01/01: gnu: unzip: Fix CVE-2014-9636 and some other bugs.
mhw pushed a commit to branch core-updates in repository guix. commit 385ae063c9826baf00ae47d7689f23af52bce753 Author: Mark H Weaver m...@netris.org Date: Wed Jul 15 22:55:26 2015 -0400 gnu: unzip: Fix CVE-2014-9636 and some other bugs. * gnu/packages/patches/unzip-CVE-2014-9636.patch, gnu/packages/patches/unzip-allow-greater-hostver-values.patch, gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch, gnu/packages/patches/unzip-initialize-symlink-flag.patch, gnu/packages/patches/unzip-remove-build-date.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/zip.scm (unzip)[source]: Add patches. [arguments]: Use 'modify-phases'. Remove custom 'configure' phase; pass additional make-flags instead. Add custom 'build' phase that builds generic_gcc target; remove generic_gcc from make-flags. --- gnu-system.am |5 ++ gnu/packages/patches/unzip-CVE-2014-9636.patch | 41 .../unzip-allow-greater-hostver-values.patch | 16 .../unzip-increase-size-of-cfactorstr.patch| 18 + .../patches/unzip-initialize-symlink-flag.patch| 22 ++ gnu/packages/patches/unzip-remove-build-date.patch | 19 + gnu/packages/zip.scm | 36 ++--- 7 files changed, 142 insertions(+), 15 deletions(-) diff --git a/gnu-system.am b/gnu-system.am index c9c1d6e..d99a4e2 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -621,6 +621,11 @@ dist_patch_DATA = \ gnu/packages/patches/unzip-CVE-2014-8139.patch \ gnu/packages/patches/unzip-CVE-2014-8140.patch \ gnu/packages/patches/unzip-CVE-2014-8141.patch \ + gnu/packages/patches/unzip-CVE-2014-9636.patch \ + gnu/packages/patches/unzip-allow-greater-hostver-values.patch\ + gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch \ + gnu/packages/patches/unzip-initialize-symlink-flag.patch \ + gnu/packages/patches/unzip-remove-build-date.patch \ gnu/packages/patches/util-linux-tests.patch \ gnu/packages/patches/upower-builddir.patch \ gnu/packages/patches/valgrind-glibc-2.21.patch \ diff --git a/gnu/packages/patches/unzip-CVE-2014-9636.patch b/gnu/packages/patches/unzip-CVE-2014-9636.patch new file mode 100644 index 000..a38c3da --- /dev/null +++ b/gnu/packages/patches/unzip-CVE-2014-9636.patch @@ -0,0 +1,41 @@ +Copied from Debian. + +From: mancha mancha1 AT zoho DOT com +Date: Mon, 3 Nov 2014 +Subject: Info-ZIP UnZip buffer overflow +Bug-Debian: http://bugs.debian.org/776589 + +By carefully crafting a corrupt ZIP archive with extra fields that +purport to have compressed blocks larger than the corresponding +uncompressed blocks in STORED no-compression mode, an attacker can +trigger a heap overflow that can result in application crash or +possibly have other unspecified impact. + +This patch ensures that when extra fields use STORED mode, the +compressed and uncompressed block sizes match. + +--- a/extract.c b/extract.c +@@ -2228,6 +2228,7 @@ + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ush eb_compr_method; + + if (compr_offset 4)/* field is not compressed: */ + return PK_OK;/* do nothing and signal OK */ +@@ -2244,6 +2245,14 @@ + ((eb_ucsize 0L) (eb_size = (compr_offset + EB_CMPRHEADLEN + return IZ_EF_TRUNC; /* no/bad compressed data! */ + ++/* 2014-11-03 Michal Zalewski, SMS. ++ * For STORE method, compressed and uncompressed sizes must agree. ++ * http://www.info-zip.org/phpBB3/viewtopic.php?f=7t=450 ++ */ ++eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset)); ++if ((eb_compr_method == STORED) (eb_size - compr_offset != eb_ucsize)) ++return PK_ERR; ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || diff --git a/gnu/packages/patches/unzip-allow-greater-hostver-values.patch b/gnu/packages/patches/unzip-allow-greater-hostver-values.patch new file mode 100644 index 000..d98937f --- /dev/null +++ b/gnu/packages/patches/unzip-allow-greater-hostver-values.patch @@ -0,0 +1,16 @@ +Copied from Debian. + +From: Santiago Vila sanv...@debian.org +Subject: zipinfo.c: Do not crash when hostver byte is = 100 + +--- a/zipinfo.c b/zipinfo.c +@@ -2114,7 +2114,7 @@ + else + attribs[9] = (xattr UNX_ISVTX)? 'T' : '-'; /* T==undefined */ + +-sprintf(attribs[12], %u.%u, hostver/10, hostver%10); ++sprintf(attribs[11], %2u.%u, hostver/10, hostver%10); + break; + + } /* end switch (hostnum: external attributes format) */ diff --git a/gnu/packages/patches/unzip-increase-size-of-cfactorstr.patch
01/02: gnu: mplayer: Enable use of NEON on armhf.
mhw pushed a commit to branch core-updates in repository guix. commit 3a286b959401f8ea025c8985c4dd9e80bb53d575 Author: Mark H Weaver m...@netris.org Date: Fri Jul 10 14:54:30 2015 -0400 gnu: mplayer: Enable use of NEON on armhf. * gnu/packages/video.scm (mplayer)[arguments]: Remove --disable-neon from arguments passed to configure. --- gnu/packages/video.scm | 18 -- 1 files changed, 0 insertions(+), 18 deletions(-) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index 0af5a3e..9a0e959 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -658,7 +658,6 @@ treaming protocols.) (or (%current-target-system) (nix-system-gnu-triplet (%current-system))) - --disable-neon --disable-iwmmxt %standard-phases))) (home-page http://www.mplayerhq.hu/design7/news.html;) @@ -898,23 +897,6 @@ projects while introducing many more.) (zero? (system* ./configure --enable-shared --as=yasm - ,@(if (and (not (%current-target-system)) -(string-prefix? - armhf- - (%current-system))) - ;; When building on ARMv7, libvpx - ;; assumes that NEON will be - ;; available. On Guix, armhf - ;; does not require NEON, so we - ;; build for ARMv6 and -marm (since - ;; no thumb2 on ARMv6) to ensure - ;; compatibility with all ARMv7 - ;; cores we support. Based on - ;; the Debian libvpx package. - '(--target=armv6-linux-gcc - --extra-cflags=-marm - --enable-small) - '()) (string-append --prefix= out) %standard-phases) #:tests? #f)) ; no check target
02/02: gnu: qt: On armhf, enable use of NEON.
mhw pushed a commit to branch core-updates in repository guix. commit 84811c22ff144503785b4f70794a409021adc74b Author: Mark H Weaver m...@netris.org Date: Fri Jul 10 14:52:45 2015 -0400 gnu: qt: On armhf, enable use of NEON. * gnu/packages/qt.scm (qt-4)[arguments]: Remove -no-neon from arguments passed to configure. --- gnu/packages/qt.scm |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm index 340462d..313d639 100644 --- a/gnu/packages/qt.scm +++ b/gnu/packages/qt.scm @@ -297,8 +297,7 @@ developers using C++ or QML, a CSS JavaScript like language.) -no-ssse3 -no-sse4.1 -no-sse4.2 - -no-avx - -no-neon) + -no-avx) (add-after 'install 'move-doc (lambda* (#:key outputs #:allow-other-keys)
branch core-updates updated (46472ec - 84811c2)
mhw pushed a change to branch core-updates in repository guix. from 46472ec gnu: python: Set source file times to 1980 to fix test. new 3a286b9 gnu: mplayer: Enable use of NEON on armhf. new 84811c2 gnu: qt: On armhf, enable use of NEON. The 2 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: gnu/packages/qt.scm|3 +-- gnu/packages/video.scm | 18 -- 2 files changed, 1 insertions(+), 20 deletions(-)
branch core-updates updated (c09e6a5 - 46472ec)
mhw pushed a change to branch core-updates in repository guix. from c09e6a5 gnu: Build tarballs deterministically. new 46472ec gnu: python: Set source file times to 1980 to fix test. The 1 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: gnu/packages/python.scm | 50 +++ 1 files changed, 33 insertions(+), 17 deletions(-)
branch master updated (e03f6d5 - b76c415)
mhw pushed a change to branch master in repository guix. from e03f6d5 gnu: libpcap: Enable plain linux backend. new b76c415 gnu: icecat: Update to 31.8.0-gnu1. The 1 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: gnu-system.am | 17 +- gnu/packages/gnuzilla.scm | 21 +- .../patches/icecat-CVE-2015-2722-pt1.patch | 77 .../patches/icecat-CVE-2015-2722-pt2.patch | 73 .../patches/icecat-CVE-2015-2724-pt1.patch | 57 --- .../patches/icecat-CVE-2015-2724-pt2.patch | 391 .../patches/icecat-CVE-2015-2724-pt3.patch | 90 - .../patches/icecat-CVE-2015-2724-pt4.patch | 65 .../patches/icecat-CVE-2015-2728-pt1.patch | 95 - .../patches/icecat-CVE-2015-2728-pt2.patch | 27 -- .../patches/icecat-CVE-2015-2733-pt1.patch | 29 -- .../patches/icecat-CVE-2015-2733-pt2.patch | 31 -- gnu/packages/patches/icecat-CVE-2015-2735.patch| 86 - gnu/packages/patches/icecat-CVE-2015-2736.patch| 34 -- gnu/packages/patches/icecat-CVE-2015-2738.patch| 151 gnu/packages/patches/icecat-CVE-2015-2739.patch| 66 gnu/packages/patches/icecat-CVE-2015-2740.patch| 52 --- gnu/packages/patches/icecat-CVE-2015-2743.patch| 73 .../icecat-enable-acceleration-and-webgl.patch | 12 + 19 files changed, 16 insertions(+), 1431 deletions(-) delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2735.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2736.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2738.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2739.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2740.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2743.patch create mode 100644 gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch
01/01: Merge branch 'master' into core-updates
mhw pushed a commit to branch core-updates in repository guix. commit 35995769b516d228793940c5333ad522de992a6c Merge: c6f9098 e03f6d5 Author: Mark H Weaver m...@netris.org Date: Wed Jul 15 15:10:32 2015 -0400 Merge branch 'master' into core-updates Makefile.am |1 + doc/guix.texi | 38 +++- emacs/guix-emacs.el | 29 ++- emacs/guix-info.el | 17 +- emacs/guix-init.el.in |4 +- gnu-system.am |4 + gnu/build/file-systems.scm | 131 +++--- gnu/packages/admin.scm |3 +- gnu/packages/algebra.scm|2 +- gnu/packages/boost.scm |5 +- gnu/packages/ccache.scm | 12 +- gnu/packages/dunst.scm | 72 + gnu/packages/freedesktop.scm| 33 +++ gnu/packages/gcc.scm| 63 + gnu/packages/gnome.scm | 89 +++- gnu/packages/linux.scm |4 +- gnu/packages/music.scm |9 +- gnu/packages/ntp.scm| 27 ++- gnu/packages/patches/boost-mips-avoid-m32.patch | 15 + gnu/packages/polkit.scm |4 +- gnu/packages/pumpio.scm |6 +- gnu/packages/rc.scm | 72 + gnu/packages/skarnet.scm| 92 +++ gnu/packages/ssh.scm| 10 +- gnu/system/file-systems.scm | 59 - gnu/system/install.scm |2 +- guix/scripts/build.scm | 12 + guix/scripts/lint.scm |2 - guix/scripts/substitute.scm | 317 --- guix/store.scm |1 + guix/tests.scm | 11 +- tests/derivations.scm |9 +- tests/file-systems.scm | 46 tests/guix-daemon.sh| 12 +- tests/store.scm | 51 +++- tests/syscalls.scm |6 + 36 files changed, 1024 insertions(+), 246 deletions(-)
branch core-updates updated (c6f9098 - 3599576)
mhw pushed a change to branch core-updates in repository guix. from c6f9098 gnu: freetype: Update to 2.6. adds b62a3eb tests: Skip namespace-related tests when that feature is missing. adds 6870216 gnu: gnome-terminal: Move dconf to propagated-inputs. adds d43002f install: Add iproute2 to the installation image. adds 7741139 emacs: Find autoloads in guix.d subdirectories. adds a60cd28 gnu: ntp: Update to 4.2.8p3; use system libevent. adds e52ecc7 gnu: openssl: Update to 1.0.2d. adds f8facc1 install: Fix variable reference to iproute2 package. adds 087a4e9 gnu: openssh: Update to 6.9p1. adds c7bdc6b gnu: polkit: Update to 0.113. adds fd83aa0 gnu: pumpa: Update to 0.9.1. adds 4e2bd41 gnu: Add skalibs. adds e662d64 gnu: Add execline. adds 98b385d gnu: Add 'libstdc++-doc'. adds f0afb0c gnu: Add rhythmbox. adds 663d073 guix lint: Remove duplicated module lines. adds b57ec5f gnu: file-systems: Fix typo. adds e4e099f substitute: Remove unneeded conditionals. adds 074efd6 substitute: Pass the cache URL instead of cache objects. adds 895d1ed substitute: Store cached narinfo in cache-specific sub-directories. adds 24f5aaa substitute: Honor substitute-urls option passed by untrusted clients. adds f8a8e0f guix build: Add '--substitute-urls' client option. adds ef8f910 substitute: Improve functional decomposition. adds 31e0ed9 gnu: boost: Update to 1.58.0. adds 8d66267 gnu: boost: Patch to avoid -m32 flag on mips. adds 28dbc04 gnu: linux-libre: Update to 4.1.2. adds 0577ddc gnu: Add rc. adds 2de3cd8 file-systems: Use (guix build syscalls) at build time if needed. adds f868637 gnu: nss: Upgrade to 3.19.2. adds 0ec5ee9 file-systems: Implement partition lookup by UUID. adds 661a1d7 file-systems: Allow users to specify file system UUIDs as strings. adds 60a5617 gnu: Add libxdg-basedir. adds b0ded08 gnu: Add dunst. adds dbe422a emacs: Fill package heading in Info buffers. adds 107db20 gnu: ccache: Update to 3.2.2. adds fc3cbc6 gnu: eigen: Use parallel-job-count. adds b42d450 gnu: setbfree: Disable unsupported optimizations on non-x86. adds e03f6d5 gnu: libpcap: Enable plain linux backend. new 3599576 Merge branch 'master' into core-updates The 1 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: Makefile.am |1 + doc/guix.texi | 38 +++- emacs/guix-emacs.el | 29 ++- emacs/guix-info.el | 17 +- emacs/guix-init.el.in |4 +- gnu-system.am |4 + gnu/build/file-systems.scm | 131 +++--- gnu/packages/admin.scm |3 +- gnu/packages/algebra.scm|2 +- gnu/packages/boost.scm |5 +- gnu/packages/ccache.scm | 12 +- gnu/packages/dunst.scm | 72 + gnu/packages/freedesktop.scm| 33 +++ gnu/packages/gcc.scm| 63 + gnu/packages/gnome.scm | 89 +++- gnu/packages/linux.scm |4 +- gnu/packages/music.scm |9 +- gnu/packages/ntp.scm| 27 ++- gnu/packages/patches/boost-mips-avoid-m32.patch | 15 + gnu/packages/polkit.scm |4 +- gnu/packages/pumpio.scm |6 +- gnu/packages/rc.scm | 72 + gnu/packages/skarnet.scm| 92 +++ gnu/packages/ssh.scm| 10 +- gnu/system/file-systems.scm | 59 - gnu/system/install.scm |2 +- guix/scripts/build.scm | 12 + guix/scripts/lint.scm |2 - guix/scripts/substitute.scm | 317 --- guix/store.scm |1 + guix/tests.scm | 11 +- tests/derivations.scm |9 +- tests/{sets.scm = file-systems.scm}| 50 ++-- tests/guix-daemon.sh| 12 +- tests/store.scm | 51 +++- tests/syscalls.scm |6 + 36 files changed, 1000 insertions(+), 274
01/02: gnu: libgnome: Move popt to propagated-inputs.
mhw pushed a commit to branch core-updates in repository guix. commit 25338e9f2f932628be221ae4a4e43c9392f4757d Author: Mark H Weaver m...@netris.org Date: Wed Jul 15 15:03:56 2015 -0400 gnu: libgnome: Move popt to propagated-inputs. * gnu/packages/gnome.scm (libgnome)[inputs]: Move popt to ... [propagated-inputs]: ... here. --- gnu/packages/gnome.scm |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 597b53e..36ba382 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -1086,8 +1086,8 @@ to access local and remote files with a single consistent API.) (substitute* libgnome/Makefile.in ((-DG_DISABLE_DEPRECATED) -DGLIB_DISABLE_DEPRECATION_WARNINGS))) %standard-phases))) -(inputs `((popt ,popt) - (libxml2 ,libxml2))) +(propagated-inputs `((popt ,popt))) ; gnome-program.h includes popt.h +(inputs `((libxml2 ,libxml2))) (native-inputs `((glib ,glib bin) ; for glib-mkenums, etc. (intltool ,intltool)
branch core-updates updated (84811c2 - c6f9098)
mhw pushed a change to branch core-updates in repository guix. from 84811c2 gnu: qt: On armhf, enable use of NEON. new 25338e9 gnu: libgnome: Move popt to propagated-inputs. new c6f9098 gnu: freetype: Update to 2.6. The 2 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: gnu/packages/fontutils.scm |4 ++-- gnu/packages/gnome.scm |4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)
02/02: gnu: freetype: Update to 2.6.
mhw pushed a commit to branch core-updates in repository guix. commit c6f909809aecb225b66dc27e4afd3ff46ec31a38 Author: Mark H Weaver m...@netris.org Date: Wed Jul 15 15:08:47 2015 -0400 gnu: freetype: Update to 2.6. * gnu/packages/fontutils.scm (freetype): Update to 2.6. --- gnu/packages/fontutils.scm |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index c04f24b..5953caa 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -40,13 +40,13 @@ (define-public freetype (package (name freetype) - (version 2.5.5) + (version 2.6) (source (origin (method url-fetch) (uri (string-append mirror://savannah/freetype/freetype- version .tar.bz2)) (sha256 (base32 - 1fdgl7js99xv1yy5zx1ravmqd0jxlnqpv7zcl954h4hbg15wqyrq + 0zilx15fwcpa8hmcxpc423jwb8ijw4qpq968kh18akvn4j0znsc4 (build-system gnu-build-system) (arguments `(#:phases
01/01: gnu: icecat: Update to 31.8.0-gnu1.
mhw pushed a commit to branch master in repository guix. commit b76c4152530b81d7ecc1c958202a3f06d407587d Author: Mark H Weaver m...@netris.org Date: Wed Jul 15 15:28:36 2015 -0400 gnu: icecat: Update to 31.8.0-gnu1. * gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch: New file. * gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch, gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch, gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch, gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch, gnu/packages/patches/icecat-CVE-2015-2735.patch, gnu/packages/patches/icecat-CVE-2015-2736.patch, gnu/packages/patches/icecat-CVE-2015-2738.patch, gnu/packages/patches/icecat-CVE-2015-2739.patch, gnu/packages/patches/icecat-CVE-2015-2740.patch, gnu/packages/patches/icecat-CVE-2015-2743.patch: Remove files. * gnu-system.am (dist_patch_DATA): Remove them, and add the new file. * gnu/packages/gnuzilla.scm (icecat): Update to 31.8.0-gnu1. Remove the outdated patches and add the new one. --- gnu-system.am | 17 +- gnu/packages/gnuzilla.scm | 21 +- .../patches/icecat-CVE-2015-2722-pt1.patch | 77 .../patches/icecat-CVE-2015-2722-pt2.patch | 73 .../patches/icecat-CVE-2015-2724-pt1.patch | 57 --- .../patches/icecat-CVE-2015-2724-pt2.patch | 391 .../patches/icecat-CVE-2015-2724-pt3.patch | 90 - .../patches/icecat-CVE-2015-2724-pt4.patch | 65 .../patches/icecat-CVE-2015-2728-pt1.patch | 95 - .../patches/icecat-CVE-2015-2728-pt2.patch | 27 -- .../patches/icecat-CVE-2015-2733-pt1.patch | 29 -- .../patches/icecat-CVE-2015-2733-pt2.patch | 31 -- gnu/packages/patches/icecat-CVE-2015-2735.patch| 86 - gnu/packages/patches/icecat-CVE-2015-2736.patch| 34 -- gnu/packages/patches/icecat-CVE-2015-2738.patch| 151 gnu/packages/patches/icecat-CVE-2015-2739.patch| 66 gnu/packages/patches/icecat-CVE-2015-2740.patch| 52 --- gnu/packages/patches/icecat-CVE-2015-2743.patch| 73 .../icecat-enable-acceleration-and-webgl.patch | 12 + 19 files changed, 16 insertions(+), 1431 deletions(-) diff --git a/gnu-system.am b/gnu-system.am index fc6517c..78a7750 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -470,22 +470,7 @@ dist_patch_DATA = \ gnu/packages/patches/hwloc-gather-topology-lstopo.patch \ gnu/packages/patches/hydra-automake-1.15.patch \ gnu/packages/patches/hydra-disable-darcs-test.patch \ - gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch \ - gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch \ - gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch \ - gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch \ - gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch \ - gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch \ - gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch \ - gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch \ - gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch \ - gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch \ - gnu/packages/patches/icecat-CVE-2015-2735.patch \ - gnu/packages/patches/icecat-CVE-2015-2736.patch \ - gnu/packages/patches/icecat-CVE-2015-2738.patch \ - gnu/packages/patches/icecat-CVE-2015-2739.patch \ - gnu/packages/patches/icecat-CVE-2015-2740.patch \ - gnu/packages/patches/icecat-CVE-2015-2743.patch \ + gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch \ gnu/packages/patches/icecat-libvpx-1.4.patch \ gnu/packages/patches/irrlicht-mesa-10.patch \ gnu/packages/patches/jbig2dec-ignore-testtest.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index d76bf93..8be3d48 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -230,7 +230,7 @@ standards.) (define-public icecat (package (name icecat) -(version 31.7.0-gnu1) +(version 31.8.0-gnu1) (source (origin (method url-fetch) @@ -239,7 +239,7 @@ standards.) name - version .tar.bz2)) (sha256 (base32 -0a25jp5afla2dxzj7i4cyvqpa5smsn7ns3xvpzqw6pc7naixkpap)) +
branch core-updates updated (3599576 - 3684741)
mhw pushed a change to branch core-updates in repository guix. from 3599576 Merge branch 'master' into core-updates adds b76c415 gnu: icecat: Update to 31.8.0-gnu1. new 3684741 Merge branch 'master' into core-updates The 1 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: gnu-system.am | 17 +- gnu/packages/gnuzilla.scm | 21 +- .../patches/icecat-CVE-2015-2722-pt1.patch | 77 .../patches/icecat-CVE-2015-2722-pt2.patch | 73 .../patches/icecat-CVE-2015-2724-pt1.patch | 57 --- .../patches/icecat-CVE-2015-2724-pt2.patch | 391 .../patches/icecat-CVE-2015-2724-pt3.patch | 90 - .../patches/icecat-CVE-2015-2724-pt4.patch | 65 .../patches/icecat-CVE-2015-2728-pt1.patch | 95 - .../patches/icecat-CVE-2015-2728-pt2.patch | 27 -- .../patches/icecat-CVE-2015-2733-pt1.patch | 29 -- .../patches/icecat-CVE-2015-2733-pt2.patch | 31 -- gnu/packages/patches/icecat-CVE-2015-2735.patch| 86 - gnu/packages/patches/icecat-CVE-2015-2736.patch| 34 -- gnu/packages/patches/icecat-CVE-2015-2738.patch| 151 gnu/packages/patches/icecat-CVE-2015-2739.patch| 66 gnu/packages/patches/icecat-CVE-2015-2740.patch| 52 --- gnu/packages/patches/icecat-CVE-2015-2743.patch| 73 .../icecat-enable-acceleration-and-webgl.patch | 12 + 19 files changed, 16 insertions(+), 1431 deletions(-) delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2722-pt1.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2722-pt2.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2724-pt1.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2724-pt2.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2724-pt3.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2724-pt4.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2728-pt1.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2728-pt2.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2733-pt1.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2733-pt2.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2735.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2736.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2738.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2739.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2740.patch delete mode 100644 gnu/packages/patches/icecat-CVE-2015-2743.patch create mode 100644 gnu/packages/patches/icecat-enable-acceleration-and-webgl.patch
01/02: website: packages: Show the update date.
civodul pushed a commit to branch master in repository guix-artwork. commit dec9e965a9521da92cedde60f021b069a84cdfc4 Author: Ludovic Courtès l...@gnu.org Date: Wed Jul 15 23:14:11 2015 +0200 website: packages: Show the update date. * website/www/packages.scm (packages-page): Add paragraph showing the current date. --- website/www/packages.scm |4 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/website/www/packages.scm b/website/www/packages.scm index 580b224..98c4b1b 100644 --- a/website/www/packages.scm +++ b/website/www/packages.scm @@ -35,6 +35,7 @@ #:use-module (web uri) #:use-module (ice-9 match) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-19) #:export (packages-page)) (define lookup-gnu-package @@ -269,4 +270,7 @@ description-ids as formal parameters. (string? (package-name p1) (package-name p2)) (packages-sxml packages + + (p Updated ,(date-string (current-date) ~B ~e, ~Y) .) + ,(html-page-footer
branch master updated (e7e7a1d - 21a149e)
civodul pushed a change to branch master in repository guix-artwork. from e7e7a1d website: Fix URL of introductory material about Scheme. new dec9e96 website: packages: Show the update date. new 21a149e website: donate: Thank Simon Josefsson. The 2 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: website/www/donate.scm |7 ++- website/www/packages.scm |4 2 files changed, 10 insertions(+), 1 deletions(-)
01/01: Merge branch 'master' into core-updates
mhw pushed a commit to branch core-updates in repository guix. commit 368474150b0a77ff54509f6ad0533d8c5a208bac Merge: 3599576 b76c415 Author: Mark H Weaver m...@netris.org Date: Wed Jul 15 16:11:13 2015 -0400 Merge branch 'master' into core-updates gnu-system.am | 17 +- gnu/packages/gnuzilla.scm | 21 +- .../patches/icecat-CVE-2015-2722-pt1.patch | 77 .../patches/icecat-CVE-2015-2722-pt2.patch | 73 .../patches/icecat-CVE-2015-2724-pt1.patch | 57 --- .../patches/icecat-CVE-2015-2724-pt2.patch | 391 .../patches/icecat-CVE-2015-2724-pt3.patch | 90 - .../patches/icecat-CVE-2015-2724-pt4.patch | 65 .../patches/icecat-CVE-2015-2728-pt1.patch | 95 - .../patches/icecat-CVE-2015-2728-pt2.patch | 27 -- .../patches/icecat-CVE-2015-2733-pt1.patch | 29 -- .../patches/icecat-CVE-2015-2733-pt2.patch | 31 -- gnu/packages/patches/icecat-CVE-2015-2735.patch| 86 - gnu/packages/patches/icecat-CVE-2015-2736.patch| 34 -- gnu/packages/patches/icecat-CVE-2015-2738.patch| 151 gnu/packages/patches/icecat-CVE-2015-2739.patch| 66 gnu/packages/patches/icecat-CVE-2015-2740.patch| 52 --- gnu/packages/patches/icecat-CVE-2015-2743.patch| 73 .../icecat-enable-acceleration-and-webgl.patch | 12 + 19 files changed, 16 insertions(+), 1431 deletions(-)
06/06: gnu: Update livestreamer to 1.12.2.
civodul pushed a commit to branch master in repository guix. commit 68e88a09b46cc2b4affebbd258decbcd4024f0db Author: Efraim Flashner efr...@flashner.co.il Date: Tue Jun 30 20:44:02 2015 +0300 gnu: Update livestreamer to 1.12.2. * gnu/packages/video (livestreamer): Update to 1.12.2. Signed-off-by: Ludovic Courtès l...@gnu.org --- gnu/packages/video.scm |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm index d098380..9472b4e 100644 --- a/gnu/packages/video.scm +++ b/gnu/packages/video.scm @@ -1298,7 +1298,7 @@ and custom quantization matrices.) (define-public livestreamer (package (name livestreamer) -(version 1.12.1) +(version 1.12.2) (source (origin (method url-fetch) (uri (string-append @@ -1307,7 +1307,7 @@ and custom quantization matrices.) (file-name (string-append livestreamer- version .tar.gz)) (sha256 (base32 -1dhgk8v8q1h3km4g5jc0cmjsxdaa2d456fvdb2wk7hmxmmwbqm9j +1fp3d3z2grb1ls97smjkraazpxnvajda2d1g1378s6gzmda2jvjd (build-system python-build-system) (arguments '(#:tests? #f)) ; tests rely on external web servers
03/06: Add 'guix-daemon.service' file for systemd.
civodul pushed a commit to branch master in repository guix. commit d2825c96141c7b6844d9e04f982919c0509165e1 Author: Ludovic Courtès l...@gnu.org Date: Wed Jul 15 17:13:16 2015 +0200 Add 'guix-daemon.service' file for systemd. * etc/guix-daemon.service.in: New file, provided by Ricardo Wurmus. * daemon.am (CLEANFILES): Add etc/guix-daemon.service. (systemdservicedir, nodist_systemdservice_DATA): New variables. (EXTRA_DIST): Add etc/guix-daemon.service.in. * doc/guix.texi (Binary Installation, Build Environment Setup): Mention 'guix-daemon.service'. --- .gitignore |1 + daemon.am | 15 +-- doc/guix.texi | 12 ++-- etc/guix-daemon.service.in | 15 +++ 4 files changed, 39 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index c1061d7..c7a6cdd 100644 --- a/.gitignore +++ b/.gitignore @@ -125,3 +125,4 @@ GTAGS /doc/os-config-bare-bones.texi /doc/os-config-desktop.texi /doc/*.1 +/etc/guix-daemon.service diff --git a/daemon.am b/daemon.am index eecfea1..1fee9b7 100644 --- a/daemon.am +++ b/daemon.am @@ -21,7 +21,7 @@ # BUILT_SOURCES += nix/libstore/schema.sql.hh -CLEANFILES += $(BUILT_SOURCES) +CLEANFILES += $(BUILT_SOURCES) etc/guix-daemon.service noinst_LIBRARIES = libformat.a libutil.a libstore.a @@ -181,10 +181,21 @@ endif BUILD_DAEMON_OFFLOAD nodist_libexec_SCRIPTS = \ nix/scripts/guix-authenticate +# The '.service' file for systemd. +systemdservicedir = $(libdir)/systemd/system +nodist_systemdservice_DATA = etc/guix-daemon.service + +etc/guix-daemon.service: etc/guix-daemon.service.in\ +$(top_builddir)/config.status + $(SED) -e 's|@''bindir''@|$(bindir)|' \ + etc/guix-daemon.service.in $@.tmp + mv $@.tmp $@ + EXTRA_DIST += \ nix/libstore/schema.sql \ nix/AUTHORS \ - nix/COPYING + nix/COPYING \ + etc/guix-daemon.service.in AM_TESTS_ENVIRONMENT +=\ top_builddir=$(abs_top_builddir) diff --git a/doc/guix.texi b/doc/guix.texi index 7d18c00..e4662cb 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -330,6 +330,10 @@ Run the daemon: # ~root/.guix-profile/bin/guix-daemon --build-users-group=guixbuild @end example +On hosts using the systemd init system, drop +@file{~root/.guix-profile/lib/systemd/system/guix-daemon.service} in +@file{/etc/systemd/system}. + @item Make the @command{guix} command available to other users on the machine, for instance with: @@ -512,8 +516,12 @@ Bash syntax and the @code{shadow} commands): @noindent The number of build users determines how many build jobs may run in parallel, as specified by the @option{--max-jobs} option -(@pxref{Invoking guix-daemon, @option{--max-jobs}}). -The @code{guix-daemon} program may then be run as @code{root} with: +(@pxref{Invoking guix-daemon, @option{--max-jobs}}). The +@code{guix-daemon} program may then be run as @code{root} with the +following command@footnote{If your machine uses the systemd init system, +dropping the @file{@var{prefix}/lib/systemd/system/guix-daemon.service} +file in @file{/etc/systemd/system} will ensure that +@command{guix-daemon} is automatically started.}: @example # guix-daemon --build-users-group=guixbuild diff --git a/etc/guix-daemon.service.in b/etc/guix-daemon.service.in new file mode 100644 index 000..28ef000 --- /dev/null +++ b/etc/guix-daemon.service.in @@ -0,0 +1,15 @@ +# This is a service unit file for the systemd init system to launch +# 'guix-daemon'. Drop it in /etc/systemd/system or similar to have +# 'guix-daemon' automatically started. + +[Unit] +Description=Build daemon for GNU Guix + +[Service] +ExecStart=@bindir@/guix-daemon --build-users-group=guixbuild +RemainAfterExit=yes +StandardOutput=syslog +StandardError=syslog + +[Install] +WantedBy=multi-user.target
branch master updated (b76c415 - 68e88a0)
civodul pushed a change to branch master in repository guix. from b76c415 gnu: icecat: Update to 31.8.0-gnu1. new 43c3304 doc: Reinstate bit about creating build accounts. new 6472089 system: Make /dev/kvm 660. new d2825c9 Add 'guix-daemon.service' file for systemd. new df36e62 ui: Add 'leave-on-EPIPE'. new d2f2c8f size: Gracefully handle EPIPE. new 68e88a0 gnu: Update livestreamer to 1.12.2. The 6 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: .gitignore |1 + daemon.am | 15 +-- doc/guix.texi | 16 ++-- etc/guix-daemon.service.in | 15 +++ gnu/packages/video.scm |4 ++-- gnu/services/base.scm |8 guix/scripts/package.scm | 16 guix/scripts/size.scm | 21 +++-- guix/ui.scm| 17 + 9 files changed, 77 insertions(+), 36 deletions(-) create mode 100644 etc/guix-daemon.service.in
04/06: ui: Add 'leave-on-EPIPE'.
civodul pushed a commit to branch master in repository guix. commit df36e62938a7a2250601e7652a968e31f89a13f4 Author: Ludovic Courtès l...@gnu.org Date: Wed Jul 15 18:01:05 2015 +0200 ui: Add 'leave-on-EPIPE'. * guix/scripts/package.scm (leave-on-EPIPE): Move to... * guix/ui.scm (leave-on-EPIPE): ... here. --- guix/scripts/package.scm | 16 guix/ui.scm | 17 + 2 files changed, 17 insertions(+), 16 deletions(-) diff --git a/guix/scripts/package.scm b/guix/scripts/package.scm index 56a6e2d..b545ea2 100644 --- a/guix/scripts/package.scm +++ b/guix/scripts/package.scm @@ -307,22 +307,6 @@ RX. (() #t) (else #f) -(define-syntax-rule (leave-on-EPIPE exp ...) - Run EXP... in a context when EPIPE errors are caught and lead to 'exit' -with successful exit code. This is useful when writing to the standard output -may lead to EPIPE, because the standard output is piped through 'head' or -similar. - (catch 'system-error -(lambda () - exp ...) -(lambda args - ;; We really have to exit this brutally, otherwise Guile eventually - ;; attempts to flush all the ports, leading to an uncaught EPIPE down - ;; the path. - (if (= EPIPE (system-error-errno args)) - (primitive-_exit 0) - (apply throw args) - (define (upgradeable? name current-version current-path) Return #t if there's a version of package NAME newer than CURRENT-VERSION, or if the newest available version is equal to CURRENT-VERSION but would have diff --git a/guix/ui.scm b/guix/ui.scm index 11af646..28d4b97 100644 --- a/guix/ui.scm +++ b/guix/ui.scm @@ -62,6 +62,7 @@ show-manifest-transaction call-with-error-handling with-error-handling +leave-on-EPIPE read/eval read/eval-package-expression location-string @@ -430,6 +431,22 @@ interpreted. (leave (_ ~a: ~a~%) proc (apply format #f format-string format-args)) +(define-syntax-rule (leave-on-EPIPE exp ...) + Run EXP... in a context when EPIPE errors are caught and lead to 'exit' +with successful exit code. This is useful when writing to the standard output +may lead to EPIPE, because the standard output is piped through 'head' or +similar. + (catch 'system-error +(lambda () + exp ...) +(lambda args + ;; We really have to exit this brutally, otherwise Guile eventually + ;; attempts to flush all the ports, leading to an uncaught EPIPE down + ;; the path. + (if (= EPIPE (system-error-errno args)) + (primitive-_exit 0) + (apply throw args) + (define %guix-user-module ;; Module in which user expressions are evaluated. ;; Compute lazily to avoid circularity with (guix gexp).
02/06: system: Make /dev/kvm 660.
civodul pushed a commit to branch master in repository guix. commit 64720891ae7edc33f963651c5ba2509513b1849a Author: Ludovic Courtès l...@gnu.org Date: Wed Jul 15 16:16:43 2015 +0200 system: Make /dev/kvm 660. * gnu/services/base.scm (kvm-udev-rule): Change /dev/kvm mode to 0660 as a followup to the resolution of http://bugs.gnu.org/18994. --- gnu/services/base.scm |8 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/services/base.scm b/gnu/services/base.scm index d574420..e9e69ea 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -739,11 +739,11 @@ item of @var{packages}. (call-with-output-file (string-append rules.d /90-kvm.rules) (lambda (port) -;; FIXME: As a workaround for -;; http://bugs.gnu.org/18994, make /dev/kvm 666 -;; instead of 660. +;; Build users are part of the kvm group, so we +;; can fearlessly make /dev/kvm 660 (see +;; http://bugs.gnu.org/18994, for background.) (display \ -KERNEL==\kvm\, GROUP=\kvm\, MODE=\0666\\n port +KERNEL==\kvm\, GROUP=\kvm\, MODE=\0660\\n port #:modules '((guix build utils (define* (udev-service #:key (udev eudev) (rules '()))
05/06: size: Gracefully handle EPIPE.
civodul pushed a commit to branch master in repository guix. commit d2f2c8f126ebc400f016781805c76683cc364c18 Author: Ludovic Courtès l...@gnu.org Date: Wed Jul 15 18:05:29 2015 +0200 size: Gracefully handle EPIPE. * guix/scripts/size.scm (guix-size): Wrap body in 'leave-on-EPIPE'. --- guix/scripts/size.scm | 21 +++-- 1 files changed, 11 insertions(+), 10 deletions(-) diff --git a/guix/scripts/size.scm b/guix/scripts/size.scm index 13341fd..1339742 100644 --- a/guix/scripts/size.scm +++ b/guix/scripts/size.scm @@ -280,15 +280,16 @@ Report the size of PACKAGE and its dependencies.\n)) (() (leave (_ missing store item argument\n))) ((file) - (with-store store - (run-with-store store - (mlet* %store-monad ((item(ensure-store-item file)) - (profile (store-profile item))) - (if map-file - (begin - (profile-page-map profile map-file) - (return #t)) - (display-profile* profile))) - #:system system))) + (leave-on-EPIPE + (with-store store +(run-with-store store + (mlet* %store-monad ((item(ensure-store-item file)) + (profile (store-profile item))) +(if map-file +(begin + (profile-page-map profile map-file) + (return #t)) +(display-profile* profile))) + #:system system ((files ...) (leave (_ too many arguments\n)))
branch master updated (21a149e - f76a852)
civodul pushed a change to branch master in repository guix-artwork. from 21a149e website: donate: Thank Simon Josefsson. new f76a852 website: packages: Move date within the content box. The 1 revisions listed above as new are entirely new to this repository and will be described in separate emails. The revisions listed as adds were already present in the repository and have only been added to this reference. Summary of changes: website/www/packages.scm |6 -- 1 files changed, 4 insertions(+), 2 deletions(-)
01/01: gnu: eigen: Use parallel-job-count.
bavier pushed a commit to branch master in repository guix. commit fc3cbc67c1d325ccfcf582890b1df3a1ba5aeea5 Author: Eric Bavier bav...@member.fsf.org Date: Tue Jul 14 20:49:43 2015 -0500 gnu: eigen: Use parallel-job-count. * gnu/packages/algebra.scm (eigen)[arguments]: 'current-processor-count' - 'parallel-job-count'. --- gnu/packages/algebra.scm |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm index 7f9fd28..e47c405 100644 --- a/gnu/packages/algebra.scm +++ b/gnu/packages/algebra.scm @@ -383,7 +383,7 @@ cosine/ sine transforms or DCT/DST).) (lambda _ ;; First build the tests, in parallel. ;; See http://eigen.tuxfamily.org/index.php?title=Tests. - (let* ((cores (current-processor-count)) + (let* ((cores (parallel-job-count)) (dash-j (format #f -j~a cores))) ;; These variables are supposed to be honored. (setenv EIGEN_MAKE_ARGS dash-j)