-magrittr" ,r-magrittr) - ("r-lazyeval" ,r-lazyeval) - ("r-dbi" ,r-dbi) + ("r-rlang" ,r-rlang) + ("r-plogr" ,r-plogr) + ("r-glue" ,r-glue) + ("r-pkgconfig" ,r-pkgconfig) + ("r-bindrcpp" ,r-bindrcpp) ("r-tibble" ,r-tibble))) (native-inputs `(("r-rcpp" ,r-rcpp) @@ -1605,14 +1602,14 @@ Groups in Data\".") (define-public r-formula (package (name "r-formula") - (version "1.2-1") + (version "1.2-2") (source (origin (method url-fetch) (uri (cran-uri "Formula" version)) (sha256 (base32 - "02in5325zzrqbhlygx6s0dinj6ymw845q70y56frqacv25ayzcax")))) + "0ad49bzip1zqmpj1d8jajwl4bd81fm3k6dq8p26x6mvlzc04dvwd")))) (properties `((upstream-name . "Formula"))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/Formula") @@ -1937,14 +1934,14 @@ limited to R.") (define-public r-backports (package (name "r-backports") - (version "1.0.5") + (version "1.1.0") (source (origin (method url-fetch) (uri (cran-uri "backports" version)) (sha256 (base32 - "1pn1ii8vbkgxcqvx52kzsbwf9gkn9fp33388087zky2hmdzdirn0")))) + "1kcz6j82by28cjk5wi2j6dfqdin1kib4y7d2r4h3zabcxmk6jly5")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/backports") (synopsis "Reimplementations of functions introduced since R 3.0.0") @@ -1960,14 +1957,14 @@ R version.") (define-public r-checkmate (package (name "r-checkmate") - (version "1.8.2") + (version "1.8.3") (source (origin (method url-fetch) (uri (cran-uri "checkmate" version)) (sha256 (base32 - "1zqcggl9m7slvc0q6zyhssdypb7jzf3l9byl5vxh1qdwjiw2y64g")))) + "04rxabzamhv6ybynx627sxk02qvq8znkv0y10vmq67xx6pxhqvla")))) (build-system r-build-system) (propagated-inputs `(("r-backports" ,r-backports))) @@ -2076,14 +2073,14 @@ module, Java Server Pages, and Python's psp module.") (define-public r-desc (package (name "r-desc") - (version "1.1.0") + (version "1.1.1") (source (origin (method url-fetch) (uri (cran-uri "desc" version)) (sha256 (base32 - "0mc1jmiwqyj7s6gzxz6fyamzjpmdn3rpfpllby2fq11ml30c6jpr")))) + "0k07qighac1xzmm8k988zi7i88a0yfvia3gk5hbz0fyvb2v9kzrj")))) (build-system r-build-system) (propagated-inputs `(("r-assertthat" ,r-assertthat) @@ -2210,13 +2207,13 @@ functions make it easy to control additional request components.") (define-public r-git2r (package (name "r-git2r") - (version "0.18.0") + (version "0.19.0") (source (origin (method url-fetch) (uri (cran-uri "git2r" version)) (sha256 (base32 - "0bgzdsdi9n6l8pchivs6a2g4ksa56qs8hygpyv2c0ndqmx4jxcwi")))) + "0ws6fbndmaafk2am4dwnz24qizxhld0yh54hgx0z6lzv3p1j209q")))) (build-system r-build-system) ;; This R package contains modified sources of libgit2. This modified ;; version of libgit2 is built as the package is built. Hence libgit2 is @@ -2254,25 +2251,21 @@ informative error messages when it's not available.") (define-public r-devtools (package (name "r-devtools") - (version "1.13.2") + (version "1.13.3") (source (origin (method url-fetch) (uri (cran-uri "devtools" version)) (sha256 (base32 - "08ajsr12wd31lsx3jv5l9mq4063dc5fpr9lcnzra6kl59vi5pa7v")))) + "146wb09cmfh10vhn1ps2nmzx104zldb3nj9qv2ic0gbcikbbryp6")))) (build-system r-build-system) (propagated-inputs - `(("r-curl" ,r-curl) - ("r-digest" ,r-digest) - ("r-evaluate" ,r-evaluate) + `(("r-digest" ,r-digest) ("r-git2r" ,r-git2r) ("r-httr" ,r-httr) ("r-jsonlite" ,r-jsonlite) ("r-memoise" ,r-memoise) - ("r-roxygen2" ,r-roxygen2) ("r-rstudioapi" ,r-rstudioapi) - ("r-rversions" ,r-rversions) ("r-whisker" ,r-whisker) ("r-withr" ,r-withr))) (home-page "https://github.com/hadley/devtools") @@ -2284,13 +2277,13 @@ tools to simplify the devolpment of R packages.") (define-public r-withr (package (name "r-withr") - (version "1.0.2") + (version "2.0.0") (source (origin (method url-fetch) (uri (cran-uri "withr" version)) (sha256 (base32 - "042z8nmqqilgrvhmbqrjc05qys3gzwq1rqy2wxp2bi5d41859493")))) + "0ncq9ygx33rx7aazn53p0a0vbr5xv0r6wbkzcwbhbwyd8k55bgin")))) (build-system r-build-system) (home-page "https://github.com/jimhester/withr") (synopsis "Run code with temporarily modified global state") @@ -2322,13 +2315,13 @@ time-of-day values, based on the @code{difftime} class.") (define-public r-readr (package (name "r-readr") - (version "1.1.0") + (version "1.1.1") (source (origin (method url-fetch) (uri (cran-uri "readr" version)) (sha256 (base32 - "1g7g3gdmvq7nj8asw6fi13k38c420sy9696nqgkrhlvv5h13yqs7")))) + "1cvw5wdcqk88cp5fyv678mnmp66l3whcd2yh33p2qvx0168bja8s")))) (build-system r-build-system) (propagated-inputs `(("r-rcpp" ,r-rcpp) @@ -2346,13 +2339,13 @@ disk (or a connection).") (define-public r-plotrix (package (name "r-plotrix") - (version "3.6-4") + (version "3.6-5") (source (origin (method url-fetch) (uri (cran-uri "plotrix" version)) (sha256 (base32 - "1wxzjnzvkl3aga51ad2xhv4s7v46kvnp4z0nz4cb9cn10057sfw8")))) + "01655y3qzy0283ppc85bi0g42g20zrqzcl0qb30cl6rcbflhymlb")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/plotrix") (synopsis "Various plotting functions") @@ -2405,13 +2398,13 @@ well as additional utilities such as panel and axis annotation functions.") (define-public r-rcpparmadillo (package (name "r-rcpparmadillo") - (version "0.7.800.2.0") + (version "0.7.900.2.0") (source (origin (method url-fetch) (uri (cran-uri "RcppArmadillo" version)) (sha256 (base32 - "025lh504nw7ir1f2xsqnvfkq9rg0rb2xzfn3a2s0b2a9snqdzzwr")))) + "01qsff2p1fp5i9lq7rsykrskgr6smz24ddspbl5ad9a8rkmczwyv")))) (properties `((upstream-name . "RcppArmadillo"))) (build-system r-build-system) (propagated-inputs @@ -2497,14 +2490,14 @@ certain criterion, e.g., it contains a certain regular file.") (define-public r-rmarkdown (package (name "r-rmarkdown") - (version "1.4") + (version "1.6") (source (origin (method url-fetch) (uri (cran-uri "rmarkdown" version)) (sha256 (base32 - "1dvs9cq88g61wfimifagq6y98yxavxzjan39jvpdsg98mafckq9g")))) + "0p8ph5z5pifk1nxc1bppkfs1ir5gjc6ap9n64b4255m2fdaqfrc7")))) (properties `((upstream-name . "rmarkdown"))) (build-system r-build-system) (propagated-inputs @@ -2567,36 +2560,55 @@ variety of formats.") and draw tables.") (license license:gpl2+))) -(define-public r-plogr +(define-public r-pkgconfig (package - (name "r-plogr") - (version "0.1-1") - (source - (origin - (method url-fetch) - (uri (cran-uri "plogr" version)) - (sha256 - (base32 - "13zliqlbkl8b04k9ga0sx5jsh7k867gracgl84l2a9kcqy9mqx92")))) + (name "r-pkgconfig") + (version "2.0.1") + (source (origin + (method url-fetch) + (uri (cran-uri "pkgconfig" version)) + (sha256 + (base32 + "0h2sp93fqqjbfqgq82a3i94ybnndx6ghaal8pbf99firnsjb40mb")))) (build-system r-build-system) - (home-page "https://github.com/krlmlr/plogr") - (synopsis "R bindings for the plog C++ logging library") - (description - "This package provides the header files for a stripped-down version of -the plog header-only C++ logging library, and a method to log to R's standard -error stream.") + (home-page "https://github.com/gaborcsardi/pkgconfig") + (synopsis "Private configuration for R packages") + (description "This package provides the functionality to set configuration +options on a per-package basis. Options set by a given package only apply to +that package, other packages are unaffected.") (license license:expat))) +(define-public r-blob + (package + (name "r-blob") + (version "1.1.0") + (source (origin + (method url-fetch) + (uri (cran-uri "blob" version)) + (sha256 + (base32 + "05pazzcyz3c3vd2l70zq9cf172cgjff4dnf419zigfnxycyn1mhn")))) + (build-system r-build-system) + (propagated-inputs + `(("r-tibble" ,r-tibble))) + (home-page "https://github.com/hadley/blob") + (synopsis "Simple S3 Class for representing vectors of binary data") + (description "Raw vectors in R are useful for storing a single binary +object. What if you want to put a vector of them in a data frame? The blob +package provides the blob object, a list of raw vectors, suitable for use as +a column in data frame.") + (license license:gpl3+))) + (define-public r-rsqlite (package (name "r-rsqlite") - (version "1.1-2") + (version "2.0") (source (origin (method url-fetch) (uri (cran-uri "RSQLite" version)) (sha256 (base32 - "0mg9yhdvny3vjn72agai5ghqxd3vk8cd4x1lsc0gzc2b2dm2w0p4")))) + "1xpg1i1jkzkzv44k512k90c2vvl960pl2d4a3spwcha6yclyc3vz")))) (properties `((upstream-name . "RSQLite"))) (build-system r-build-system) (propagated-inputs @@ -2604,13 +2616,16 @@ error stream.") ("r-bh" ,r-bh) ("r-memoise" ,r-memoise) ("r-plogr" ,r-plogr) - ("r-rcpp" ,r-rcpp))) + ("r-rcpp" ,r-rcpp) + ("r-bit64" ,r-bit64) + ("r-blob" ,r-blob) + ("r-pkgconfig" ,r-pkgconfig))) (home-page "https://github.com/rstats-db/RSQLite") (synopsis "SQLite interface for R") (description "This package embeds the SQLite database engine in R and provides an interface compliant with the DBI package. The source for the SQLite -engine (version 3.8.6) is included.") +engine (version 3.8.8.2) is included.") (license license:lgpl2.0+))) (define-public r-rcurl @@ -2647,13 +2662,13 @@ ldap, and also supports cookies, redirects, authentication, etc.") (define-public r-xml (package (name "r-xml") - (version "3.98-1.6") + (version "3.98-1.9") (source (origin (method url-fetch) (uri (cran-uri "XML" version)) (sha256 (base32 - "1amxx7fpik162nimrr7m5lvv6rhx9cwdyg44fxp1i5wm3y4skwnz")))) + "1hzkdkgs0nzmfg9wm7kyh1j9i0i2g7925whzlihqvg9grdlh3dx3")))) (properties `((upstream-name . "XML"))) (build-system r-build-system) @@ -2765,14 +2780,14 @@ statements.") (define-public r-segmented (package (name "r-segmented") - (version "0.5-1.4") + (version "0.5-2.1") (source (origin (method url-fetch) (uri (cran-uri "segmented" version)) (sha256 (base32 - "1740cvx2q4v23g4q0zkvg50s5bv8jcrlzzhm7fac4xn0riwmzp5i")))) + "1i576xksc761nyv2dmq86nwbgqvp0plz6bjcn69nkdwq2wbizmw8")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/segmented") (synopsis "Regression models with breakpoints estimation") @@ -2806,13 +2821,13 @@ worker processes and collect and return the results on the master.") (define-public r-sparsem (package (name "r-sparsem") - (version "1.76") + (version "1.77") (source (origin (method url-fetch) (uri (cran-uri "SparseM" version)) (sha256 (base32 - "16xnl9cacim35aawq6bmd2y6rrhnh1kg6dwsy3k5yslkfr1y9j62")))) + "0p6ljma2h12cq1xmy0cxb48ih8dhxxbnwkqzvx3cckxf2kprycm9")))) (properties `((upstream-name . "SparseM"))) (inputs @@ -2993,14 +3008,14 @@ flexible than the orphaned \"base64\" package.") (define-public r-irlba (package (name "r-irlba") - (version "2.1.2") + (version "2.2.1") (source (origin (method url-fetch) (uri (cran-uri "irlba" version)) (sha256 (base32 - "1qbcn0ix85pmk296jhpi419kvh06vxm5cq24yk013ps3g7fyi0si")))) + "0zfb7x1701n6gask0f8y2yq0vmb82xkxf6limp43ivx551hx600s")))) (build-system r-build-system) (propagated-inputs `(("r-matrix" ,r-matrix))) @@ -3015,14 +3030,14 @@ analysis of large sparse or dense matrices.") (define-public r-glmnet (package (name "r-glmnet") - (version "2.0-5") + (version "2.0-10") (source (origin (method url-fetch) (uri (cran-uri "glmnet" version)) (sha256 (base32 - "1cbpzmbv837fvq88rgn6mgzgr9f1wqp9fg8gh2kkmngvr1957a9c")))) + "07n2hz4fvjyv0siai8z8wqwfj8d58i8n1vzf1ckdfzp4kxa3z08d")))) (build-system r-build-system) (inputs `(("gfortran" ,gfortran))) @@ -3268,14 +3283,14 @@ performing parallel computations on multicore machines.") (define-public r-igraph (package (name "r-igraph") - (version "1.0.1") + (version "1.1.2") (source (origin (method url-fetch) (uri (cran-uri "igraph" version)) (sha256 (base32 - "00jnm8v3kvxpxav5klld2z2nnkcpj4sdwv4ksipddy5mp04ysr6w")))) + "1v26wyk52snh8z6m5p7yqwcd9dbqifhm57j112i9x53ppi0npcc9")))) (build-system r-build-system) (native-inputs `(("gfortran" ,gfortran))) @@ -3285,7 +3300,8 @@ performing parallel computations on multicore machines.") (propagated-inputs `(("r-irlba" ,r-irlba) ("r-magrittr" ,r-magrittr) - ("r-nmf" ,r-nmf))) + ("r-matrix" ,r-matrix) + ("r-pkgconfig" ,r-pkgconfig))) (home-page "http://igraph.org") (synopsis "Network analysis and visualization") (description @@ -3519,14 +3535,14 @@ the 'lite' version of the more complete @code{viridis} package.") (define-public r-tidyr (package (name "r-tidyr") - (version "0.6.1") + (version "0.6.3") (source (origin (method url-fetch) (uri (cran-uri "tidyr" version)) (sha256 (base32 - "11hs3gqpbaw3w281as4m7j9n594ix5axfpwbyjsd0l62pwnzj217")))) + "14s57zrjm2phiy600z9ivq4az71z0ggmp6nj0js7yrybxf0dlah6")))) (build-system r-build-system) (propagated-inputs `(("r-dplyr" ,r-dplyr) @@ -3575,21 +3591,19 @@ It uses and relies on grid graphics and formal (S4) classes and methods.") (define-public r-purrr (package (name "r-purrr") - (version "0.2.2") + (version "0.2.3") (source (origin (method url-fetch) (uri (cran-uri "purrr" version)) (sha256 (base32 - "0lss8q733nv7s154wargm6vnxq55qygnxakib8xdj4jv0y86sxc3")))) + "0j1y0nbvljcis9hgic4wbbzslcsidhpw0wzs7d2hx7a2ygi6mkma")))) (build-system r-build-system) (propagated-inputs - `(("r-bh" ,r-bh) - ("r-dplyr" ,r-dplyr) - ("r-lazyeval" ,r-lazyeval) + `(("r-tibble" ,r-tibble) ("r-magrittr" ,r-magrittr) - ("r-rcpp" ,r-rcpp))) + ("r-rlang" ,r-rlang))) (home-page "https://github.com/hadley/purrr") (synopsis "Functional programming tools") (description @@ -3600,26 +3614,30 @@ features present in other programming languages.") (define-public r-plotly (package (name "r-plotly") - (version "4.5.6") + (version "4.7.1") (source (origin (method url-fetch) (uri (cran-uri "plotly" version)) (sha256 (base32 - "09yw977yxlcxv57kni3q899zrxyxa6pznr06cylr9lqkyr7llfhx")))) + "0wj9lw7w28z8w9ip9vadv6sydjhqyg65kfiai9m3bndzz50b1m3w")))) (build-system r-build-system) (propagated-inputs `(("r-base64enc" ,r-base64enc) + ("r-crosstalk" ,r-crosstalk) ("r-digest" ,r-digest) + ("r-data-table" ,r-data-table) ("r-dplyr" ,r-dplyr) ("r-ggplot2" ,r-ggplot2) ("r-hexbin" ,r-hexbin) + ("r-htmltools" ,r-htmltools) ("r-htmlwidgets" ,r-htmlwidgets) ("r-httr" ,r-httr) ("r-jsonlite" ,r-jsonlite) ("r-lazyeval" ,r-lazyeval) ("r-magrittr" ,r-magrittr) ("r-purrr" ,r-purrr) + ("r-rcolorbrewer" ,r-rcolorbrewer) ("r-scales" ,r-scales) ("r-tibble" ,r-tibble) ("r-tidyr" ,r-tidyr) @@ -3701,14 +3719,14 @@ character vector.") (define-public r-googlesheets (package (name "r-googlesheets") - (version "0.2.1") + (version "0.2.2") (source (origin (method url-fetch) (uri (cran-uri "googlesheets" version)) (sha256 (base32 - "0ps13h1cv7fj5dh8s4nvwi64wnnyqdsadcaa4iizq1c5s615cwk3")))) + "18q0xmxn09b52rmky7gr5flp0awndcnsgb7zcvkzvkrkvmwad52b")))) (build-system r-build-system) (propagated-inputs `(("r-cellranger" ,r-cellranger) @@ -3795,21 +3813,20 @@ package instead.") (define-public r-hmisc (package (name "r-hmisc") - (version "4.0-2") + (version "4.0-3") (source (origin (method url-fetch) (uri (cran-uri "Hmisc" version)) (sha256 (base32 - "1lg9k0kj803wsm3h0a991q9l2lrgsqryzfv2z79b88kjbfapqpqr")))) + "1a7i7azag6pldgala85d8hh7wnx1shamyiriy4jfc65nxrr2lq8w")))) (properties `((upstream-name . "Hmisc"))) (build-system r-build-system) (native-inputs `(("gfortran" ,gfortran))) (propagated-inputs `(("r-acepack" ,r-acepack) - ("r-base64" ,r-base64) ("r-base64enc" ,r-base64enc) ("r-cluster" ,r-cluster) ("r-data-table" ,r-data-table) @@ -3926,14 +3943,14 @@ existing packages provide.") (define-public r-sfsmisc (package (name "r-sfsmisc") - (version "1.1-0") + (version "1.1-1") (source (origin (method url-fetch) (uri (cran-uri "sfsmisc" version)) (sha256 (base32 - "0580piv4n1nispl3pa8nfjjfnb8iwaqky2dzdy0aqnxrxgrhqhvz")))) + "0jzmbywlyzfxs7hlmyd0iynghfc9qp5sa5lnhr73y8r360yv1ahf")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/sfsmisc") (synopsis "Utilities from \"Seminar fuer Statistik\" ETH Zurich") @@ -3967,14 +3984,14 @@ tests for whether a value is missing, empty or contains only @code{NA} and (define-public r-gdata (package (name "r-gdata") - (version "2.17.0") + (version "2.18.0") (source (origin (method url-fetch) (uri (cran-uri "gdata" version)) (sha256 (base32 - "0kiy3jbcszlpmarg311spdsfi5pn89wgy742dxsbzxk8907fr5w0")))) + "0zwdj7lscgxr8r62ii8hbdh4mb7sa9w4f5nv32zzrxdvymcpya2b")))) (build-system r-build-system) (inputs `(("perl" ,perl))) @@ -4248,13 +4265,13 @@ Wall Street Journal, among others. This package also provides (define-public r-statmod (package (name "r-statmod") - (version "1.4.29") + (version "1.4.30") (source (origin (method url-fetch) (uri (cran-uri "statmod" version)) (sha256 (base32 - "1fgzkwriba39d7946lq892f0si2fjdy37pvxki6ix8xyj8qgnci4")))) + "07v4x8af60alcw6vbiwf5fp25bhra61kvxz9kqx64lszm0i1fb4x")))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/statmod") (native-inputs @@ -4274,13 +4291,13 @@ dispersion modeling and Tweedie power-law families.") (define-public r-rann (package (name "r-rann") - (version "2.5") + (version "2.5.1") (source (origin (method url-fetch) (uri (cran-uri "RANN" version)) (sha256 (base32 - "007cgqg9bybg2zlljbv5m6cmlm3r6i251018rpgjcn0xnm9sjsj7")))) + "0il5i99vbcagnxvb15af5n37g04a4q1x96bz73zh3jhki9fpw9vm")))) (properties `((upstream-name . "RANN"))) (build-system r-build-system) @@ -4343,14 +4360,14 @@ Farebrother's algorithm or Liu et al.'s algorithm.") (define-public r-cowplot (package (name "r-cowplot") - (version "0.7.0") + (version "0.8.0") (source (origin (method url-fetch) (uri (cran-uri "cowplot" version)) (sha256 (base32 - "03iimcsh1pk7iqzjdlfcj43b8khijdk4hg00j4jdllv19xsfb0hx")))) + "03bh0r6ynr95gk4lc8asfi3kpmskm59vfzwn417pdziha3igs5x6")))) (build-system r-build-system) (propagated-inputs `(("r-ggplot2" ,r-ggplot2) @@ -4416,14 +4433,14 @@ regression.") (define-public r-fastica (package (name "r-fastica") - (version "1.2-0") + (version "1.2-1") (source (origin (method url-fetch) (uri (cran-uri "fastICA" version)) (sha256 (base32 - "0ykk78fsk5da2g16i4wji85bvji7nayjvkfp07hyaxq9d15jmf0r")))) + "108z2ymby5y4h8l4l2krqwm28rya93gq09yylgilnm3afvfrfabg")))) (properties `((upstream-name . "fastICA"))) (build-system r-build-system) (home-page "http://cran.r-project.org/web/packages/fastICA") @@ -4499,14 +4516,14 @@ to change in the future.") (define-public r-flexmix (package (name "r-flexmix") - (version "2.3-13") + (version "2.3-14") (source (origin (method url-fetch) (uri (cran-uri "flexmix" version)) (sha256 (base32 - "1i205yw3kkxs27gqcs6zx0c2mh16p332a2p06wq6fdzb20bazg3z")))) + "0sl4zxh1sb2sr5q7svjw9ihrm219jzn82yrc9d43q6r1b8bpyz43")))) (build-system r-build-system) (propagated-inputs `(("r-lattice" ,r-lattice) @@ -4525,14 +4542,14 @@ models, generalized linear models and model-based clustering.") (define-public r-mclust (package (name "r-mclust") - (version "5.2.3") + (version "5.3") (source (origin (method url-fetch) (uri (cran-uri "mclust" version)) (sha256 (base32 - "0045msdw1xndfmlylbnm1ss716iiqzqwj454a97gmcq5kph86qzz")))) + "0h5syvpg3azrz5d10z2afilaa27jb4azi38idzlv05mfcs16s6rb")))) (build-system r-build-system) (native-inputs `(("gfortran" ,gfortran))) @@ -4672,14 +4689,14 @@ groupings.") (define-public r-vgam (package (name "r-vgam") - (version "1.0-3") + (version "1.0-4") (source (origin (method url-fetch) (uri (cran-uri "VGAM" version)) (sha256 (base32 - "0wr6szcpj8r4a1rlzgd6iym7khin69fmvxcf37iyvs8mms86dfr3")))) + "0r59hyp3afmvms890b3v2yyckf8v0qkjf2w11rnqd2zgg1gri0g5")))) (properties `((upstream-name . "VGAM"))) (build-system r-build-system) (inputs @@ -4697,14 +4714,14 @@ VGLMs can be loosely thought of as multivariate generalised linear models.") (define-public r-pbapply (package (name "r-pbapply") - (version "1.3-2") + (version "1.3-3") (source (origin (method url-fetch) (uri (cran-uri "pbapply" version)) (sha256 (base32 - "1sdmjlnwxb99f95g5v8k8mirrkzw99yig377v0qi9lzwjgd6fqqr")))) + "0iqhymf65jffh00qf056h1p76xf92bfmij6aymlmgnvn24fv4ybk")))) (build-system r-build-system) (home-page "https://github.com/psolymos/pbapply") (synopsis "Adding progress bar to apply functions") @@ -4761,14 +4778,14 @@ based on an interface to Fortran implementations by M. J. D. Powell.") (define-public r-rcppeigen (package (name "r-rcppeigen") - (version "0.3.2.9.1") + (version "0.3.3.3.0") (source (origin (method url-fetch) (uri (cran-uri "RcppEigen" version)) (sha256 (base32 - "1ih940yjbc530cmpl6kx1jic7pz2ps1w5vrvy32qizh6m5s3lk7x")))) + "0zz9v0f8nnlvhhqv91lkyfblvjnmav84l89mr6vmbqjc2hzqd3n8")))) (properties `((upstream-name . "RcppEigen"))) (build-system r-build-system) (propagated-inputs @@ -4939,14 +4956,14 @@ bootstrap test for generalized linear mixed models.") (define-public r-car (package (name "r-car") - (version "2.1-4") + (version "2.1-5") (source (origin (method url-fetch) (uri (cran-uri "car" version)) (sha256 (base32 - "0a6v7rsd1xsdyapnfqy37m7c4kx9wslkzsizc9k0lmnba0bwyfgx")))) + "1bm0ks9ga60z3izgq0d4kvirr9v4yf1820d1wznkihnbb55bc3m6")))) (build-system r-build-system) (propagated-inputs `(("r-mass" ,r-mass) @@ -5083,14 +5100,14 @@ multivariate case.") (define-public r-tclust (package (name "r-tclust") - (version "1.2-3") + (version "1.2-7") (source (origin (method url-fetch) (uri (cran-uri "tclust" version)) (sha256 (base32 - "0a1b7yp4l9wf6ic5czizyl2cnxrc1virj0icr8i6m1vv23jd8jfp")))) + "1mvqr280c6kwpg98byd0r1y0qf238xn2x15y8npqch6lpcszlb3x")))) (build-system r-build-system) (propagated-inputs `(("r-cluster" ,r-cluster) @@ -5108,17 +5125,19 @@ diagnostic tools (@code{ctlcurves} and @code{DiscrFact}).") (define-public r-ranger (package (name "r-ranger") - (version "0.7.0") + (version "0.8.0") (source (origin (method url-fetch) (uri (cran-uri "ranger" version)) (sha256 (base32 - "0g1rnpk4c06lmy0r5n0j7i2xna190kqalmxp42d9gnk3drnb1x43")))) + "1fdbm879wx3hlng8s4c4f8f2x5yxz57llakcqnpa0lymybidw3vz")))) (build-system r-build-system) (propagated-inputs - `(("r-rcpp" ,r-rcpp))) + `(("r-rcpp" ,r-rcpp) + ("r-matrix" ,r-matrix) + ("r-rcppeigen" ,r-rcppeigen))) (home-page "https://github.com/imbs-hl/ranger") (synopsis "Fast implementation of random forests") (description diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 7ee341e99b..9d3e9d9e97 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -486,13 +486,13 @@ netcat implementation that supports TLS.") (package (name "python-acme") ;; Remember to update the hash of certbot when updating python-acme. - (version "0.16.0") + (version "0.17.0") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) (sha256 (base32 - "1kg9bnwywsr18hgvqyhxqqi90l2qa7449f41q3fdq2y59h9nk2sk")))) + "0vmnv7qhdhl9qhq03v6zrcj1lsmpmpjb94s0xsc7piwqxfmf9jrw")))) (build-system python-build-system) (arguments `(#:phases @@ -543,7 +543,7 @@ netcat implementation that supports TLS.") (uri (pypi-uri name version)) (sha256 (base32 - "11p1vsps5rbpha3k5jnmf9i6rcp6299h9b34wdh21cq6dgyh2n3r")))) + "173619jkq4bg88f6i837z3pcjkrfabrvv8vrpyx18k9i7xnb5xa3")))) (build-system python-build-system) (arguments `(,@(substitute-keyword-arguments (package-arguments python-acme) diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index 1d5a1f1612..64acb44490 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -44,14 +44,14 @@ (define-public tor (package (name "tor") - (version "0.3.0.9") + (version "0.3.0.10") (source (origin (method url-fetch) (uri (string-append "https://dist.torproject.org/tor-" version ".tar.gz")) (sha256 (base32 - "0hhyb1wil8japynqnm07r1f67w3wdnafdg9amzlrrcfcyq5qim28")))) + "1cas30wk4bhcivi6l9dj7wwlz6pc2jj883x1vijax3b8l54nx3ls")))) (build-system gnu-build-system) (arguments `(#:configure-flags (list "--enable-gcc-hardening" diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm index 9274a93f6a..729746aed3 100644 --- a/gnu/packages/version-control.scm +++ b/gnu/packages/version-control.scm @@ -15,6 +15,7 @@ ;;; Copyright © 2017 Vasile Dumitrascu ;;; Copyright © 2017 Clément Lassieur ;;; Copyright © 2017 André +;;; Copyright © 2017 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -120,14 +121,14 @@ as well as the classic centralized workflow.") (define-public git (package (name "git") - (version "2.13.4") + (version "2.14.0") (source (origin (method url-fetch) (uri (string-append "mirror://kernel.org/software/scm/git/git-" version ".tar.xz")) (sha256 (base32 - "1nmg0n9l5ix876iqhcyhdnmiy7ihv0ybdijf1lssch6ja8m5j6ip")))) + "0xarcp0m7jbncic0g3ahz8l2d6b27h0g9ndgrhy9abkx61m6wgpr")))) (build-system gnu-build-system) (native-inputs `(("native-perl" ,perl) @@ -140,7 +141,7 @@ as well as the classic centralized workflow.") version ".tar.xz")) (sha256 (base32 - "0ljxkfi7ski9bgpdb8xpikl1xgjjk7bdzmzzkbj93jybk6iajkv7")))))) + "0kc2n6b1lrbr0wc8lk3xnrljn4fgzgab82icv658gdvyl9l3qrbx")))))) (inputs `(("curl" ,curl) ("expat" ,expat) @@ -176,7 +177,6 @@ as well as the classic centralized workflow.") ;; nars; see . "NO_INSTALL_HARDLINKS=indeed") #:test-target "test" - #:tests? #f ; FIXME: Many tests are failing ;; The explicit --with-tcltk forces the build system to hardcode the ;; absolute file name to 'wish'. @@ -203,6 +203,37 @@ as well as the classic centralized workflow.") ;; Add the "PM.stamp" to avoid "no rule to make target". (call-with-output-file "perl/PM.stamp" (const #t)) #t)) + (add-before 'check 'patch-tests + (lambda _ + ;; These files contain some funny bytes that Guile is unable + ;; to decode for shebang patching. Just delete them. + (for-each delete-file '("t/t4201-shortlog.sh" + "t/t7813-grep-icase-iso.sh")) + ;; Many tests contain inline shell scripts (hooks etc). + (substitute* (find-files "t" "\\.sh$") + (("#!/bin/sh") (string-append "#!" (which "sh")))) + ;; Un-do shebang patching here to prevent checksum mismatch. + (substitute* '("t/t4034/perl/pre" "t/t4034/perl/post") + (("^#!.*/bin/perl") "#!/usr/bin/perl")) + (substitute* "t/t5003-archive-zip.sh" + (("cp /bin/sh") (string-append "cp " (which "sh")))) + (substitute* "t/t6030-bisect-porcelain.sh" + (("\"/bin/sh\"") (string-append "\"" (which "sh") "\""))) + ;; FIXME: This test runs `git commit` with a bogus EDITOR + ;; and empty commit message, but does not fail the way it's + ;; expected to. The test passes when invoked interactively. + (substitute* "t/t7508-status.sh" + (("\tcommit_template_commented") "\ttrue")) + ;; More checksum mismatches due to odd shebangs. + (substitute* "t/t9100-git-svn-basic.sh" + (("\"#!/gnu.*/bin/sh") "\"#!/bin/sh")) + (substitute* "t/t9300-fast-import.sh" + (("\t#!/gnu.*/bin/sh") "\t#!/bin/sh") + (("'#!/gnu.*/bin/sh") "'#!/bin/sh")) + ;; FIXME: Some hooks fail with "basename: command not found". + ;; See 't/trash directory.t9164.../svn-hook.log'. + (delete-file "t/t9164-git-svn-dcommit-concurrent.sh") + #t)) (add-after 'install 'install-shell-completion (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 0a551c74f4..1152cdf0a0 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -1121,7 +1121,7 @@ access to mpv's powerful playback capabilities.") (define-public youtube-dl (package (name "youtube-dl") - (version "2017.07.23") + (version "2017.07.30.1") (source (origin (method url-fetch) (uri (string-append "https://yt-dl.org/downloads/" @@ -1129,7 +1129,7 @@ access to mpv's powerful playback capabilities.") version ".tar.gz")) (sha256 (base32 - "0h8jim7qx7b97wg7s8izz3and1xp70b9clqwpxl33xls9linh04m")))) + "1m1n5d06xh8hnild6kssiv9yaq2sm7vy0c8h506v3nff7i9wf0a7")))) (build-system python-build-system) (arguments ;; The problem here is that the directory for the man page and completion diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm index 0ac76a72d9..628396e52c 100644 --- a/gnu/packages/virtualization.scm +++ b/gnu/packages/virtualization.scm @@ -317,14 +317,14 @@ manage system or application containers.") (define-public libvirt (package (name "libvirt") - (version "3.5.0") + (version "3.6.0") (source (origin (method url-fetch) - (uri (string-append "http://libvirt.org/sources/libvirt-" + (uri (string-append "https://libvirt.org/sources/libvirt-" version ".tar.xz")) (sha256 (base32 - "05mm4xdw6g960rwvc9189nhxpm1vrilnmpl4h4m1lha11pivlqr9")))) + "0gcyql5dp6j370kvik9hjhxirrg89m7l1q52yq0g75h7jpv9fb1s")))) (build-system gnu-build-system) (arguments `(;; FAIL: virshtest @@ -334,7 +334,7 @@ manage system or application containers.") ;; FAIL: networkxml2firewalltest ;; FAIL: nwfilterebiptablestest ;; FAIL: nwfilterxml2firewalltest - ;; Times out after PASS: virsh-vcpupin + ;; Times while running commandest. #:tests? #f #:configure-flags (list "--with-polkit" @@ -381,7 +381,7 @@ manage system or application containers.") ("iptables" ,iptables))) (native-inputs `(("pkg-config" ,pkg-config))) - (home-page "http://libvirt.org") + (home-page "https://libvirt.org") (synopsis "Simple API for virtualization") (description "Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux. The library aims at providing long diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm index aec8c1807d..61ebf0d5fa 100644 --- a/gnu/packages/vpn.scm +++ b/gnu/packages/vpn.scm @@ -239,14 +239,14 @@ DNS domain name queries.") (define-public sshoot (package (name "sshoot") - (version "1.2.5") + (version "1.2.6") (source (origin (method url-fetch) (uri (pypi-uri name version)) (sha256 (base32 - "0a92lk8790dpp9j64vb6p4sazax0x3nby01lnfll7mxs1hx6n27q")))) + "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0")))) (build-system python-build-system) (arguments '(#:phases @@ -265,7 +265,7 @@ DNS domain name queries.") `(("python-fixtures" ,python-fixtures) ("python-pbr" ,python-pbr) ("python-testtools" ,python-testtools))) - (home-page "https://bitbucket.org/ack/sshoot") + (home-page "https://github.com/albertodonato/sshoot") (synopsis "sshuttle VPN session manager") (description "sshoot provides a command-line interface to manage multiple @command{sshuttle} virtual private networks. It supports flexible profiles diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index 096d05c167..54fd410df7 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -54,6 +54,7 @@ #:use-module (gnu packages) #:use-module (gnu packages apr) #:use-module (gnu packages check) + #:use-module (gnu packages cran) #:use-module (gnu packages documentation) #:use-module (gnu packages docbook) #:use-module (gnu packages autotools) @@ -72,6 +73,7 @@ #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gperf) #:use-module (gnu packages gtk) + #:use-module (gnu packages javascript) #:use-module (gnu packages image) #:use-module (gnu packages libidn) #:use-module (gnu packages libunistring) @@ -3380,13 +3382,13 @@ CDF, Atom 0.3, and Atom 1.0 feeds.") (define-public r-httpuv (package (name "r-httpuv") - (version "1.3.3") + (version "1.3.5") (source (origin (method url-fetch) (uri (cran-uri "httpuv" version)) (sha256 (base32 - "0aibs0hf38n8f6xxx4g2i2lzd6l5h92m5pscx2z834sdvhnladxv")))) + "1sg4f223zfyd265b28rlhsn3b6mqflcpnmya98cjmjncmy9vjdj3")))) (build-system r-build-system) (native-inputs `(("r-rcpp" ,r-rcpp))) (home-page "https://github.com/rstudio/httpuv") @@ -3404,13 +3406,13 @@ particularly easy to create complete web applications using httpuv alone.") (define-public r-jsonlite (package (name "r-jsonlite") - (version "1.4") + (version "1.5") (source (origin (method url-fetch) (uri (cran-uri "jsonlite" version)) (sha256 (base32 - "11rgkjp5qir79niad0aizjxvjzyvkl6l9nsrv3ikv446vllmrasn")))) + "00lfg464jhf7k01bal9pcjvbdf5cxk6xi2h46hccp1x3h883g434")))) (build-system r-build-system) (home-page "http://arxiv.org/abs/1403.2805") (synopsis "Robust, high performance JSON parser and generator for R") @@ -3428,13 +3430,13 @@ in systems and applications.") (define-public r-servr (package (name "r-servr") - (version "0.5") + (version "0.6") (source (origin (method url-fetch) (uri (cran-uri "servr" version)) (sha256 (base32 - "1ixcl9xjc1k9zvl6v6bsw4kpramr1h53b4s46qg8kahkqy6kqd8a")))) + "0sqz3wssxa19g9mpmf9s4gx2a5rvzl8nrd11qkgpz5v3iqsc6ysr")))) (build-system r-build-system) (propagated-inputs `(("r-httpuv" ,r-httpuv) @@ -3453,13 +3455,13 @@ directory.") (define-public r-htmltools (package (name "r-htmltools") - (version "0.3.5") + (version "0.3.6") (source (origin (method url-fetch) (uri (cran-uri "htmltools" version)) (sha256 (base32 - "0j9bf80grd6gwh7116m575pycv87c0wcwkxsz3gzzfs4aw3pxyr9")))) + "18k8r1s8sz1jy7dkz35n69wj20xhmllr53xmwb4pdzf2z61gpbs4")))) (build-system r-build-system) (arguments `(#:phases @@ -3487,13 +3489,13 @@ directory.") (define-public r-htmlwidgets (package (name "r-htmlwidgets") - (version "0.8") + (version "0.9") (source (origin (method url-fetch) (uri (cran-uri "htmlwidgets" version)) (sha256 (base32 - "1df3pwl34rvdbr9sgr5h27q9bmqpckvpwq4frl3d1v614y3vfclj")))) + "0plqkfqys1ca3ki7sb7yc6gwjpi7yy4g3mzh7hfy8s6qri0vam0i")))) (build-system r-build-system) (propagated-inputs `(("r-htmltools" ,r-htmltools) @@ -3541,13 +3543,13 @@ LaTeX.") (define-public r-curl (package (name "r-curl") - (version "2.5") + (version "2.8.1") (source (origin (method url-fetch) (uri (cran-uri "curl" version)) (sha256 (base32 - "09p86i5f88gx1i7cidm1ka56g0jjkghqfam96p1jhwlh2fv6nrks")))) + "0dgfl7wn4r8inv55xnk4ybf1y2x4qmi4cbr6phr3lfi1dnjm4hsm")))) (build-system r-build-system) (arguments `(#:phases @@ -4781,3 +4783,133 @@ internetarchive python module for programatic access to archive.org.") (define-public python2-internetarchive (package-with-python2 (strip-python2-variant python-internetarchive))) + +(define-public r-shiny + (package + (name "r-shiny") + (version "1.0.3") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/rstudio/shiny/" + "archive/v" version ".tar.gz")) + (file-name (string-append name "-" version ".tar.gz")) + (sha256 + (base32 + "0z2v2s4hd44mvzjn7r70549kdzkrrch9nxhp27r6x2cy6micizm3")))) + (build-system r-build-system) + (arguments + `(#:modules ((guix build r-build-system) + (guix build minify-build-system) + (guix build utils) + (ice-9 match)) + #:imported-modules (,@%r-build-system-modules + (guix build minify-build-system)) + #:phases + (modify-phases (@ (guix build r-build-system) %standard-phases) + (add-after 'unpack 'replace-bundled-minified-JavaScript + (lambda* (#:key inputs #:allow-other-keys) + (let ((replace-file (lambda (old new) + (format #t "replacing ~a with ~a\n" old new) + (delete-file old) + (symlink new old)))) + ;; NOTE: Files in ./inst/www/shared/datepicker/js/locales/ + ;; contain just data. They are not minified code, so we don't + ;; replace them. + (with-directory-excursion "inst/www/shared" + (replace-file "bootstrap/shim/respond.min.js" + (string-append (assoc-ref inputs "js-respond") + "/share/javascript/respond.min.js")) + (replace-file "bootstrap/shim/html5shiv.min.js" + (string-append (assoc-ref inputs "js-html5shiv") + "/share/javascript/html5shiv.min.js")) + (replace-file "json2-min.js" + (string-append (assoc-ref inputs "js-json2") + "/share/javascript/json2.min.js")) + (replace-file "strftime/strftime-min.js" + (string-append (assoc-ref inputs "js-strftime") + "/share/javascript/strftime.min.js")) + (replace-file "highlight/highlight.pack.js" + (string-append (assoc-ref inputs "js-highlight") + "/share/javascript/highlight.min.js")) + (replace-file "datatables/js/jquery.dataTables.min.js" + (string-append (assoc-ref inputs "js-datatables") + "/share/javascript/jquery.dataTables.min.js")) + (replace-file "selectize/js/selectize.min.js" + (string-append (assoc-ref inputs "js-selectize") + "/share/javascript/selectize.min.js")) + (replace-file "selectize/js/es5-shim.min.js" + (string-append (assoc-ref inputs "js-es5-shim") + "/share/javascript/es5-shim.min.js")) + (for-each (match-lambda + ((source . target) + (delete-file target) + (minify source #:target target))) + '(("jqueryui/jquery-ui.js" . + "jqueryui/jquery-ui.min.js") + ("showdown/src/showdown.js" . + "showdown/compressed/showdown.js") + ("datepicker/js/bootstrap-datepicker.js" . + "datepicker/js/bootstrap-datepicker.min.js") + ("ionrangeslider/js/ion.rangeSlider.js" . + "ionrangeslider/js/ion.rangeSlider.min.js") + ("bootstrap/js/bootstrap.js" . + "bootstrap/js/bootstrap.min.js") + ("shiny.js" . + "shiny.min.js") + ("jquery.js" . + "jquery.min.js"))))) + #t))))) + (propagated-inputs + `(("r-httpuv" ,r-httpuv) + ("r-mime" ,r-mime) + ("r-jsonlite" ,r-jsonlite) + ("r-xtable" ,r-xtable) + ("r-digest" ,r-digest) + ("r-htmltools" ,r-htmltools) + ("r-r6" ,r-r6) + ("r-sourcetools" ,r-sourcetools))) + (inputs + `(("js-datatables" ,js-datatables) + ("js-html5shiv" ,js-html5shiv) + ("js-json2" ,js-json2) + ("js-respond" ,js-respond) + ("js-selectize" ,js-selectize) + ("js-strftime" ,js-strftime) + ("js-highlight" ,js-highlight) + ("js-es5-shim" ,js-es5-shim))) + (home-page "http://shiny.rstudio.com") + (synopsis "Easy interactive web applications with R") + (description + "Makes it incredibly easy to build interactive web applications +with R. Automatic \"reactive\" binding between inputs and outputs and +extensive prebuilt widgets make it possible to build beautiful, +responsive, and powerful applications with minimal effort.") + (license l:artistic2.0))) + +(define-public r-crosstalk + (package + (name "r-crosstalk") + (version "1.0.0") + (source + (origin + (method url-fetch) + (uri (cran-uri "crosstalk" version)) + (sha256 + (base32 + "0lfa89vhrzi7a1rghmygcjr8gzddw35sinb3jx6g49mc9jias7mk")))) + (build-system r-build-system) + (propagated-inputs + `(("r-ggplot2" ,r-ggplot2) + ("r-htmltools" ,r-htmltools) + ("r-jsonlite" ,r-jsonlite) + ("r-lazyeval" ,r-lazyeval) + ("r-r6" ,r-r6) + ("r-shiny" ,r-shiny))) + (home-page "https://rstudio.github.io/crosstalk/") + (synopsis "Inter-widget interactivity for HTML widgets") + (description + "This package provides building blocks for allowing HTML widgets to +communicate with each other, with Shiny or without (i.e. static @code{.html} +files). It currently supports linked brushing and filtering.") + (license l:expat))) diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 90d29b0783..4494af0031 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -49,6 +49,7 @@ #:use-module (gnu packages admin) #:use-module (gnu bootloader) + #:use-module ((gnu bootloader grub) #:select (grub-mkrescue-bootloader)) #:use-module (gnu system shadow) #:use-module (gnu system pam) #:use-module (gnu system linux-initrd) @@ -369,6 +370,12 @@ to USB sticks meant to be read-only." #:volatile-root? #t rest))) + (bootloader (if (string=? "iso9660" file-system-type) + (bootloader-configuration + (inherit (operating-system-bootloader os)) + (bootloader grub-mkrescue-bootloader)) + (operating-system-bootloader os))) + ;; Force our own root file system. (file-systems (cons (file-system (mount-point "/") diff --git a/guix/build-system/minify.scm b/guix/build-system/minify.scm new file mode 100644 index 0000000000..af90a32f59 --- /dev/null +++ b/guix/build-system/minify.scm @@ -0,0 +1,127 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2017 Ricardo Wurmus +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix build-system minify) + #:use-module (guix store) + #:use-module (guix utils) + #:use-module (guix packages) + #:use-module (guix derivations) + #:use-module (guix search-paths) + #:use-module (guix build-system) + #:use-module (guix build-system gnu) + #:use-module (ice-9 match) + #:use-module (srfi srfi-26) + #:export (%minify-build-system-modules + minify-build + minify-build-system)) + +;; Commentary: +;; +;; Standard minification procedure for JavaScript files. +;; +;; Code: + +(define %minify-build-system-modules + ;; Build-side modules imported by default. + `((guix build minify-build-system) + (ice-9 popen) + ,@%gnu-build-system-modules)) + +(define (default-uglify-js) + "Return the default package to minify JavaScript source files." + ;; Lazily resolve the binding to avoid a circular dependency. + (let ((lisp-mod (resolve-interface '(gnu packages lisp)))) + (module-ref lisp-mod 'uglify-js))) + +(define* (lower name + #:key source inputs native-inputs outputs system + (uglify-js (default-uglify-js)) + #:allow-other-keys + #:rest arguments) + "Return a bag for NAME." + (define private-keywords + '(#:source #:target #:inputs #:native-inputs)) + + (bag + (name name) + (system system) + (host-inputs `(,@(if source + `(("source" ,source)) + '()) + ,@inputs + ,@(standard-packages))) + (build-inputs `(("uglify-js" ,uglify-js) + ,@native-inputs)) + (outputs outputs) + (build minify-build) + (arguments (strip-keyword-arguments private-keywords arguments)))) + +(define* (minify-build store name inputs + #:key + (javascript-files #f) + (phases '(@ (guix build minify-build-system) + %standard-phases)) + (outputs '("out")) + (system (%current-system)) + search-paths + (guile #f) + (imported-modules %minify-build-system-modules) + (modules '((guix build minify-build-system) + (guix build utils)))) + "Build SOURCE with INPUTS." + (define builder + `(begin + (use-modules ,@modules) + (minify-build #:name ,name + #:source ,(match (assoc-ref inputs "source") + (((? derivation? source)) + (derivation->output-path source)) + ((source) + source) + (source + source)) + #:javascript-files ,javascript-files + #:phases ,phases + #:outputs %outputs + #:search-paths ',(map search-path-specification->sexp + search-paths) + #:inputs %build-inputs))) + + (define guile-for-build + (match guile + ((? package?) + (package-derivation store guile system #:graft? #f)) + (#f ; the default + (let* ((distro (resolve-interface '(gnu packages commencement))) + (guile (module-ref distro 'guile-final))) + (package-derivation store guile system #:graft? #f))))) + + (build-expression->derivation store name builder + #:inputs inputs + #:system system + #:modules imported-modules + #:outputs outputs + #:guile-for-build guile-for-build)) + +(define minify-build-system + (build-system + (name 'minify) + (description "The trivial JavaScript minification build system") + (lower lower))) + +;;; minify.scm ends here diff --git a/guix/build/minify-build-system.scm b/guix/build/minify-build-system.scm new file mode 100644 index 0000000000..3580deda07 --- /dev/null +++ b/guix/build/minify-build-system.scm @@ -0,0 +1,73 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2016 Ricardo Wurmus +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (guix build minify-build-system) + #:use-module ((guix build gnu-build-system) #:prefix gnu:) + #:use-module ((guix build minify-build-system) #:prefix minify:) + #:use-module (guix build utils) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-26) + #:use-module (ice-9 popen) + #:export (%standard-phases + minify-build + minify)) + +;; Commentary: +;; +;; Builder-side code of the standard minification procedure for JavaScript +;; files. +;; +;; Code: + +(define* (minify file #:key target (directory "")) + (format #t "minifying ~a\n" file) + (let* ((base (basename file ".js")) + (installed (or target (string-append directory base ".min.js"))) + (minified (open-pipe* OPEN_READ "uglify-js" file))) + (call-with-output-file installed + (cut dump-port minified <>)) + #t)) + +(define* (build #:key javascript-files + #:allow-other-keys) + (let ((files (or javascript-files + (find-files "src" "\\.js$")))) + (mkdir-p "guix/build") + (every (cut minify <> #:directory "guix/build/") files))) + +(define* (install #:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (js (string-append out "/share/javascript/"))) + (mkdir-p js) + (for-each (cut install-file <> js) + (find-files "guix/build" "\\.min\\.js$"))) + #t) + +(define %standard-phases + (modify-phases gnu:%standard-phases + (delete 'configure) + (replace 'build build) + (delete 'check) + (replace 'install install))) + +(define* (minify-build #:key inputs (phases %standard-phases) + #:allow-other-keys #:rest args) + "Build the given JavaScript package, applying all of PHASES in order." + (apply gnu:gnu-build #:inputs inputs #:phases phases args)) + +;;; minify-build-system.scm ends here diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index 58b87d4df4..a1deec8040 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -27,6 +27,7 @@ #:use-module (guix derivations) #:use-module (guix download) #:use-module (guix gexp) + #:use-module (guix grafts) #:use-module (guix monads) #:use-module (guix scripts build) #:use-module ((guix build utils) @@ -41,6 +42,7 @@ #:use-module (gnu packages compression) #:use-module (gnu packages gnupg) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-11) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) #:use-module (srfi srfi-37) @@ -48,23 +50,39 @@ #:use-module (ice-9 match) #:export (guix-pull)) -(define %snapshot-url - ;; "http://hydra.gnu.org/job/guix/master/tarball/latest/download" - "https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz" - ) +(module-autoload! (resolve-module '(guix scripts pull)) + '(git) '(git-error? set-tls-certificate-locations!) + '(guix git) '(latest-repository-commit)) -(define-syntax-rule (with-environment-variable variable value body ...) - (let ((original (getenv variable))) - (dynamic-wind - (lambda () - (setenv variable value)) - (lambda () - body ...) - (lambda () - (setenv variable original))))) +(define (ensure-guile-git!) + ;; Previously Guile-Git was not a prerequisite. Thus, someone running 'guix + ;; pull' on an old installation may be lacking Guile-Git. To address this, + ;; we autoload things that depend on Guile-Git and check in the entry point + ;; whether Guile-Git is available. + ;; + ;; TODO: Remove this hack when Guile-Git is widespread or enforced. -(define-syntax-rule (with-PATH value body ...) - (with-environment-variable "PATH" value body ...)) + (unless (false-if-exception (resolve-interface '(git))) + (leave (G_ "Guile-Git is missing but it is now required by 'guix pull'. +Install it by running: + + guix package -i ~a + export GUILE_LOAD_PATH=$HOME/.guix-profile/share/guile/site/~a:$GUILE_LOAD_PATH + export GUILE_LOAD_COMPILED_PATH=$HOME/.guix-profile/lib/guile/~a/site-ccache:$GUILE_LOAD_COMPILED_PATH +\n") + (match (effective-version) + ("2.0" "guile2.0-git") + (_ "guile-git")) + (effective-version) + (effective-version))) + + ;; XXX: For unclear reasons this is needed for + ;; 'set-tls-certificate-locations!'. + (module-use! (resolve-module '(guix scripts pull)) + (resolve-interface '(git)))) + +(define %repository-url + "https://git.savannah.gnu.org/git/guix.git") ;;; @@ -73,7 +91,8 @@ (define %default-options ;; Alist of default option values. - `((tarball-url . ,%snapshot-url) + `((repository-url . ,%repository-url) + (ref . (branch . "origin/master")) (system . ,(%current-system)) (substitutes? . #t) (graft? . #t) @@ -86,7 +105,11 @@ Download and deploy the latest version of Guix.\n")) (display (G_ " --verbose produce verbose output")) (display (G_ " - --url=URL download the Guix tarball from URL")) + --url=URL download from the Git repository at URL")) + (display (G_ " + --commit=COMMIT download the specified COMMIT")) + (display (G_ " + --branch=BRANCH download the tip of the specified BRANCH")) (display (G_ " --bootstrap use the bootstrap Guile to build the new Guix")) (newline) @@ -105,8 +128,15 @@ Download and deploy the latest version of Guix.\n")) (alist-cons 'verbose? #t result))) (option '("url") #t #f (lambda (opt name arg result) - (alist-cons 'tarball-url arg - (alist-delete 'tarball-url result)))) + (alist-cons 'repository-url arg + (alist-delete 'repository-url result)))) + (option '("commit") #t #f + (lambda (opt name arg result) + (alist-cons 'ref `(commit . ,arg) result))) + (option '("branch") #t #f + (lambda (opt name arg result) + (alist-cons 'ref `(branch . ,(string-append "origin/" arg)) + result))) (option '(#\n "dry-run") #f #f (lambda (opt name arg result) (alist-cons 'dry-run? #t (alist-cons 'graft? #f result)))) @@ -129,81 +159,30 @@ Download and deploy the latest version of Guix.\n")) (define indirect-root-added (store-lift add-indirect-root)) -(define (temporary-directory) - "Make a temporary directory and return its name." - (let ((name (tmpnam))) - (mkdir name) - (chmod name #o700) - name)) - -(define (first-directory directory) - "Return a the name of the first file found under DIRECTORY." - (match (scandir directory - (lambda (name) - (and (not (member name '("." ".."))) - (file-is-directory? name)))) - ((directory) - directory) - (x - (raise (condition - (&message - (message "tarball did not produce a single source directory"))))))) - -(define (interned-then-deleted directory name) - "Add DIRECTORY to the store under NAME, and delete it. Return the resulting -store file name." - (mlet %store-monad ((result (interned-file directory name - #:recursive? #t))) - (delete-file-recursively directory) - (return result))) - -(define (unpack tarball) - "Return the name of the directory where TARBALL has been unpacked." - (mlet* %store-monad ((format -> (lift format %store-monad)) - (tar (package->derivation tar)) - (gzip (package->derivation gzip))) - (mbegin %store-monad - (what-to-build (list tar gzip)) - (built-derivations (list tar gzip)) - (format #t (G_ "unpacking '~a'...~%") tarball) - - (let ((source (temporary-directory))) - (with-directory-excursion source - (with-PATH (string-append (derivation->output-path gzip) "/bin") - (unless (zero? (system* (string-append (derivation->output-path tar) - "/bin/tar") - "xf" tarball)) - (raise (condition - (&message (message "failed to unpack source code")))))) - - (interned-then-deleted (string-append source "/" - (first-directory source)) - "guix-source")))))) - (define %self-build-file ;; The file containing code to build Guix. This serves the same purpose as ;; a makefile, and, similarly, is intended to always keep this name. "build-aux/build-self.scm") -(define* (build-from-source tarball #:key verbose?) - "Return a derivation to build Guix from TARBALL, using the self-build script -contained therein." +(define* (build-from-source source + #:key verbose? commit) + "Return a derivation to build Guix from SOURCE, using the self-build script +contained therein. Use COMMIT as the version string." ;; Running the self-build script makes it easier to update the build ;; procedure: the self-build script of the Guix-to-be-installed contains the ;; right dependencies, build procedure, etc., which the Guix-in-use may not ;; be know. - (mlet* %store-monad ((source (unpack tarball)) - (script -> (string-append source "/" - %self-build-file)) - (build -> (primitive-load script))) + (let* ((script (string-append source "/" %self-build-file)) + (build (primitive-load script))) ;; BUILD must be a monadic procedure of at least one argument: the source ;; tree. - (build source #:verbose? verbose?))) + (build source #:verbose? verbose? #:version commit))) -(define* (build-and-install tarball config-dir - #:key verbose?) - "Build the tool from TARBALL, and install it in CONFIG-DIR." - (mlet* %store-monad ((source (build-from-source tarball +(define* (build-and-install source config-dir + #:key verbose? commit) + "Build the tool from SOURCE, and install it in CONFIG-DIR." + (mlet* %store-monad ((source (build-from-source source + #:commit commit #:verbose? verbose?)) (source-dir -> (derivation->output-path source)) (to-do? (what-to-build (list source))) @@ -227,44 +206,87 @@ contained therein." (return #t)))) (leave (G_ "failed to update Guix, check the build log~%"))))) +(define (honor-lets-encrypt-certificates! store) + "Tell Guile-Git to use the Let's Encrypt certificates." + (let* ((drv (package-derivation store le-certs)) + (certs (string-append (derivation->output-path drv) + "/etc/ssl/certs"))) + (build-derivations store (list drv)) + + ;; In the past Guile-Git would not provide this procedure. + (if (module-defined? (resolve-interface '(git)) + 'set-tls-certificate-locations!) + (set-tls-certificate-locations! certs) + (begin + ;; In this case we end up using whichever certificates OpenSSL + ;; chooses to use: $SSL_CERT_FILE, $SSL_CERT_DIR, or /etc/ssl/certs. + (warning (G_ "cannot enforce use of the Let's Encrypt \ +certificates~%")) + (warning (G_ "please upgrade Guile-Git~%")))))) + +(define (report-git-error error) + "Report the given Guile-Git error." + ;; Prior to Guile-Git commit b6b2760c2fd6dfaa5c0fedb43eeaff06166b3134, + ;; errors would be represented by integers. + (match error + ((? integer? error) ;old Guile-Git + (leave (G_ "Git error ~a~%") error)) + ((? git-error? error) ;new Guile-Git + (leave (G_ "Git error: ~a~%") (git-error-message error))))) + +(define-syntax-rule (with-git-error-handling body ...) + (catch 'git-error + (lambda () + body ...) + (lambda (key err) + (report-git-error err)))) + (define (guix-pull . args) (define (use-le-certs? url) (string-prefix? "https://git.savannah.gnu.org/" url)) - (define (fetch-tarball store url) - (download-to-store store url "guix-latest.tar.gz")) - (with-error-handling - (let* ((opts (parse-command-line args %options - (list %default-options))) - (url (assoc-ref opts 'tarball-url))) - (unless (assoc-ref opts 'dry-run?) ;XXX: not very useful - (with-store store - (set-build-options-from-command-line store opts) - (let ((tarball - (if (use-le-certs? url) - (let* ((drv (package-derivation store le-certs)) - (certs (string-append (derivation->output-path drv) - "/etc/ssl/certs"))) - (build-derivations store (list drv)) - (parameterize ((%x509-certificate-directory certs)) - (fetch-tarball store url))) - (fetch-tarball store url)))) - (unless tarball - (leave (G_ "failed to download up-to-date source, exiting\n"))) - (parameterize ((%guile-for-build - (package-derivation store - (if (assoc-ref opts 'bootstrap?) - %bootstrap-guile - (canonical-package guile-2.0))))) - (run-with-store store - (build-and-install tarball (config-directory) - #:verbose? (assoc-ref opts 'verbose?)))))))))) + (with-git-error-handling + (let* ((opts (parse-command-line args %options + (list %default-options))) + (url (assoc-ref opts 'repository-url)) + (ref (assoc-ref opts 'ref)) + (cache (string-append (cache-directory) "/pull"))) + (ensure-guile-git!) -;; Local Variables: -;; eval: (put 'with-PATH 'scheme-indent-function 1) -;; eval: (put 'with-temporary-directory 'scheme-indent-function 1) -;; End: + (unless (assoc-ref opts 'dry-run?) ;XXX: not very useful + (with-store store + (parameterize ((%graft? (assoc-ref opts 'graft?))) + (set-build-options-from-command-line store opts) + + ;; For reproducibility, always refer to the LE certificates when we + ;; know we're talking to Savannah. + (when (use-le-certs? url) + (honor-lets-encrypt-certificates! store)) + + (format (current-error-port) + (G_ "Updating from Git repository at '~a'...~%") + url) + + (let-values (((checkout commit) + (latest-repository-commit store url + #:ref ref + #:cache-directory cache))) + + (format (current-error-port) + (G_ "Building from Git commit ~a...~%") + commit) + (parameterize ((%guile-for-build + (package-derivation + store + (if (assoc-ref opts 'bootstrap?) + %bootstrap-guile + (canonical-package guile-2.0))))) + (run-with-store store + (build-and-install checkout (config-directory) + #:commit commit + #:verbose? + (assoc-ref opts 'verbose?)))))))))))) ;;; pull.scm ends here diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc index a93095dd1e..693fa70c8d 100644 --- a/nix/libstore/build.cc +++ b/nix/libstore/build.cc @@ -26,7 +26,6 @@ #include #include #include -#include #include #include @@ -2009,11 +2008,11 @@ void DerivationGoal::startBuilder() char stack[32 * 1024]; int flags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | SIGCHLD; if (!fixedOutput) flags |= CLONE_NEWNET; - - /* Ensure proper alignment on the stack. On aarch64, it has to be 16 - bytes. */ - pid = clone(childEntry, (char *)(((uintptr_t)stack + 16) & ~0xf), - flags, this); +#ifdef __aarch64__ + pid = clone(childEntry, stack + sizeof(stack) - 16, flags, this); +#else + pid = clone(childEntry, stack + sizeof(stack) - 8, flags, this); +#endif if (pid == -1) throw SysError("cloning builder process"); } else