Re: [PATCH] gnu: Add CUPS service.

[Danny Milosavljevic]

Hi,

nice!

> +  (define %cups-accounts
> +  (list (user-group (name "cups") (system? #t))
> +(user-account
> + (name "cups")
> + (group "cups")
> + (system? #t)
> + (comment "CUPS print server user")
> + (home-directory "/var/empty")

> + (shell (file-append shadow "/sbin/nologin")

How does this work? shadow is a package and file-append expects a string...

> ;; FIXME!

Hmm :)

[PATCH] aarch64 support in isl

[Efraim Flashner]

This one is for core-updates. I've been carrying it around for months
and short of updating isl or running autoconf on it before building it's
needed for creating the cross-arch bootstrap tarballs.

I'm still working on the aarch64 bootstrap binaries, still trying to get
that to work.

-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
From 8ad86edcc221e3505a645a3b75a8931efaa3f588 Mon Sep 17 00:00:00 2001
From: Efraim Flashner 
Date: Fri, 24 Jun 2016 13:33:31 +0300
Subject: [PATCH 2/3] gnu: isl: Add support for aarch64.

* gnu/packages/gcc.scm (isl)[source]: Add patch.
* gnu/packages/patches/isl-0.11.1-aarch64-support.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Register it.
---
 gnu/local.mk   |  1 +
 gnu/packages/gcc.scm   |  5 ++-
 .../patches/isl-0.11.1-aarch64-support.patch   | 43 ++
 3 files changed, 47 insertions(+), 2 deletions(-)
 create mode 100644 gnu/packages/patches/isl-0.11.1-aarch64-support.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 4b83de2..d0edf79 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -572,6 +572,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/ilmbase-fix-tests.patch \
   %D%/packages/patches/inkscape-drop-wait-for-targets.patch\
   %D%/packages/patches/irrlicht-mesa-10.patch  \
+  %D%/packages/patches/isl-0.11.1-aarch64-support.patch\
   %D%/packages/patches/jansson-CVE-2016-4425.patch \
   %D%/packages/patches/jasper-CVE-2007-2721.patch  \
   %D%/packages/patches/jasper-CVE-2008-3520.patch  \
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index 1ca8ca0..b846ab4 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver 
 ;;; Copyright © 2014, 2015, 2016 Ricardo Wurmus 
 ;;; Copyright © 2015 Andreas Enge 
-;;; Copyright © 2015 Efraim Flashner 
+;;; Copyright © 2015, 2016 Efraim Flashner 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -717,7 +717,8 @@ as the 'native-search-paths' field."
name "-" version ".tar.gz")))
  (sha256
   (base32
-   "13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9"
+   "13d9cqa5rzhbjq0xf0b2dyxag7pqa72xj9dhsa03m8ccr1a4npq9"))
+ (patches (search-patches "isl-0.11.1-aarch64-support.patch"
 (build-system gnu-build-system)
 (inputs `(("gmp" ,gmp)))
 (home-page "http://isl.gforge.inria.fr/";)
diff --git a/gnu/packages/patches/isl-0.11.1-aarch64-support.patch 
b/gnu/packages/patches/isl-0.11.1-aarch64-support.patch
new file mode 100644
index 000..b148144
--- /dev/null
+++ b/gnu/packages/patches/isl-0.11.1-aarch64-support.patch
@@ -0,0 +1,43 @@
+From 5ad856cba6d08ae9e788198a7d56ef4e1c87 Mon Sep 17 00:00:00 2001
+From: Efraim Flashner 
+Date: Thu, 23 Jun 2016 09:39:56 +0300
+Subject: [PATCH] autoreconf
+
+---
+ config.guess  |7 +++
+ config.sub|1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/config.guess b/config.guess
+index 40eaed4..baad294 100755
+--- a/config.guess
 b/config.guess
+@@ -861,6 +861,13 @@ EOF
+ i*86:Minix:*:*)
+   echo ${UNAME_MACHINE}-pc-minix
+   exit ;;
++aarch64:Linux:*:*)
++  echo ${UNAME_MACHINE}-unknown-linux-gnu
++  exit ;;
++aarch64_be:Linux:*:*)
++  UNAME_MACHINE=aarch64_be
++  echo ${UNAME_MACHINE}-unknown-linux-gnu
++  exit ;;
+ alpha:Linux:*:*)
+   case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5)   UNAME_MACHINE=alphaev5 ;;
+diff --git a/config.sub b/config.sub
+index 30fdca8..8f5b018 100755
+--- a/config.sub
 b/config.sub
+@@ -247,6 +247,7 @@ case $basic_machine in
+   # Some are omitted here because they have special meanings below.
+   1750a | 580 \
+   | a29k \
++  | aarch64 | aarch64_be \
+   | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+   | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | 
alpha64pca5[67] \
+   | am33_2.0 \
+-- 
+2.9.0
+
-- 
2.9.0



signature.asc
Description: PGP signature

[PATCH 1/1] gnu: libupnp: Fix CVE-2016-6255.

[Leo Famulari]

* gnu/packages/patches/libupnp-CVE-2016-6255.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/libupnp.scm (libupnp): Use it.
---
 gnu/local.mk |  1 +
 gnu/packages/libupnp.scm |  2 +
 gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 
 3 files changed, 89 insertions(+)
 create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 867946d..3352b19 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -656,6 +656,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libtiff-oob-write-in-nextdecode.patch   \
   %D%/packages/patches/libtool-skip-tests2.patch   \
   %D%/packages/patches/libunwind-CVE-2015-3239.patch   \
+  %D%/packages/patches/libupnp-CVE-2016-6255.patch \
   %D%/packages/patches/libvpx-CVE-2016-2818.patch  \
   %D%/packages/patches/libwmf-CAN-2004-0941.patch  \
   %D%/packages/patches/libwmf-CVE-2006-3376.patch  \
diff --git a/gnu/packages/libupnp.scm b/gnu/packages/libupnp.scm
index 2f9a574..b9209bf 100644
--- a/gnu/packages/libupnp.scm
+++ b/gnu/packages/libupnp.scm
@@ -17,6 +17,7 @@
 ;;; along with GNU Guix.  If not, see .
 
 (define-module (gnu packages libupnp)
+  #:use-module (gnu packages)
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
@@ -31,6 +32,7 @@
   (method url-fetch)
   (uri (string-append "mirror://sourceforge/pupnp/pupnp/libUPnP%20"
   version "/" name "-" version ".tar.bz2"))
+  (patches (search-patches "libupnp-CVE-2016-6255.patch"))
   (sha256
(base32
 "0qrsdsb1qm85hc4jy04qph895613d148f0x1mmk6z99y3q43fdgf"
diff --git a/gnu/packages/patches/libupnp-CVE-2016-6255.patch 
b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
new file mode 100644
index 000..27377b3
--- /dev/null
+++ b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
@@ -0,0 +1,86 @@
+Fix CVE-2016-6255:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
+http://www.openwall.com/lists/oss-security/2016/07/18/13
+
+Patch copied from upstream source repository:
+
+https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
+
+From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
+From: Matthew Garrett 
+Date: Tue, 23 Feb 2016 13:53:20 -0800
+Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by
+ default
+
+If there's no registered handler for a POST request, the default behaviour
+is to write it to the filesystem. Several million deployed devices appear
+to have this behaviour, making it possible to (at least) store arbitrary
+data on them. Add a configure option that enables this behaviour, and change
+the default to just drop POSTs that aren't directly handled.
+
+Signed-off-by: Marcelo Roberto Jimenez 
+(cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa)
+---
+ configure.ac | 9 +
+ upnp/inc/upnpconfig.h.in | 9 +
+ upnp/src/genlib/net/http/webserver.c | 4 
+ 3 files changed, 22 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 9548913..a8731b5 100644
+--- a/configure.ac
 b/configure.ac
+@@ -501,6 +501,15 @@ if test "x$enable_blocking_tcp_connections" = xyes ; then
+ AC_DEFINE(UPNP_ENABLE_BLOCKING_TCP_CONNECTIONS, 1, [see upnpconfig.h])
+ fi
+ 
++RT_BOOL_ARG_ENABLE([scriptsupport], [yes], [script support for IXML document 
tree, see ixml.h])
++if test "x$enable_scriptsupport" = xyes ; then
++AC_DEFINE(IXML_HAVE_SCRIPTSUPPORT, 1, [see upnpconfig.h])
++fi
++
++RT_BOOL_ARG_ENABLE([postwrite], [no], [write to the filesystem on otherwise 
unhandled POST requests])
++if test "x$enable_postwrite" = xyes ; then
++AC_DEFINE(UPNP_ENABLE_POST_WRITE, 1, [see upnpconfig.h])
++fi
+ 
+ RT_BOOL_ARG_ENABLE([samples], [yes], [compilation of upnp/sample/ code])
+ 
+diff --git a/upnp/inc/upnpconfig.h.in b/upnp/inc/upnpconfig.h.in
+index 7f4facc..5df8c5a 100644
+--- a/upnp/inc/upnpconfig.h.in
 b/upnp/inc/upnpconfig.h.in
+@@ -131,5 +131,14 @@
+  * header (i.e. configure --enable-unspecified_server) */
+ #undef UPNP_ENABLE_UNSPECIFIED_SERVER
+ 
++/** Defined to 1 if the library has been compiled with OpenSSL support
++ *  (i.e. configure --enable-open_ssl) */
++#undef UPNP_ENABLE_OPEN_SSL
++
++/** Defined to 1 if the library has been compiled to support filesystem 
writes on POST
++ *  (i.e. configure --enable-postwrite) */
++#undef UPNP_ENABLE_POST_WRITE
++
++
+ #endif /* UPNP_CONFIG_H */
+ 
+diff --git a/upnp/src/genlib/net/http/webserver.c 
b/upnp/src/genlib/net/http/webserver.c
+index 26bf0f7..7ae8c1e 100644
+--- a/upnp/src/genlib/net/http/webserver.c
 b/upnp/src/genlib/net/http/webserver.c
+@@ -1367,9 +1367,13 @@ static int http_RecvPost

[no subject]

[Leo Famulari]

Subject: [PATCH 0/1] libupnp remote filesystem access CVE-2016-6255

You can use libupnp on a remote server to read and write the filesystem
with the privileges of the libupnp process:

http://seclists.org/oss-sec/2016/q3/102

This patch cherry-picks the upstream commit:

https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5

Leo Famulari (1):
  gnu: libupnp: Fix CVE-2016-6255.

 gnu/local.mk |  1 +
 gnu/packages/libupnp.scm |  2 +
 gnu/packages/patches/libupnp-CVE-2016-6255.patch | 86 
 3 files changed, 89 insertions(+)
 create mode 100644 gnu/packages/patches/libupnp-CVE-2016-6255.patch

-- 
2.10.1

Re: Input needed regarding disk encryption/decryption

[John Darrington]

I understood something different by "while disk encryption".  I thought it meant
encrypting the whole disk (partition table and all) not just the partitions on 
it.

J'

On Wed, Oct 05, 2016 at 07:56:23PM -0700, dian_ce...@zoho.com wrote:
 Hello,
 
  So apparently I've accidentilly volunteered to try and implement 
whole disk
 encryption for GuixSD, and for the last few days I've been pondering what 
all
 I'd need to handle for this. While the obvious low-hanging fruit is to 
simply
 support mounting LUKS devices (or anything under /dev/mapper), if I'm going
 to do this I'd rather try to handle as many cases as I could, or at least 
avoid
 doing something that would make future additions to the distro painful to
 implement. So I've been trying to come up with a list of the possible
 configurations and how they can be implemented, so at least I have a rough 
idea
 on what is actually needed. So far, this is what I'm thinking needs to be
 supported (or some combination of each of these):
 
 a) Encrypting /home(/$USER)
 b) Encrypting /
 c) Encrypting /boot
 d) Encrypting swap with a fixed passphrase
 e) Encrypting swap with a random passphrase
 f) Encrypting /$RANDOM_DIRECTORY
 
  I think A is usually handled with eCryptFS and PAM so that the user's 
home
 directory isn't mounted until the user logs in, and is thus outside of the 
scope
 of what I'm trying to do. B is the big issue for me (along with RAID 
support and
 LVM, but I'm reasonably sure I can replace LVM with quotas without any 
loss of
 functionality and probably an increase in flexibility) and can usually be
 handled fairly easily with an initramfs. However, the inability of the 
install
 image to mount (or configure these devices for mounting) seems to be a 
fairly
 serious stumbling block. C is supported by GRUB2 according to 
 https://wiki.archlinux.org/index.php/Grub#Boot_partition
 so as long as our version of GRUB has built-in support for this, I think 
that
 shouldn't be too hard to handle. D should be reasonably easy to handle as 
soon
 as we can decide whether it would be better to decrypt everything in the
 initramfs or leave some of it to the system proper to handle. E is likely 
best
 handled by the system proper and should be reasonably easy to handle once
 a framework for handling decrypting and encrypting filesystems is 
implemented.
 The same applies to F, for that matter.
 
  I am also pondering how to handle RAID and LVM at this time since all 
of
 this is all fairly closely related, though I'm not going to make any 
claims of
 responsibility for implementing anything other than disk encryption, and 
even
 that isn't promised.
 
  However, I'm wanting feedback from others on this list (and if someone
 wants to crosspost this to the help-guix list for a little more 
visability, feel
 free) on any possible scenerios need to be handled that I havn't mentioned 
here.
 

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.



signature.asc
Description: Digital signature

Input needed regarding disk encryption/decryption

[dian_cecht]

Hello,

 So apparently I've accidentilly volunteered to try and implement whole disk
encryption for GuixSD, and for the last few days I've been pondering what all
I'd need to handle for this. While the obvious low-hanging fruit is to simply
support mounting LUKS devices (or anything under /dev/mapper), if I'm going
to do this I'd rather try to handle as many cases as I could, or at least avoid
doing something that would make future additions to the distro painful to
implement. So I've been trying to come up with a list of the possible
configurations and how they can be implemented, so at least I have a rough idea
on what is actually needed. So far, this is what I'm thinking needs to be
supported (or some combination of each of these):

a) Encrypting /home(/$USER)
b) Encrypting /
c) Encrypting /boot
d) Encrypting swap with a fixed passphrase
e) Encrypting swap with a random passphrase
f) Encrypting /$RANDOM_DIRECTORY

 I think A is usually handled with eCryptFS and PAM so that the user's home
directory isn't mounted until the user logs in, and is thus outside of the scope
of what I'm trying to do. B is the big issue for me (along with RAID support and
LVM, but I'm reasonably sure I can replace LVM with quotas without any loss of
functionality and probably an increase in flexibility) and can usually be
handled fairly easily with an initramfs. However, the inability of the install
image to mount (or configure these devices for mounting) seems to be a fairly
serious stumbling block. C is supported by GRUB2 according to 
https://wiki.archlinux.org/index.php/Grub#Boot_partition
so as long as our version of GRUB has built-in support for this, I think that
shouldn't be too hard to handle. D should be reasonably easy to handle as soon
as we can decide whether it would be better to decrypt everything in the
initramfs or leave some of it to the system proper to handle. E is likely best
handled by the system proper and should be reasonably easy to handle once
a framework for handling decrypting and encrypting filesystems is implemented.
The same applies to F, for that matter.

 I am also pondering how to handle RAID and LVM at this time since all of
this is all fairly closely related, though I'm not going to make any claims of
responsibility for implementing anything other than disk encryption, and even
that isn't promised.

 However, I'm wanting feedback from others on this list (and if someone
wants to crosspost this to the help-guix list for a little more visability, feel
free) on any possible scenerios need to be handled that I havn't mentioned here.

Re: [PATCH]Add PT Astra font.

[Rastus Vernon]

On Thu, 2016-10-06 at 00:06 +0300, Dmitry Nikolaev wrote:
> Hi. PT Astra is a free font metric compatible with proprietary Times
> New
> Roman.
> 
> Dmitry Nikolaev

According to the font file, the version is 1.001, not 1001.

[PATCH (3)] gnu: Add NFS related services (moved idmap.conf out of /etc, added texinfo markup to documentation, s/dir/directory)

[John Darrington]

* gnu/services/nfs.scm (pipefs-service-type): New Variable,
(gss-service-type): New Variable, (idmap-service-type) New Variable.

* doc/guix.texi (Network File system): New Node.
---
 doc/guix.texi| 100 ++--
 gnu/services/nfs.scm | 127 ++-
 2 files changed, 223 insertions(+), 4 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 9bd8b43..704868a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -221,6 +221,7 @@ Services
 * Database Services::   SQL databases.
 * Mail Services::   IMAP, POP3, SMTP, and all that.
 * Web Services::Web servers.
+* Network File System:: NFS related services.
 * Miscellaneous Services::  Other services.
 
 Defining Services
@@ -7590,6 +7591,7 @@ declaration.
 * Database Services::   SQL databases.
 * Mail Services::   IMAP, POP3, SMTP, and all that.
 * Web Services::Web servers.
+* Network File System:: NFS related services.
 * Miscellaneous Services::  Other services.
 @end menu
 
@@ -10309,14 +10311,21 @@ directories are created when the service is activated.
 
 @end deffn
 
-@node Miscellaneous Services
-@subsubsection Miscellaneous Services
+@node Network File System
+@subsubsection Network File System
+@cindex NFS
 
+The @code{(gnu services nfs)} module provides the following services,
+which are most commonly used in relation to mounting or exporting NFS
+file systems.
 
 @subsubheading RPC Bind Service
 @cindex rpcbind
 
-The @code{(gnu services nfs)} module provides the following:
+The RPC Bind service provides a facility to map program numbers into
+universal addresses.
+Many NFS related services use this facility.  Hence it is automatically
+started when a dependent service starts.
 
 @defvr {Scheme Variable} rpcbind-service-type
 A service type  for the RPC portmapper daemon.
@@ -10337,6 +10346,91 @@ instance.
 @end table
 @end deftp
 
+
+@subsubheading Pipefs Pseudo File System
+@cindex pipefs
+@cindex rpc_pipefs
+
+The pipefs file system is used to transfer NFS related data
+between the kernel and user space programs.
+
+@defvr {Scheme Variable} pipefs-service-type
+A service type for the pipefs pseudo file system.
+@end defvr
+
+@deftp {Data Type} pipefs-configuration
+Data type representing the configuration of the pipefs pseudo file system 
service.
+This type has the following parameters:
+@table @asis
+@item @code{mount-point} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory to which the file system is to be attached.
+@end table
+@end deftp
+
+
+@subsubheading GSS Daemon Service
+@cindex GSSD
+@cindex GSS
+@cindex global security system
+
+The @dfn{global security system} (GSS) daemon provides strong security for RPC
+based protocols.
+Before exchanging RPC requests an RPC client must establish a security
+context.  Typically this is done using the Kerberos command @command{kinit}
+or automatically at login time using PAM services.
+
+@defvr {Scheme Variable} gss-service-type
+A service type for the Global Security System (GSS) daemon.
+@end defvr
+
+@deftp {Data Type} gss-configuration
+Data type representing the configuration of the GSS daemon service.
+This type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.gssd} command is to be found.
+
+@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@end table
+@end deftp
+
+
+@subsubheading IDMAP Daemon Service
+@cindex idmapd
+@cindex name mapper
+
+The idmap daemon service provides mapping between user IDs and user names.
+Typically it is required in order to access file systems mounted via NFSv4.
+
+@defvr {Scheme Variable} idmap-service-type
+A service type for the Identity Mapper (IDMAP) daemon.
+@end defvr
+
+@deftp {Data Type} idmap-configuration
+Data type representing the configuration of the IDMAP daemon service.
+This type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.idmapd} command is to be found.
+
+@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@item @code{domain} (default: @code{#f})
+The local NFSv4 domain name.
+This must be a string or @code{#f}.
+If it is @code{#f} then the daemon will use the host's fully qualified domain 
name.
+
+@end table
+@end deftp
+
+
+@node Miscellaneous Services
+@subsubsection Miscellaneous Services
+
+
 @cindex lirc
 @subsubheading Lirc Service
 
diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index b1e1f53..94982d7 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,11 +20,31 @@
   #:use-module (gnu)
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages onc-rpc)
+  #:use-module (gnu

Re: Contents of /etc/hosts

[John Darrington]

On Wed, Oct 05, 2016 at 10:17:14PM +0200, Ludovic Court??s wrote:
 Hi!
 
 John Darrington  skribis:
 
 > So ... my recommendations:
 >
 > 1. We change /etc/hosts to read
 >
 >
 >  127.0.0.1 localhost.localdomain localhost 
 >  ::1   localhost.localdomain localhost
 >
 >  127.0.0.2 gambrinus
 
 It???s not very useful to have ???localhost.localdomain???, is it?  

Try doing this:  Put just a single line in your /etc/hosts: 
127.0.0.1 localhost
then run "hostname -d"

You will get the answer "(none)"

I'm sure that will break some applications!  

Now so long as there is also a canonical hostname in /etc/hosts this won't be
a problem.  But what about on my machine running bind?  Here all hostnames are
in the bind database and not in /etc/hosts (except for localhost).


 Also, shouldn???t we keep the same address for both names?
 
 Like:
 
   127.0.0.1 localhost
   ::1   localhost
   127.0.0.1 gambrinus
   ::1   gambrinus
 
 Or am I missing something?

Hmm.  I have never seen it done this way elsewhere, and I really wonder how some
services will react if they discover that 127.0.0.1 is not called "localhost"?  
Or that one address is known by two names.  I think it possible they might 
assume a security breach and refuse to work.  Kerberos is very fussy about such 
things.

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.



signature.asc
Description: Digital signature

Re: OpenSSL security updates

[Leo Famulari]

On Mon, Sep 26, 2016 at 01:01:38PM -0400, Leo Famulari wrote:
> Subject: [PATCH] gnu: openssl: Update replacement to 1.0.2j [fixes
>  CVE-2016-7052].
> 
> * gnu/packages/tls.scm (openssl): Update replacement to 1.0.2j.
> (openssl-1.0.2i): Replace with...
> (openssl-1.0.2j): ... new variable.

Ludo, you mentioned you were using this graft as a test case for
improvements to `guix lint`. Let us know if you are done with it so it
can be ungrafted on the core-updates branch.

Re: [PATCH 0/8] Xorg security updates for the master branch

[Leo Famulari]

On Wed, Oct 05, 2016 at 05:38:12PM -0400, Leo Famulari wrote:
> On Wed, Oct 05, 2016 at 11:17:20PM +0200, Ludovic Courtès wrote:
> > (On core-updates it’s probably best to upgrade these libraries instead
> > of patching them, as you wrote on IRC.)
> 
> I'll send those in a couple hours.

Done!

Re: [PATCH 2/2] gnu: Add bluefish.

[rennes]

Updated patch.


Same here: This shout go into gnu/packages/gnome.scm. We do not add a
file for every single application.

+(synopsis "HTML editor")

Could you pleae be  a bit more verbose here. Deban says "advanced Gtk+
text editor for web and software development" Other distributions call
this "Web development studio" (I don't know if this is right, though).From f1a573b2dcf5ad509089b9e5ec4c1aff4a15473c Mon Sep 17 00:00:00 2001
From: Rene Saavedra 
Date: Wed, 5 Oct 2016 18:13:38 -0500
Subject: [PATCH 2/2] gnu: Add bluefish.

	* gnu/packages/gnome.scm (bluefish): New variable.

---
 gnu/packages/gnome.scm | 31 +++
 1 file changed, 31 insertions(+)

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 0bc66a9..d29bed1 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5573,3 +5573,34 @@ is suitable as a default application in a Desktop environment.")
 (description
  "Character map, based on the Unicode Character Database.")
 (license license:gpl3)))
+
+(define-public bluefish
+  (package
+(name "bluefish")
+(version "2.2.8")
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "mirror://sourceforge/bluefish/bluefish/"
+   version "/bluefish-" version ".tar.bz2"))
+   (sha256
+(base32
+ "002hfj125j7372zdq8cb8fadyyd6ws42avm8ngjl6gzfbjaqymrj"
+(build-system gnu-build-system)
+(native-inputs
+ `(("desktop-file-utils" ,desktop-file-utils)
+   ("intltool" ,intltool)
+   ("pkg-config" ,pkg-config)))
+(inputs
+ `(("enchant" ,enchant)
+   ("gtk+" ,gtk+)
+   ("python" ,python-2)
+   ("xmllint" ,libxml2)
+   ("gucharmap" ,gucharmap)))
+(home-page "http://bluefish.openoffice.nl";)
+(synopsis "Web development studio")
+(description
+ "Bluefish is a editor targeted towards programmers and webdevelopers,
+with many options to write websites, scripts and programming code.
+Bluefish supports many programming and markup languages.")
+(license license:gpl3)))
-- 
2.10.0

Re: [PATCH 1/2] gnu: Add gucharmap.

[rennes]

Hello,

On 2016-10-05 04:36, Hartmut Goebel wrote:

This shout go into gnu/packages/gnome.scm. We do not add a file for
every single application.


 * I have updated the package.
 * This package also includes the UNICODE license, according to 
'https://www.gnu.org/licenses/license-list'; It is compatible with all 
versions GPL.From d6ef1fc545b2fabaf9f2c38252809456b4b6c6cc Mon Sep 17 00:00:00 2001
From: Rene Saavedra 
Date: Wed, 5 Oct 2016 17:50:51 -0500
Subject: [PATCH 1/2] gnu: Add gucharmap.

	* gnu/packages/gnome.scm (gucharmap): New variable.

---
 gnu/packages/gnome.scm | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index e33f744..0bc66a9 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -5543,3 +5543,33 @@ handling the startup notification side.")
  "Calculator is an application that solves mathematical equations and
 is suitable as a default application in a Desktop environment.")
 (license license:gpl3)))
+
+(define-public gucharmap
+  (package
+(name "gucharmap")
+(version "3.18.0")
+(source
+ (origin
+   (method url-fetch)
+   (uri (string-append "mirror://gnome/sources/" name "/"
+   (version-major+minor version) "/"
+   name "-" version ".tar.xz"))
+   (sha256
+(base32
+ "0c1q9w5vql0vvg6g0knxfnv4ap19fg5cdrwndi1cj9lsym92c78j"
+(build-system gnu-build-system)
+(native-inputs
+ `(("desktop-file-utils" ,desktop-file-utils)
+   ("glib:bin" ,glib "bin") ; for glib-compile-resources.
+   ("gobject-introspection" ,gobject-introspection)
+   ("intltool" ,intltool)
+   ("itstool" ,itstool)
+   ("pkg-config" ,pkg-config)))
+(inputs
+ `(("gtk+" ,gtk+)
+   ("xmllint" ,libxml2)))
+(home-page "https://wiki.gnome.org/Apps/Gucharmap";)
+(synopsis "Character Map")
+(description
+ "Character map, based on the Unicode Character Database.")
+(license license:gpl3)))
-- 
2.10.0

Re: [PATCH v2 01/13] build-system: Add asdf-build-system.

[Andy Patterson]

On Wed, 05 Oct 2016 12:55:51 +0800
iyzs...@member.fsf.org (宋文武) wrote:

> Hi!  I have spent more time wondering on this patch and ASDF, so here
> are some questions, opinions and ideas (roughly).
> 

Hi. Thanks again for your comments.

> > * Makefile.am: Add them.  
> 
> Should be: Makefile.am (MODULES): Add them.
> 

Ok.

> > * doc/guix.texi: Add section on 'asdf-build-system/source'.  
> 
> Well, it dosen't create a new info section, I think this can be:
> 
> * doc/guix.texi (Build Systems): Document 'asdf-build-system'.
>

Ok.

> > +These variables, exported by @code{(guix build-system sbcl)},
> > implement  
> 
> Typo, sbcl -> asdf.
> 

Right.

> > +build procedures for Common Lisp packages using the
> > +@url{https://common-lisp.net/project/asdf/, ``ASDF''} system.  
> 
> How about expand it a bit to: @url{..., ``ASDF''}, a system definition
> facility for Common Lisp programs and libraries.
>

Sure.

> > +The build system uses conventions to determine the roles of inputs
> > in +the build system.  
> 
> … uses naming conventions …  What’s the “roles of inputs” for?
> 

I'll explain what is meant a bit further.

> > + For example,
> > +
> > +@example
> > +(define-public sbcl-bordeaux-threads
> > +  (package
> > +...
> > +(native-inputs `(("tests:cl-fiveam" ,sbcl-fiveam)))
> > +...))
> > +@end example  
> 
> This is a bit confusing, so every input starts with ‘sbcl-’ will be
> propagated?  I wonder why not just use ‘propgated-inputs’ for that.
>

Packages aren't propagated in the binary systems. The naming
convention is what tells 'patch-asd-file' which systems to wrap the
library with (so that it can find its dependencies). Changing the
prefix will cause that phase to ignore that library, so doing so has
the same effect as '#:test-only-systems' used to have. I'll explain
that in the doc.

> > +
> > +Additionally, the corresponding source package should be labelled
> > using +the same convention as python packages (see @ref{Python
> > Modules}), using +the @code{cl-} prefix.
> > +
> > +One package should be defined for each ASDF system.  
> 
> This is for binary packages right?  (It’s obviously not convenient for
> source packages which usually have an extra system for test only.)
> ++ I seems wrong here, new ideas below ‘package-with-build-system’. ++
>

This is correct, actually. This is essentially what I did for slynk,
which contains quite a few systems.
 
> For binary packages, this will be perfect if they’re 1-to-1 mapped to
> a CL system, but then their names are inconsistent with the ’cl-’
> ones, whose names are from projects instead of the systems they
> contain.
> 
> Consider the ‘cl-autowrap’ (https://github.com/rpav/cl-autowrap)
> project.  It has 3 systems: ‘cl-autowrap’, ‘cl-autowrap-test’ and
> ‘cl-plus-c’.  IIUC, follow this one package per system way, we will
> package it as:
> 
> - cl-autowrap, contains the 3 systems in source form.
> - sbcl-autowrap (or maybe sbcl-cl-autowrap?).
> - sbcl-plus-c (or ‘sbcl-cl-plus-c?).
> - sbcl-autowrap-test (for testing).
> 

That's right (and it would be sbcl-cl-autowrap).

> It’s hard to know that ‘cl-autowrap’ has ‘cl-plus-c’ in it…
> 

In that case, we could add the extra systems to the description of the
source package. Does that sound reasonable?

> > +
> > +The package outputs control whether or not executable programs and
> > +images are built alongside the package's usual output, using the
> > +@code{bin} and @code{image} outputs, respectively.
> > +
> > +Packages can also be built which combine other packages into an
> > +executable program or image only, without building another system.
> > +Specifying one of the @code{#:binary?} or @code{#:image?}
> > parameters +will produce this behaviour.
> > +
> > +When building an executable program, the @code{#:entry-program}
> > +parameter, which should be a list of Common Lisp expressions, must
> > be +used to specify what program should be run.  In this program,
> > +@code{arguments} will be bound to the command-line arguments
> > passed. +
> > +The @code{#:image-dependencies} parameter can be used to add
> > packages to +the pre-loaded systems included in the executable
> > program or image. +@code{#:compile-dependencies} specifies a list
> > of additional systems +which should be loaded before a system is
> > compiled.  If the package +depends on special systems exported by
> > the implementation itself, the +@code{#:special-dependencies}
> > parameter should be used to specify them.  
> 
> I’d like to make the build action of ‘program’ or ‘image’ more
> explicit instead of coding them in the build system.  eg:
> 
> --8<---cut here---start->8---
> (define-public sbcl-stumpwm
>   (package
> …
> (arguments
>  '(#:phases
>(modify-phases %standard-phases
>  (add-after 'install 'install-program
>(lambda* (#:key outputs #:allow-other-keys)
>  ((let* ((bin  (assoc-ref outputs "bin"))
> 

Re: [PATCH 0/1] Fix e2fsprogs build failure

[Leo Famulari]

On Wed, Oct 05, 2016 at 11:19:18PM +0200, Ludovic Courtès wrote:
> Leo Famulari  skribis:
> 
> > On my machines, e2fsprogs fails to build with:
> >
> > "make[2]: *** No rule to make target '../lib/libss.so', needed by
> > 'debugfs'.  Stop."
> 
> It’s a good idea to put this line as a comment in the code, but
> otherwise LGTM.  Thanks!

Good idea. Pushed!

Re: Are these paths important to fix/set to (in/out)puts?

[Ludovic Courtès]

Adonay Felipe Nogueira  skribis:

> Although I can barely understand what is written in these files, I see
> paths pointing to "/usr" or simply to paths starting from "/". There are
> others, however, that don't seem to be standard in GuixSD, but are still
> tested for in the files described in the attachment (that is, depending
> on the system being used, its directory hierarchy, and the order of the
> tests, then a different action might be triggered).

You can safely ignore hardcoded file names in Autoconf-generated files
and similar like those that appeared in the file attached to your
message.  gnu-build-system.scm addresses most of these after unpacking
the tarball.

> There is a possibility that can answer my question more safely, that is:
> I don't know if `guix build` isolates the build environment by default,
> but if this is really done by default, then we can focus on fixing paths
> related to the typical directory hierarchy of of GuixSD.

Builds are isolated:

  
https://www.gnu.org/software/guix/manual/html_node/Build-Environment-Setup.html

HTH!

Ludo’.

Re: [PATCH 0/8] Xorg security updates for the master branch

[Leo Famulari]

On Wed, Oct 05, 2016 at 11:17:20PM +0200, Ludovic Courtès wrote:
> Leo Famulari  skribis:
> 
> > There is an Xorg security advisory:
> > https://lists.freedesktop.org/archives/xorg/2016-October/058344.html
> >
> > This patch series applies the patches recommended by upstream using
> > grafts.
> >
> > Leo Famulari (8):
> >   gnu: libx11: Fix CVE-2016-{7942,7943}.
> >   gnu: libxfixes: Fix CVE-2016-7944.
> >   gnu: libxi: Fix CVE-2016-{7945,7946}.
> >   gnu: libxrandr: Fix CVE-2016-{7947,7948}.
> >   gnu: libxrender: Fix CVE-2016-{7949,7950}.
> >   gnu: libxtst: Fix CVE-2016-{7951,7952}.
> >   gnu: libxv: Fix CVE-2016-5407.
> >   gnu: libxvmc: Fix CVE-2016-7953.
> 
> This all LGTM.
> 
> I tested by (1) building and a running a couple of grafted X clients
> talking to my (ungrafted) X server, and (2) building my laptop’s config
> with ‘guix system vm’ and checking that both the X server and typical X
> clients functioned.

Thank you for testing!

> So I think this can go in on master.

Pushed!

> (On core-updates it’s probably best to upgrade these libraries instead
> of patching them, as you wrote on IRC.)

I'll send those in a couple hours.

Re: [PATCH] gnu: Make "guix-devel" a public variable in package-management.scm

[Ludovic Courtès]

Hi,

Chris Marusich  skribis:

> Here's a patch to address the following issue ('guix environment guix
> doesn't provide guix dependencies'):
>
> https://lists.gnu.org/archive/html/guix-devel/2016-09/msg02118.html

Thanks for looking into it!

> I signed the commit with my GPG key, but it seems that 'git
> format-patch' doesn't include the signature.  If you know how to make it
> include the signature, please let me know!

I think it can’t do that.  So in practice whoever pushes signs on your
behalf.

> From 3fa2bc4f0d11fc695bfab9b85981228c1a88e007 Mon Sep 17 00:00:00 2001
> From: Chris Marusich 
> Date: Sun, 2 Oct 2016 13:00:34 -0700
> Subject: [PATCH] gnu: Make "guix-devel" a public variable in
>  package-management.scm
>
> This provides an obvious and easy way to use Guix to set up an environment for
> building Guix from a Git checkout.
>
> * gnu/packages/package-management.scm (guix-devel): Make it public and give it
>   an appropriate name, synopsis, and description.  Change the generated
>   version string to be even shorter so that the tests can actually run.
>   Update all documentation to refer to "guix" when talking about the release
>   version, and "guix-devel" when talking about the development version.

[...]

> -(define guix-devel
> +(define-public guix-devel
>;; Development version of Guix.
>;;
>;; Note: use a very short commit id; with a longer one, the limit on
>;; hash-bang lines would be exceeded while running the tests.
>(let ((commit "4420940f20a2f36f29519f686bca7b85be6be5c9"))
>  (package (inherit guix-0.11.0)
> -  (version (string-append "0.11.0-1." (string-take commit 4)))
> +  (name "guix-devel")
> +  (version (string-take commit 8))
>(source (origin
>  (method git-fetch)
>  (uri (git-reference
> @@ -251,7 +252,16 @@ the Nix package manager.")
>   ("texinfo" ,texinfo)
>   ("graphviz" ,graphviz)
>   ("help2man" ,help2man)
> - ,@(package-native-inputs guix-0.11.0))
> + ,@(package-native-inputs guix-0.11.0)))
> +  (synopsis "Development version of GNU Guix")
> +  (description "GNU Guix is a functional package manager for the GNU
> +system, and is also a distribution thereof.  It includes a virtual machine
> +image.  Besides the usual package management features, it also supports
> +transactional upgrades and roll-backs, per-user profiles, and much more.  It
> +is based on the Nix package manager.  This is a development version which is
> +built from a recent commit in the project's Git repository.  It provides
> +additional dependencies that are not normally required for building the
> +release version, such as GNU Autoconf."
>  
>  (define-public guix guix-devel)

There’s the problem that the ‘guix-devel’ variable above is also the
Guix package that we currently use, and thus it should be called “guix”,
not “guix-devel”.

So what about something along these lines:

diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 70a6a49..8a77c40 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -255,6 +255,18 @@ the Nix package manager.")
 
 (define-public guix guix-devel)
 
+(define-public guix-for-environment
+  ;; We provide this pseudo-package just to allow people to run:
+  ;;   guix environment guix-devel
+  ;; to reliably get the development environment for Guix (using 'guix' for
+  ;; this purpose does not work when 'guix' points to the built-from-tarball
+  ;; package rather than to the built-from-checkout package.)
+  (package
+(inherit guix-devel)
+(name "guix-devel")
+(source #f)   ;not meant to be built
+(supported-systems '(
+
 (define (source-file? file stat)
   "Return true if FILE is likely a source file, false if it is a typical
 generated file."

?

If that’s fine with you, could you incorporate it in your patch?

Minor comment: it’s useful to provide a specialized synopsis like you
did, but I think it’s better to leave the description unchanged rather
than duplicate it almost identical.

Thanks!

Ludo’.

Re: [PATCH 1/1] gnu: json-c: Update to 0.12.1.

[Ludovic Courtès]

Leo Famulari  skribis:

> * gnu/packages/web.scm (json-c): Update to 0.12.1.

OK!

Re: [PATCH 0/8] Xorg security updates for the master branch

[Ludovic Courtès]

Leo Famulari  skribis:

> There is an Xorg security advisory:
> https://lists.freedesktop.org/archives/xorg/2016-October/058344.html
>
> This patch series applies the patches recommended by upstream using
> grafts.
>
> Leo Famulari (8):
>   gnu: libx11: Fix CVE-2016-{7942,7943}.
>   gnu: libxfixes: Fix CVE-2016-7944.
>   gnu: libxi: Fix CVE-2016-{7945,7946}.
>   gnu: libxrandr: Fix CVE-2016-{7947,7948}.
>   gnu: libxrender: Fix CVE-2016-{7949,7950}.
>   gnu: libxtst: Fix CVE-2016-{7951,7952}.
>   gnu: libxv: Fix CVE-2016-5407.
>   gnu: libxvmc: Fix CVE-2016-7953.

This all LGTM.

I tested by (1) building and a running a couple of grafted X clients
talking to my (ungrafted) X server, and (2) building my laptop’s config
with ‘guix system vm’ and checking that both the X server and typical X
clients functioned.

So I think this can go in on master.

(On core-updates it’s probably best to upgrade these libraries instead
of patching them, as you wrote on IRC.)

Thanks a lot!

Ludo’.

[PATCH] gnu: Add CUPS service.

[Andy Wingo]

* gnu/services/cups.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add gnu/services/cups.scm.
* doc/guix.texi (Printing Services): New section.
---
 doc/guix.texi | 552 +
 gnu/local.mk  |   1 +
 gnu/services/cups.scm | 833 ++
 3 files changed, 1386 insertions(+)
 create mode 100644 gnu/services/cups.scm

diff --git a/doc/guix.texi b/doc/guix.texi
index 9bd8b43..9a959a7 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7586,6 +7586,7 @@ declaration.
 * Log Rotation::The rottlog service.
 * Networking Services:: Network setup, SSH daemon, etc.
 * X Window::Graphical display.
+* Printing Services::   Local and remote printer support.
 * Desktop Services::D-Bus and desktop services.
 * Database Services::   SQL databases.
 * Mail Services::   IMAP, POP3, SMTP, and all that.
@@ -8629,6 +8630,557 @@ makes the good ol' XlockMore usable.
 @end deffn
 
 
+@node Printing Services
+@subsubsection Printing Services
+
+The @code{(gnu services cups)} module provides a Guix service definition
+for the CUPS printing service.  To add printer support to a GuixSD
+system, add a @code{cups-service} to the operating system definition:
+
+@deffn {Scheme Procedure} cups-service [#:config (cups-configuration)]
+Return a service that runs the CUPS print server.
+@end deffn
+
+The CUPS configuration controls the basic things about your CUPS
+installation: what interfaces it listens on, what to do if a print job
+fails, how much logging to do, and so on.  To actually add a printer,
+you have to visit the @url{http://localhost:631} URL, or use a tool such
+as GNOME's printer configuration services.  By default, configuring a
+CUPS service will generate a self-signed certificate if needed, for
+secure connections to the print server.
+
+One way you might want to customize CUPS is to enable or disable the web 
interface.  You can do that directly, like this:
+
+@example
+(cups-service #:config
+  (cups-configuration
+   (web-interface? #f)))
+@end example
+
+The available configuration parameters follow.  Each parameter
+definition is preceded by its type; for example, @samp{string-list foo}
+indicates that the @code{foo} parameter should be specified as a list of
+strings.  There is also a way to specify the configuration as a string,
+if you have an old @code{cupsd.conf} file that you want to port over
+from some other system; see the end for more details.
+
+@c The following documentation was initially generated by
+@c (generate-documentation) in (gnu services cups).  Manually maintained
+@c documentation is better, so we shouldn't hesitate to edit below as
+@c needed.  However if the change you want to make to this documentation
+@c can be done in an automated way, it's probably easier to change
+@c (generate-documentation) than to make it below and have to deal with
+@c the churn as CUPS updates.
+
+
+Available @code{cups-configuration} fields are:
+
+@deftypevr {@code{cups-configuration} parameter} package cups
+The CUPS package.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} access-log-level 
access-log-level
+Specifies the logging level for the AccessLog file.  The @code{config}
+level logs when printers and classes are added, deleted, or modified and when
+configuration files are accessed or updated.  The @code{actions} level logs
+when print jobs are submitted, held, released, modified, or canceled, and any
+of the conditions for @code{config}.  The @code{all} level logs all
+requests.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean auto-purge-jobs?
+Specifies whether to purge job history data automatically when it is no
+longer required for quotas.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} browse-local-protocols 
browse-local-protocols
+Specifies which protocols to use for local printer sharing.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean browse-web-if?
+Specifies whether the CUPS web interface is advertised.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean browsing?
+Specifies whether shared printers are advertised.
+Defaults to @samp{#f}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} string classification
+Specifies the security classification of the server.
+Any valid banner name can be used, including "classified", "confidential",
+"secret", "topsecret", and "unclassified", or the banner can be omitted
+to disable secure printing functions.
+Defaults to @samp{""}.
+@end deftypevr
+
+@deftypevr {@code{cups-configuration} parameter} boolean classify-override?
+Specifies whether users may override the classification (cover page) of
+individual print jobs using the @code{job-sheets} option.
+Defaults to @samp{#f}.
+@en

Re: [PATCH 0/1] Fix e2fsprogs build failure

[Ludovic Courtès]

Leo Famulari  skribis:

> On my machines, e2fsprogs fails to build with:
>
> "make[2]: *** No rule to make target '../lib/libss.so', needed by
> 'debugfs'.  Stop."

It’s a good idea to put this line as a comment in the code, but
otherwise LGTM.  Thanks!

Ludo’.

[PATCH]Remove empty doc directory from Hack font installation.

[Dmitry Nikolaev]

Hi. Hack font original zip file does not contain any documentation about
it, so empty doc directory in its installation is useless. This patch
removes it.

Dmitry Nikolaev
From b85bb829aa5e8f8701e88c65c01b87976a7c5e1c Mon Sep 17 00:00:00 2001
From: 8p8c 
Date: Thu, 6 Oct 2016 00:15:53 +0300
Subject: [PATCH] Remove empty doc directory from Hack font installation.

---
 gnu/packages/fonts.scm | 11 ++-
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 9482d7a..95bc644 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -837,22 +837,15 @@ glyph designs, not just an added slant.")
  "unzip")
   "/bin"))
  (font-dir (string-append %output
-  "/share/fonts/truetype"))
- (doc-dir  (string-append %output "/share/doc/"
-  ,name "-" ,version)))
+  "/share/fonts/truetype")))
  (setenv "PATH" PATH)
  (system* "unzip" (assoc-ref %build-inputs "source"))
 
  (mkdir-p font-dir)
- (mkdir-p doc-dir)
  (for-each (lambda (ttf)
  (copy-file ttf
 (string-append font-dir "/" ttf)))
-   (find-files "." "\\.ttf$"))
- (for-each (lambda (doc)
- (copy-file doc
-(string-append doc-dir "/" doc)))
-   (find-files "." "\\.txt$"))
+   (find-files "." "\\.ttf$"))
 (native-inputs
  `(("source" ,source)
("unzip" ,unzip)))
-- 
2.10.0

[PATCH]Add ati support to xorg configuration.

[Dmitry Nikolaev]

Hi. Without this patch I couldn't run X on my Radeon card.

Dmitry Nikolaev
From 25f8f50e1bd6efaee0008283ca1de8b1fe951d7e Mon Sep 17 00:00:00 2001
From: 8p8c 
Date: Thu, 6 Oct 2016 00:09:00 +0300
Subject: [PATCH] Add Ati drivers to xorg configuration

---
 gnu/services/xorg.scm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gnu/services/xorg.scm b/gnu/services/xorg.scm
index d098d83..ccac677 100644
--- a/gnu/services/xorg.scm
+++ b/gnu/services/xorg.scm
@@ -108,6 +108,7 @@ Section \"Files\"
   FontPath \"" font-adobe75dpi "/share/fonts/X11/75dpi\"
   ModulePath \"" xf86-video-vesa "/lib/xorg/modules/drivers\"
   ModulePath \"" xf86-video-fbdev "/lib/xorg/modules/drivers\"
+  ModulePath \"" xf86-video-ati "/lib/xorg/modules/drivers\"
   ModulePath \"" xf86-video-modesetting "/lib/xorg/modules/drivers\"
   ModulePath \"" xf86-video-cirrus "/lib/xorg/modules/drivers\"
   ModulePath \"" xf86-video-intel "/lib/xorg/modules/drivers\"
@@ -145,6 +146,7 @@ EndSection
 (define %default-xorg-modules
   (list xf86-video-vesa
 xf86-video-fbdev
+xf86-video-ati
 xf86-video-modesetting
 xf86-video-cirrus
 xf86-video-intel
-- 
2.10.0

[PATCH]Add PT Astra font.

[Dmitry Nikolaev]

Hi. PT Astra is a free font metric compatible with proprietary Times New
Roman.

Dmitry Nikolaev
From 1e037b8dbb4c2249849922dceb637ee58ad33c65 Mon Sep 17 00:00:00 2001
From: 8p8c 
Date: Thu, 6 Oct 2016 00:02:58 +0300
Subject: [PATCH] Add PT Astra font.

---
 gnu/packages/fonts.scm | 43 +++
 1 file changed, 43 insertions(+)

diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index fe6c227..9482d7a 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -865,3 +865,46 @@ powerline support.")
 (license (license:x11-style
   "https://github.com/chrissimpkins/Hack/blob/master/LICENSE.md";
   "Hack Open Font License v2.0"
+
+(define-public font-pt-astra
+  (package
+(name "font-pt-astra")
+(version "1001")
+(source (origin
+  (method url-fetch)
+  (uri (string-append
+"http://astralinux.com/images/fonts/PTAstraSan&Serif_TTF_ver";
+version
+".zip"))
+  (sha256
+   (base32
+"11aaj3wq0z8f4w52axdb7ca44l7zm72cx7a1w11qvyl71bzl28ms"))
+  (file-name "font-pt-astra.zip")))
+(build-system trivial-build-system)
+(arguments
+ `(#:modules ((guix build utils))
+   #:builder (begin
+   (use-modules (guix build utils)
+(srfi srfi-26))
+
+   (let ((PATH (string-append (assoc-ref %build-inputs
+ "unzip")
+  "/bin"))
+ (font-dir (string-append %output
+  "/share/fonts/truetype")))
+ (setenv "PATH" PATH)
+ (system* "unzip" (assoc-ref %build-inputs "source"))
+
+ (mkdir-p font-dir)
+ (for-each (lambda (ttf)
+ (copy-file ttf
+(string-append font-dir "/" ttf)))
+   (find-files "." "\\.ttf$"))
+(native-inputs
+ `(("source" ,source)
+   ("unzip" ,unzip)))
+(home-page "https://astralinux.com/fonts.html";)
+(synopsis "A typeface metric compatible with Times New Roman.")
+(description "PT Astra is a free typeface which is metric
+compatible with proprietary Times New Roman.")
+(license license:silofl1.1)))
-- 
2.10.0

Re: mailmap: new address.

[Leo Famulari]

On Wed, Oct 05, 2016 at 09:55:23AM +, ng0 wrote:
> Can someone apply this trivial patch? Thanks in advance.

Done!

> ng0  writes:
> 
> > [ Unknown signature status ]
> > This is in a patchset which is waiting for review, but as new patches
> > get added, this should be applied.
> > I am retiring my own domains next year, falling back to my hoster
> > provided ones now.
> > Future commits will be made by ngillm...@runbox.com only.
> >
> > From f2339786a1707dc53415156d6f973f339235b481 Mon Sep 17 00:00:00 2001
> > From: ng0 
> > Date: Wed, 21 Sep 2016 09:55:40 +
> > Subject: [PATCH 5/8] mailmap: Add new address for ng0.
> >
> > ---
> >  .mailmap | 7 ---
> >  1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/.mailmap b/.mailmap
> > index 2af7760..4f756ec 100644
> > --- a/.mailmap
> > +++ b/.mailmap
> > @@ -30,9 +30,10 @@ Ludovic Courtès  
> >  Mathieu Lirzin  
> >  Mathieu Lirzin  
> >  Nikita Karetnikov  
> > -ng0  
> > -ng0  
> > -ng0  
> > +ng0  
> > +ng0  
> > +ng0  
> > +ng0  
> >  Pjotr Prins 
> >  Pjotr Prins  
> >  Raimon Grau  
> > -- 
> > 2.10.0
> >
> > -- 
> >   ng0
> 
> -- 
> 

Re: [PATCH] Add Vc

[Leo Famulari]

On Mon, Oct 03, 2016 at 10:45:15AM +0200, Ricardo Wurmus wrote:
> The rest looks good to me!  Thanks!

Thanks for the review. Pushed with your suggestions :)

Re: [PATCH] gnu: Add r-bsgenome-celegans-ucsc-ce10.

[Leo Famulari]

On Wed, Oct 05, 2016 at 02:27:20PM +0200, Ricardo Wurmus wrote:
> * gnu/packages/bioinformatics.scm (r-bsgenome-celegans-ucsc-ce10): New
> variable.

Looks reasonable to this layperson.

Re: [PATCH] gnu: lispf4: Remove it.

[Leo Famulari]

On Wed, Oct 05, 2016 at 12:26:27PM +, ng0 wrote:
> * gnu/packages/lisp.scm (lispf4): Delete variable.
> The package in its current state is unusable and documentation
> with unclear licenses is included.

Pushed with some additional comments.

Re: Contents of /etc/hosts

[Ludovic Courtès]

Hi!

John Darrington  skribis:

> So ... my recommendations:
>
> 1. We change /etc/hosts to read
>
>
>  127.0.0.1 localhost.localdomain localhost 
>  ::1   localhost.localdomain localhost
>
>  127.0.0.2 gambrinus

It’s not very useful to have “localhost.localdomain”, is it?  Also,
shouldn’t we keep the same address for both names?

Like:

  127.0.0.1 localhost
  ::1   localhost
  127.0.0.1 gambrinus
  ::1   gambrinus

Or am I missing something?

> 2. We put some checks in guix system to ensure that the host-name field does 
> not
>  exceed 63 bytes (not characters) and that it conforms to the format of 
> RFC1034

Sure, makes sense.

> Any objections if I commit a patch to gnu/system.scm ??

Send it first.  :-)

Thanks,
Ludo’.

Re: [PATCH 0/8] Xorg security updates for the master branch

[Leo Famulari]

On Wed, Oct 05, 2016 at 01:55:53PM -0400, Leo Famulari wrote:
> There is an Xorg security advisory:
> https://lists.freedesktop.org/archives/xorg/2016-October/058344.html
> 
> This patch series applies the patches recommended by upstream using
> grafts.

BTW, I'm looking for somebody who uses a graphical GuixSD system to test
these patches. I don't currently have a graphical GuixSD system to try
them on.

Contents of /etc/hosts

[John Darrington]

Further to discussions on #guix earlier this week ...

Some of us are concerned about what we currently have in /etc/hosts viz:

127.0.0.1 localhost gambrinus
::1   localhost gambrinus

(my machine is called "gambrinus")


This is a problem becuase it means that "hostname -f" returns the wrong thing.

Further, the man page for hostname (from the net-tools package) says:

   The  recommended  method  of  setting  the  FQDN  is  to make the hostname be
   an alias for the fully qualified name using /etc/hosts, DNS, or NIS.  For
   example, if the hostname was "ursula", one might have a line in /etc/hosts
   which reads:

   127.0.1.1ursula.example.com ursula

However I would recommend 127.0.0.2 instead of 127.0.1.1 because RFC 3330
mentions that 127.0.0.0/8 is reserved for loopback, but the rest of
127.0.0.0/16 subject to allocation.


Many systems also have a file called /etc/hostname and  according to the 
hostname man page:

 /etc/hostname  Historically this file was supposed to only contain the
 hostname and not the full canonical FQDN.  Nowadays  most software is able
 to cope with a full FQDN here. This file is read at boot time by the system
 initialization  scripts to set the hostname.


Guix of course uses /etc/config.scm so we don't need /etc/hostname but there
might be some rougue programs which rely on it so perhaps we should have one.


When setting the name via the net-utils "hostname" utility,
HOST_NAME_MAX is the maximum length which can be passed to sethostname.
On Linux, this limit is 64


So security conscious programs (notably kerberos) will refuse to operate if
the forward and reverse DNS do not agree.


Some DHCP servers are configured to return the domain name which they
expect the host to use.

RFC 1034 \union 1123
stipulates that, labels may contain the characters [a-zA-Z0-9-] and \
may not start with - 

In services/base.scm we have:

(define host-name-service-type
  (shepherd-service-type
   'host-name
   (lambda (name)
 (shepherd-service
  (documentation "Initialize the machine's host name.")
  (provision '(host-name))
  (start #~(lambda _
 (sethostname #$name)))
  (respawn? #f)

This will fail if /etc/config.scm has is too long, or has invalid characters.
So we should check it in system reconfigure.


So ... my recommendations:

1. We change /etc/hosts to read


 127.0.0.1 localhost.localdomain localhost 
 ::1   localhost.localdomain localhost

 127.0.0.2 gambrinus


2. We put some checks in guix system to ensure that the host-name field does not
 exceed 63 bytes (not characters) and that it conforms to the format of RFC1034


Any objections if I commit a patch to gnu/system.scm ??

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.



signature.asc
Description: Digital signature

[PATCH 5/8] gnu: libxrender: Fix CVE-2016-{7949,7950}.

[Leo Famulari]

* gnu/packages/patches/libxrender-CVE-2016-7949.patch,
gnu/packages/patches/libxrender-CVE-2016-7950.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xorg.scm (libxrender)[replacement]: New field.
(libxrender/fixed): New variable.
---
 gnu/local.mk   |  2 +
 .../patches/libxrender-CVE-2016-7949.patch | 66 +++
 .../patches/libxrender-CVE-2016-7950.patch | 73 ++
 gnu/packages/xorg.scm  |  9 +++
 4 files changed, 150 insertions(+)
 create mode 100644 gnu/packages/patches/libxrender-CVE-2016-7949.patch
 create mode 100644 gnu/packages/patches/libxrender-CVE-2016-7950.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 22d63a9..ec237d9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -674,6 +674,8 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libxfixes-CVE-2016-7944.patch   \
   %D%/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch \
   %D%/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch \
+  %D%/packages/patches/libxrender-CVE-2016-7949.patch  \
+  %D%/packages/patches/libxrender-CVE-2016-7950.patch  \
   %D%/packages/patches/libxslt-generated-ids.patch \
   %D%/packages/patches/lirc-localstatedir.patch\
   %D%/packages/patches/llvm-for-extempore.patch\
diff --git a/gnu/packages/patches/libxrender-CVE-2016-7949.patch 
b/gnu/packages/patches/libxrender-CVE-2016-7949.patch
new file mode 100644
index 000..3a2be4e
--- /dev/null
+++ b/gnu/packages/patches/libxrender-CVE-2016-7949.patch
@@ -0,0 +1,66 @@
+Fix CVE-2016-7949:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7949
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
+
+From 9362c7ddd1af3b168953d0737877bc52d79c94f4 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 21:43:09 +0200
+Subject: [PATCH] Validate lengths while parsing server data.
+
+Individual lengths inside received server data can overflow
+the previously reserved memory.
+
+It is therefore important to validate every single length
+field to not overflow the previously agreed sum of all invidual
+length fields.
+
+v2: consume remaining bytes in the reply buffer on error.
+
+Signed-off-by: Tobias Stoeckmann 
+Reviewed-by: Matthieu he...@laas.fr
+---
+ src/Xrender.c | 18 ++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/Xrender.c b/src/Xrender.c
+index 3102eb2..71cf3e6 100644
+--- a/src/Xrender.c
 b/src/Xrender.c
+@@ -533,12 +533,30 @@ XRenderQueryFormats (Display *dpy)
+   screen->fallback = _XRenderFindFormat (xri, xScreen->fallback);
+   screen->subpixel = SubPixelUnknown;
+   xDepth = (xPictDepth *) (xScreen + 1);
++  if (screen->ndepths > rep.numDepths) {
++  Xfree (xri);
++  Xfree (xData);
++  _XEatDataWords (dpy, rep.length);
++  UnlockDisplay (dpy);
++  SyncHandle ();
++  return 0;
++  }
++  rep.numDepths -= screen->ndepths;
+   for (nd = 0; nd < screen->ndepths; nd++)
+   {
+   depth->depth = xDepth->depth;
+   depth->nvisuals = xDepth->nPictVisuals;
+   depth->visuals = visual;
+   xVisual = (xPictVisual *) (xDepth + 1);
++  if (depth->nvisuals > rep.numVisuals) {
++  Xfree (xri);
++  Xfree (xData);
++  _XEatDataWords (dpy, rep.length);
++  UnlockDisplay (dpy);
++  SyncHandle ();
++  return 0;
++  }
++  rep.numVisuals -= depth->nvisuals;
+   for (nv = 0; nv < depth->nvisuals; nv++)
+   {
+   visual->visual = _XRenderFindVisual (dpy, xVisual->visual);
+-- 
+2.10.1
+
diff --git a/gnu/packages/patches/libxrender-CVE-2016-7950.patch 
b/gnu/packages/patches/libxrender-CVE-2016-7950.patch
new file mode 100644
index 000..1a64b6e
--- /dev/null
+++ b/gnu/packages/patches/libxrender-CVE-2016-7950.patch
@@ -0,0 +1,73 @@
+Fix CVE-2016-7950:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7950
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
+
+From 8fad00b0b647ee662ce4737ca15be033b7a21714 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 21:42:09 +0200
+Subject: [PATCH] Avoid OOB write in XRenderQueryFilters
+
+The memory for filter names is reserved right after receiving the reply.
+After that, filters are iterated and each individual filter name is
+stored in that reserved memory.
+
+The individual name lengths are not checked for validity, which means
+that a malicious server can reserve less memory than it will write to
+during each iteration.
+
+v2: consume remaini

[PATCH 7/8] gnu: libxv: Fix CVE-2016-5407.

[Leo Famulari]

* gnu/packages/patches/libxv-CVE-2016-5407.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxv)[replacement]: New field.
(libxv/fixed): New variable.
---
 gnu/local.mk   |   1 +
 gnu/packages/patches/libxv-CVE-2016-5407.patch | 162 +
 gnu/packages/xorg.scm  |   8 ++
 3 files changed, 171 insertions(+)
 create mode 100644 gnu/packages/patches/libxv-CVE-2016-5407.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 7489ab7..92b5e66 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -677,6 +677,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libxrender-CVE-2016-7949.patch  \
   %D%/packages/patches/libxrender-CVE-2016-7950.patch  \
   %D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch   \
+  %D%/packages/patches/libxv-CVE-2016-5407.patch   \
   %D%/packages/patches/libxslt-generated-ids.patch \
   %D%/packages/patches/lirc-localstatedir.patch\
   %D%/packages/patches/llvm-for-extempore.patch\
diff --git a/gnu/packages/patches/libxv-CVE-2016-5407.patch 
b/gnu/packages/patches/libxv-CVE-2016-5407.patch
new file mode 100644
index 000..e6a76c9
--- /dev/null
+++ b/gnu/packages/patches/libxv-CVE-2016-5407.patch
@@ -0,0 +1,162 @@
+Fix CVE-2016-5407:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5407
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
+
+From d9da580b46a28ab497de2e94fdc7b9ff953dab17 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 21:30:03 +0200
+Subject: [PATCH] Protocol handling issues in libXv - CVE-2016-5407
+
+The Xv query functions for adaptors and encodings suffer from out of
+boundary accesses if a hostile X server sends a maliciously crafted
+response.
+
+A previous fix already checks the received length against fixed values
+but ignores additional length specifications which are stored inside
+the received data.
+
+These lengths are accessed in a for-loop. The easiest way to guarantee
+a correct processing is by validating all lengths against the
+remaining size left before accessing referenced memory.
+
+This makes the previously applied check obsolete, therefore I removed
+it.
+
+Signed-off-by: Tobias Stoeckmann 
+Reviewed-by: Matthieu Herrb 
+---
+ src/Xv.c | 46 +-
+ 1 file changed, 29 insertions(+), 17 deletions(-)
+
+diff --git a/src/Xv.c b/src/Xv.c
+index e47093a..be450c4 100644
+--- a/src/Xv.c
 b/src/Xv.c
+@@ -158,6 +158,7 @@ XvQueryAdaptors(
+ size_t size;
+ unsigned int ii, jj;
+ char *name;
++char *end;
+ XvAdaptorInfo *pas = NULL, *pa;
+ XvFormat *pfs, *pf;
+ char *buffer = NULL;
+@@ -197,17 +198,13 @@ XvQueryAdaptors(
+ /* GET INPUT ADAPTORS */
+ 
+ if (rep.num_adaptors == 0) {
+-/* If there's no adaptors, there's nothing more to do. */
++/* If there are no adaptors, there's nothing more to do. */
+ status = Success;
+ goto out;
+ }
+ 
+-if (size < (rep.num_adaptors * sz_xvAdaptorInfo)) {
+-/* If there's not enough data for the number of adaptors,
+-   then we have a problem. */
+-status = XvBadReply;
+-goto out;
+-}
++u.buffer = buffer;
++end = buffer + size;
+ 
+ size = rep.num_adaptors * sizeof(XvAdaptorInfo);
+ if ((pas = Xmalloc(size)) == NULL) {
+@@ -225,9 +222,12 @@ XvQueryAdaptors(
+ pa++;
+ }
+ 
+-u.buffer = buffer;
+ pa = pas;
+ for (ii = 0; ii < rep.num_adaptors; ii++) {
++if (u.buffer + sz_xvAdaptorInfo > end) {
++status = XvBadReply;
++goto out;
++}
+ pa->type = u.pa->type;
+ pa->base_id = u.pa->base_id;
+ pa->num_ports = u.pa->num_ports;
+@@ -239,6 +239,10 @@ XvQueryAdaptors(
+ size = u.pa->name_size;
+ u.buffer += pad_to_int32(sz_xvAdaptorInfo);
+ 
++if (u.buffer + size > end) {
++status = XvBadReply;
++goto out;
++}
+ if ((name = Xmalloc(size + 1)) == NULL) {
+ status = XvBadAlloc;
+ goto out;
+@@ -259,6 +263,11 @@ XvQueryAdaptors(
+ 
+ pf = pfs;
+ for (jj = 0; jj < pa->num_formats; jj++) {
++if (u.buffer + sz_xvFormat > end) {
++Xfree(pfs);
++status = XvBadReply;
++goto out;
++}
+ pf->depth = u.pf->depth;
+ pf->visual_id = u.pf->visual;
+ pf++;
+@@ -327,6 +336,7 @@ XvQueryEncodings(
+ size_t size;
+ unsigned int jj;
+ char *name;
++char *end;
+ XvEncodingInfo *pes = NULL, *pe;
+ char *buffer = NULL;
+ union {
+@@ -364,17 +374,13 @@ XvQueryEncodings(
+ /* GET ENCODINGS 

[PATCH 8/8] gnu: libxvmc: Fix CVE-2016-7953.

[Leo Famulari]

* gnu/packages/patches/libxvmc-CVE-2016-7953.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxvmc)[replacement]: New field.
(libxvmc/fixed): New variable.
---
 gnu/local.mk |  1 +
 gnu/packages/patches/libxvmc-CVE-2016-7953.patch | 42 
 gnu/packages/xorg.scm|  8 +
 3 files changed, 51 insertions(+)
 create mode 100644 gnu/packages/patches/libxvmc-CVE-2016-7953.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 92b5e66..867946d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -678,6 +678,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libxrender-CVE-2016-7950.patch  \
   %D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch   \
   %D%/packages/patches/libxv-CVE-2016-5407.patch   \
+  %D%/packages/patches/libxvmc-CVE-2016-7953.patch \
   %D%/packages/patches/libxslt-generated-ids.patch \
   %D%/packages/patches/lirc-localstatedir.patch\
   %D%/packages/patches/llvm-for-extempore.patch\
diff --git a/gnu/packages/patches/libxvmc-CVE-2016-7953.patch 
b/gnu/packages/patches/libxvmc-CVE-2016-7953.patch
new file mode 100644
index 000..737abde
--- /dev/null
+++ b/gnu/packages/patches/libxvmc-CVE-2016-7953.patch
@@ -0,0 +1,42 @@
+Fix CVE-2016-7953:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
+
+From 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 22:34:27 +0200
+Subject: [PATCH] Avoid buffer underflow on empty strings.
+
+If an empty string is received from an x-server, do not underrun the
+buffer by accessing "rep.nameLen - 1" unconditionally, which could end
+up being -1.
+
+Signed-off-by: Tobias Stoeckmann 
+Reviewed-by: Matthieu Herrb 
+---
+ src/XvMC.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/XvMC.c b/src/XvMC.c
+index 7336760..3ee4212 100644
+--- a/src/XvMC.c
 b/src/XvMC.c
+@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port,
+   if (*name && *busID && tmpBuf) {
+   _XRead(dpy, tmpBuf, realSize);
+   strncpy(*name,tmpBuf,rep.nameLen);
+-  (*name)[rep.nameLen - 1] = '\0';
++  (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0';
+   strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen);
+-  (*busID)[rep.busIDLen - 1] = '\0';
++  (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0';
+   XFree(tmpBuf);
+   } else {
+   XFree(*name);
+-- 
+2.10.1
+
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 448ac65..aa2b99a 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4998,6 +4998,7 @@ new API's in libXft, or the legacy API's in libX11.")
 (define-public libxvmc
   (package
 (name "libxvmc")
+(replacement libxvmc/fixed)
 (version "1.0.9")
 (source
   (origin
@@ -5023,6 +5024,13 @@ new API's in libXft, or the legacy API's in libX11.")
 (description "Xorg XvMC library.")
 (license license:x11)))
 
+(define libxvmc/fixed
+  (package
+(inherit libxvmc)
+(source (origin
+  (inherit (package-source libxvmc))
+  (patches (search-patches
+ "libxvmc-CVE-2016-7953.patch"))
 
 (define-public libxxf86vm
   (package
-- 
2.10.1

[PATCH 6/8] gnu: libxtst: Fix CVE-2016-{7951,7952}.

[Leo Famulari]

* gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxtst)[replacement]: New field.
(libxtst/fixed): New variable.
---
 gnu/local.mk   |   1 +
 .../libxtst-CVE-2016-7951-CVE-2016-7952.patch  | 152 +
 gnu/packages/xorg.scm  |   8 ++
 3 files changed, 161 insertions(+)
 create mode 100644 
gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index ec237d9..7489ab7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -676,6 +676,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch \
   %D%/packages/patches/libxrender-CVE-2016-7949.patch  \
   %D%/packages/patches/libxrender-CVE-2016-7950.patch  \
+  %D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch   \
   %D%/packages/patches/libxslt-generated-ids.patch \
   %D%/packages/patches/lirc-localstatedir.patch\
   %D%/packages/patches/llvm-for-extempore.patch\
diff --git a/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch 
b/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch
new file mode 100644
index 000..9df6cf3
--- /dev/null
+++ b/gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch
@@ -0,0 +1,152 @@
+Fix CVE-2016-7951 and CVE-2016-7952
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7951
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7952
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
+
+From 9556ad67af3129ec4a7a4f4b54a0d59701beeae3 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 21:37:01 +0200
+Subject: [PATCH] Out of boundary access and endless loop in libXtst
+
+A lack of range checks in libXtst allows out of boundary accesses.
+The checks have to be done in-place here, because it cannot be done
+without in-depth knowledge of the read data.
+
+If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied
+without a client sequence have attached data, an endless loop would
+occur. The do-while-loop continues until the current index reaches
+the end. But in these cases, the current index would not be
+incremented, leading to an endless processing.
+
+Signed-off-by: Tobias Stoeckmann 
+Reviewed-by: Matthieu Herrb 
+---
+ src/XRecord.c | 43 +++
+ 1 file changed, 39 insertions(+), 4 deletions(-)
+
+diff --git a/src/XRecord.c b/src/XRecord.c
+index 50420c0..fefd842 100644
+--- a/src/XRecord.c
 b/src/XRecord.c
+@@ -749,15 +749,23 @@ parse_reply_call_callback(
+   switch (rep->category) {
+   case XRecordFromServer:
+   if (rep->elementHeader&XRecordFromServerTime) {
++  if (current_index + 4 > rep->length << 2)
++  return Error;
+   EXTRACT_CARD32(rep->clientSwapped,
+  reply->buf+current_index,
+  data->server_time);
+   current_index += 4;
+   }
++  if (current_index + 1 > rep->length << 2)
++  return Error;
+   switch (reply->buf[current_index]) {
+   case X_Reply: /* reply */
++  if (current_index + 8 > rep->length << 2)
++  return Error;
+   EXTRACT_CARD32(rep->clientSwapped,
+  reply->buf+current_index+4, datum_bytes);
++  if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
++  return Error;
+   datum_bytes = (datum_bytes+8) << 2;
+   break;
+   default: /* error or event */
+@@ -766,52 +774,73 @@ parse_reply_call_callback(
+   break;
+   case XRecordFromClient:
+   if (rep->elementHeader&XRecordFromClientTime) {
++  if (current_index + 4 > rep->length << 2)
++  return Error;
+   EXTRACT_CARD32(rep->clientSwapped,
+  reply->buf+current_index,
+  data->server_time);
+   current_index += 4;
+   }
+   if (rep->elementHeader&XRecordFromClientSequence) {
++  if (current_index + 4 > rep->length << 2)
++  return Error;
+   EXTRACT_CARD32(rep->clientSwapped,
+  reply->buf+current_index,
+  data->client_seq);
+   current_index += 4;
+   }
++  if (current_index + 4 > rep->length<<2)
++  return Error;
+   if (reply->buf[current_index+2] == 0
+   && reply->buf[current_index+3] == 0) /* needn't swap 0 */
+   {   /* BIG-REQUESTS */
++   

[PATCH 4/8] gnu: libxrandr: Fix CVE-2016-{7947,7948}.

[Leo Famulari]

* gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxrandr)[replacement]: New field.
(libxrandr/fixed): New variable.
---
 gnu/local.mk   |   1 +
 .../libxrandr-CVE-2016-7947-CVE-2016-7948.patch| 447 +
 gnu/packages/xorg.scm  |   8 +
 3 files changed, 456 insertions(+)
 create mode 100644 
gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index e092c84..22d63a9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -673,6 +673,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libx11-CVE-2016-7943.patch  \
   %D%/packages/patches/libxfixes-CVE-2016-7944.patch   \
   %D%/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch \
+  %D%/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch \
   %D%/packages/patches/libxslt-generated-ids.patch \
   %D%/packages/patches/lirc-localstatedir.patch\
   %D%/packages/patches/llvm-for-extempore.patch\
diff --git a/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch 
b/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch
new file mode 100644
index 000..ece8b18
--- /dev/null
+++ b/gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch
@@ -0,0 +1,447 @@
+Fix CVE-2016-7947 and CVE-2016-7948.
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7947
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7948
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
+
+From a0df3e1c7728205e5c7650b2e6dce684139254a6 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 22:21:40 +0200
+Subject: [PATCH] Avoid out of boundary accesses on illegal responses
+
+The responses of the connected X server have to be properly checked
+to avoid out of boundary accesses that could otherwise be triggered
+by a malicious server.
+
+Signed-off-by: Tobias Stoeckmann 
+Reviewed-by: Matthieu Herrb 
+---
+ src/XrrConfig.c   | 32 +
+ src/XrrCrtc.c | 83 ++-
+ src/XrrMonitor.c  | 18 
+ src/XrrOutput.c   | 11 
+ src/XrrProvider.c | 28 ---
+ src/XrrScreen.c   | 52 ++
+ 6 files changed, 172 insertions(+), 52 deletions(-)
+
+diff --git a/src/XrrConfig.c b/src/XrrConfig.c
+index 2f0282b..e68c45a 100644
+--- a/src/XrrConfig.c
 b/src/XrrConfig.c
+@@ -29,6 +29,7 @@
+ #include 
+ #endif
+ 
++#include 
+ #include 
+ #include 
+ /* we need to be able to manipulate the Display structure on events */
+@@ -272,23 +273,30 @@ static XRRScreenConfiguration *_XRRGetScreenInfo 
(Display *dpy,
+   rep.rate = 0;
+   rep.nrateEnts = 0;
+ }
++if (rep.length < INT_MAX >> 2) {
++  nbytes = (long) rep.length << 2;
+ 
+-nbytes = (long) rep.length << 2;
++  nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
++  ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF(CARD16) */);
+ 
+-nbytesRead = (long) (rep.nSizes * SIZEOF (xScreenSizes) +
+-   ((rep.nrateEnts + 1)& ~1) * 2 /* SIZEOF (CARD16) */);
++  /*
++   * first we must compute how much space to allocate for
++   * randr library's use; we'll allocate the structures in a single
++   * allocation, on cleanlyness grounds.
++   */
+ 
+-/*
+- * first we must compute how much space to allocate for
+- * randr library's use; we'll allocate the structures in a single
+- * allocation, on cleanlyness grounds.
+- */
++  rbytes = sizeof (XRRScreenConfiguration) +
++(rep.nSizes * sizeof (XRRScreenSize) +
++ rep.nrateEnts * sizeof (int));
+ 
+-rbytes = sizeof (XRRScreenConfiguration) +
+-  (rep.nSizes * sizeof (XRRScreenSize) +
+-   rep.nrateEnts * sizeof (int));
++  scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
++} else {
++  nbytes = 0;
++  nbytesRead = 0;
++  rbytes = 0;
++  scp = NULL;
++}
+ 
+-scp = (struct _XRRScreenConfiguration *) Xmalloc(rbytes);
+ if (scp == NULL) {
+   _XEatData (dpy, (unsigned long) nbytes);
+   return NULL;
+diff --git a/src/XrrCrtc.c b/src/XrrCrtc.c
+index 5ae35c5..6665092 100644
+--- a/src/XrrCrtc.c
 b/src/XrrCrtc.c
+@@ -24,6 +24,7 @@
+ #include 
+ #endif
+ 
++#include 
+ #include 
+ #include 
+ /* we need to be able to manipulate the Display structure on events */
+@@ -57,22 +58,33 @@ XRRGetCrtcInfo (Display *dpy, XRRScreenResources 
*resources, RRCrtc crtc)
+   return NULL;
+ }
+ 
+-nbytes = (long) rep.length << 2;
++if (rep.length < INT_MAX >> 2)
++{
++  nbytes = (long

[PATCH 0/8] Xorg security updates for the master branch

[Leo Famulari]

There is an Xorg security advisory:
https://lists.freedesktop.org/archives/xorg/2016-October/058344.html

This patch series applies the patches recommended by upstream using
grafts.

Leo Famulari (8):
  gnu: libx11: Fix CVE-2016-{7942,7943}.
  gnu: libxfixes: Fix CVE-2016-7944.
  gnu: libxi: Fix CVE-2016-{7945,7946}.
  gnu: libxrandr: Fix CVE-2016-{7947,7948}.
  gnu: libxrender: Fix CVE-2016-{7949,7950}.
  gnu: libxtst: Fix CVE-2016-{7951,7952}.
  gnu: libxv: Fix CVE-2016-5407.
  gnu: libxvmc: Fix CVE-2016-7953.

 gnu/local.mk   |  10 +
 gnu/packages/patches/libx11-CVE-2016-7942.patch|  76 
 gnu/packages/patches/libx11-CVE-2016-7943.patch| 113 ++
 gnu/packages/patches/libxfixes-CVE-2016-7944.patch |  62 +++
 .../libxi-CVE-2016-7945-CVE-2016-7946.patch| 420 +++
 .../libxrandr-CVE-2016-7947-CVE-2016-7948.patch| 447 +
 .../patches/libxrender-CVE-2016-7949.patch |  66 +++
 .../patches/libxrender-CVE-2016-7950.patch |  73 
 .../libxtst-CVE-2016-7951-CVE-2016-7952.patch  | 152 +++
 gnu/packages/patches/libxv-CVE-2016-5407.patch | 162 
 gnu/packages/patches/libxvmc-CVE-2016-7953.patch   |  42 ++
 gnu/packages/xorg.scm  |  66 +++
 12 files changed, 1689 insertions(+)
 create mode 100644 gnu/packages/patches/libx11-CVE-2016-7942.patch
 create mode 100644 gnu/packages/patches/libx11-CVE-2016-7943.patch
 create mode 100644 gnu/packages/patches/libxfixes-CVE-2016-7944.patch
 create mode 100644 gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch
 create mode 100644 
gnu/packages/patches/libxrandr-CVE-2016-7947-CVE-2016-7948.patch
 create mode 100644 gnu/packages/patches/libxrender-CVE-2016-7949.patch
 create mode 100644 gnu/packages/patches/libxrender-CVE-2016-7950.patch
 create mode 100644 
gnu/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch
 create mode 100644 gnu/packages/patches/libxv-CVE-2016-5407.patch
 create mode 100644 gnu/packages/patches/libxvmc-CVE-2016-7953.patch

-- 
2.10.1

[PATCH 1/8] gnu: libx11: Fix CVE-2016-{7942,7943}.

[Leo Famulari]

* gnu/packages/patches/libx11-CVE-2016-7942.patch,
gnu/packages/patches/libx11-CVE-2016-7943.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xorg.scm (libx11)[replacement]: New field.
(libx11/fixed): New variable.
---
 gnu/local.mk|   2 +
 gnu/packages/patches/libx11-CVE-2016-7942.patch |  76 
 gnu/packages/patches/libx11-CVE-2016-7943.patch | 113 
 gnu/packages/xorg.scm   |   9 ++
 4 files changed, 200 insertions(+)
 create mode 100644 gnu/packages/patches/libx11-CVE-2016-7942.patch
 create mode 100644 gnu/packages/patches/libx11-CVE-2016-7943.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index a609bf6..03d07f6 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -669,6 +669,8 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch\
   %D%/packages/patches/libwmf-CVE-2015-4695.patch  \
   %D%/packages/patches/libwmf-CVE-2015-4696.patch  \
+  %D%/packages/patches/libx11-CVE-2016-7942.patch  \
+  %D%/packages/patches/libx11-CVE-2016-7943.patch  \
   %D%/packages/patches/libxslt-generated-ids.patch \
   %D%/packages/patches/lirc-localstatedir.patch\
   %D%/packages/patches/llvm-for-extempore.patch\
diff --git a/gnu/packages/patches/libx11-CVE-2016-7942.patch 
b/gnu/packages/patches/libx11-CVE-2016-7942.patch
new file mode 100644
index 000..7577023
--- /dev/null
+++ b/gnu/packages/patches/libx11-CVE-2016-7942.patch
@@ -0,0 +1,76 @@
+Fix CVE-2016-7942:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7942
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
+
+From 8ea762f94f4c942d898fdeb590a1630c83235c17 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 21:25:25 +0200
+Subject: [PATCH] Validation of server responses in XGetImage()
+
+Check if enough bytes were received for specified image type and
+geometry. Otherwise GetPixel and other functions could trigger an
+out of boundary read later on.
+
+Signed-off-by: Tobias Stoeckmann 
+Reviewed-by: Matthieu Herrb 
+---
+ src/GetImage.c | 29 -
+ 1 file changed, 20 insertions(+), 9 deletions(-)
+
+diff --git a/src/GetImage.c b/src/GetImage.c
+index c461abc..ff32d58 100644
+--- a/src/GetImage.c
 b/src/GetImage.c
+@@ -59,6 +59,7 @@ XImage *XGetImage (
+   char *data;
+   unsigned long nbytes;
+   XImage *image;
++  int planes;
+   LockDisplay(dpy);
+   GetReq (GetImage, req);
+   /*
+@@ -91,18 +92,28 @@ XImage *XGetImage (
+   return (XImage *) NULL;
+   }
+ _XReadPad (dpy, data, nbytes);
+-if (format == XYPixmap)
+- image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
+-Ones (plane_mask &
+-  (((unsigned long)0x) >> (32 - rep.depth))),
+-format, 0, data, width, height, dpy->bitmap_pad, 0);
+-  else /* format == ZPixmap */
+-   image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
+-   rep.depth, ZPixmap, 0, data, width, height,
+-_XGetScanlinePad(dpy, (int) rep.depth), 0);
++if (format == XYPixmap) {
++  image = XCreateImage(dpy, _XVIDtoVisual(dpy, rep.visual),
++  Ones (plane_mask &
++  (((unsigned long)0x) >> (32 - rep.depth))),
++  format, 0, data, width, height, dpy->bitmap_pad, 0);
++  planes = image->depth;
++  } else { /* format == ZPixmap */
++image = XCreateImage (dpy, _XVIDtoVisual(dpy, rep.visual),
++  rep.depth, ZPixmap, 0, data, width, height,
++  _XGetScanlinePad(dpy, (int) rep.depth), 0);
++  planes = 1;
++  }
+ 
+   if (!image)
+   Xfree(data);
++  if (planes < 1 || image->height < 1 || image->bytes_per_line < 1 ||
++  INT_MAX / image->height <= image->bytes_per_line ||
++  INT_MAX / planes <= image->height * image->bytes_per_line ||
++  nbytes < planes * image->height * image->bytes_per_line) {
++  XDestroyImage(image);
++  image = NULL;
++  }
+   UnlockDisplay(dpy);
+   SyncHandle();
+   return (image);
+-- 
+2.10.1
+
diff --git a/gnu/packages/patches/libx11-CVE-2016-7943.patch 
b/gnu/packages/patches/libx11-CVE-2016-7943.patch
new file mode 100644
index 000..7bcbc58
--- /dev/null
+++ b/gnu/packages/patches/libx11-CVE-2016-7943.patch
@@ -0,0 +1,113 @@
+Fix CVE-2016-7943:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7943.
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
+
+From 8c29f1607a31da

[PATCH 2/8] gnu: libxfixes: Fix CVE-2016-7944.

[Leo Famulari]

* gnu/packages/patches/libxfixes-CVE-2016-7944.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxfixes)[replacement]: New field.
(libxfixes/fixed): New variable.
---
 gnu/local.mk   |  1 +
 gnu/packages/patches/libxfixes-CVE-2016-7944.patch | 62 ++
 gnu/packages/xorg.scm  |  8 +++
 3 files changed, 71 insertions(+)
 create mode 100644 gnu/packages/patches/libxfixes-CVE-2016-7944.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 03d07f6..9e875de 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -671,6 +671,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libwmf-CVE-2015-4696.patch  \
   %D%/packages/patches/libx11-CVE-2016-7942.patch  \
   %D%/packages/patches/libx11-CVE-2016-7943.patch  \
+  %D%/packages/patches/libxfixes-CVE-2016-7944.patch   \
   %D%/packages/patches/libxslt-generated-ids.patch \
   %D%/packages/patches/lirc-localstatedir.patch\
   %D%/packages/patches/llvm-for-extempore.patch\
diff --git a/gnu/packages/patches/libxfixes-CVE-2016-7944.patch 
b/gnu/packages/patches/libxfixes-CVE-2016-7944.patch
new file mode 100644
index 000..2ce463f
--- /dev/null
+++ b/gnu/packages/patches/libxfixes-CVE-2016-7944.patch
@@ -0,0 +1,62 @@
+Fix CVE-2016-7944:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7944
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
+
+From 61c1039ee23a2d1de712843bed3480654d7ef42e Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 22:38:44 +0200
+Subject: [PATCH] Integer overflow on illegal server response
+
+The 32 bit field "rep.length" is not checked for validity, which allows
+an integer overflow on 32 bit systems.
+
+A malicious server could send INT_MAX as length, which gets multiplied
+by the size of XRectangle. In that case the client won't read the whole
+data from server, getting out of sync.
+
+Signed-off-by: Tobias Stoeckmann 
+Reviewed-by: Matthieu Herrb 
+---
+ src/Region.c | 15 ---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/Region.c b/src/Region.c
+index cb0cf6e..59bcc1a 100644
+--- a/src/Region.c
 b/src/Region.c
+@@ -23,6 +23,7 @@
+ #ifdef HAVE_CONFIG_H
+ #include 
+ #endif
++#include 
+ #include "Xfixesint.h"
+ 
+ XserverRegion
+@@ -333,9 +334,17 @@ XFixesFetchRegionAndBounds (Display   *dpy,
+ bounds->y = rep.y;
+ bounds->width = rep.width;
+ bounds->height = rep.height;
+-nbytes = (long) rep.length << 2;
+-nrects = rep.length >> 1;
+-rects = Xmalloc (nrects * sizeof (XRectangle));
++
++if (rep.length < (INT_MAX >> 2)) {
++  nbytes = (long) rep.length << 2;
++  nrects = rep.length >> 1;
++  rects = Xmalloc (nrects * sizeof (XRectangle));
++} else {
++  nbytes = 0;
++  nrects = 0;
++  rects = NULL;
++}
++
+ if (!rects)
+ {
+   _XEatDataWords(dpy, rep.length);
+-- 
+2.10.1
+
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 83dfd5d..5bd3aee 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4823,6 +4823,7 @@ an X Window System display.")
 (define-public libxfixes
   (package
 (name "libxfixes")
+(replacement libxfixes/fixed)
 (version "5.0.1")
 (source
   (origin
@@ -4847,6 +4848,13 @@ an X Window System display.")
 (description "Library for the XFixes Extension to the X11 protocol.")
 (license license:x11)))
 
+(define libxfixes/fixed
+  (package
+(inherit libxfixes)
+(source (origin
+  (inherit (package-source libxfixes))
+  (patches (search-patches
+ "libxfixes-CVE-2016-7944.patch"))
 
 (define-public libxfont
   (package
-- 
2.10.1

[PATCH 3/8] gnu: libxi: Fix CVE-2016-{7945,7946}.

[Leo Famulari]

* gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xorg.scm (libxi)[replacement]: New field.
(libxi/fixed): New variable.
---
 gnu/local.mk   |   1 +
 .../libxi-CVE-2016-7945-CVE-2016-7946.patch| 420 +
 gnu/packages/xorg.scm  |   8 +
 3 files changed, 429 insertions(+)
 create mode 100644 gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 9e875de..e092c84 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -672,6 +672,7 @@ dist_patch_DATA =   
\
   %D%/packages/patches/libx11-CVE-2016-7942.patch  \
   %D%/packages/patches/libx11-CVE-2016-7943.patch  \
   %D%/packages/patches/libxfixes-CVE-2016-7944.patch   \
+  %D%/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch \
   %D%/packages/patches/libxslt-generated-ids.patch \
   %D%/packages/patches/lirc-localstatedir.patch\
   %D%/packages/patches/llvm-for-extempore.patch\
diff --git a/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch 
b/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch
new file mode 100644
index 000..ca899e3
--- /dev/null
+++ b/gnu/packages/patches/libxi-CVE-2016-7945-CVE-2016-7946.patch
@@ -0,0 +1,420 @@
+Fix CVE-2016-7945:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7945
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
+
+From 19a9cd607de73947fcfb104682f203ffe4e1f4e5 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann 
+Date: Sun, 25 Sep 2016 22:31:34 +0200
+Subject: [PATCH] Properly validate server responses.
+
+By validating length fields from server responses, out of boundary
+accesses and endless loops can be mitigated.
+
+Signed-off-by: Tobias Stoeckmann 
+Reviewed-by: Matthieu Herrb 
+---
+ src/XGMotion.c  |  3 ++-
+ src/XGetBMap.c  |  3 ++-
+ src/XGetDCtl.c  |  6 --
+ src/XGetFCtl.c  |  7 ++-
+ src/XGetKMap.c  | 14 +++---
+ src/XGetMMap.c  | 11 +--
+ src/XIQueryDevice.c | 36 ++--
+ src/XListDev.c  | 21 +++--
+ src/XOpenDev.c  | 13 ++---
+ src/XQueryDv.c  |  8 ++--
+ 10 files changed, 99 insertions(+), 23 deletions(-)
+
+diff --git a/src/XGMotion.c b/src/XGMotion.c
+index 7785843..9433e29 100644
+--- a/src/XGMotion.c
 b/src/XGMotion.c
+@@ -114,7 +114,8 @@ XGetDeviceMotionEvents(
+ }
+ /* rep.axes is a CARD8, so assume max number of axes for bounds check */
+ if (rep.nEvents <
+-  (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int) {
++  (INT_MAX / (sizeof(XDeviceTimeCoord) + (UCHAR_MAX * sizeof(int &&
++  rep.nEvents * (rep.axes + 1) <= rep.length) {
+   size_t bsize = rep.nEvents *
+   (sizeof(XDeviceTimeCoord) + (rep.axes * sizeof(int)));
+   bufp = Xmalloc(bsize);
+diff --git a/src/XGetBMap.c b/src/XGetBMap.c
+index 002daba..13bb8c6 100644
+--- a/src/XGetBMap.c
 b/src/XGetBMap.c
+@@ -92,7 +92,8 @@ XGetDeviceButtonMapping(
+ 
+ status = _XReply(dpy, (xReply *) & rep, 0, xFalse);
+ if (status == 1) {
+-  if (rep.length <= (sizeof(mapping) >> 2)) {
++  if (rep.length <= (sizeof(mapping) >> 2) &&
++  rep.nElts <= (rep.length << 2)) {
+   unsigned long nbytes = rep.length << 2;
+   _XRead(dpy, (char *)mapping, nbytes);
+ 
+diff --git a/src/XGetDCtl.c b/src/XGetDCtl.c
+index c5d3b53..7f6b396 100644
+--- a/src/XGetDCtl.c
 b/src/XGetDCtl.c
+@@ -93,7 +93,8 @@ XGetDeviceControl(
+ if (rep.length > 0) {
+   unsigned long nbytes;
+   size_t size = 0;
+-  if (rep.length < (INT_MAX >> 2)) {
++  if (rep.length < (INT_MAX >> 2) &&
++  (rep.length << 2) >= sizeof(xDeviceState)) {
+   nbytes = (unsigned long) rep.length << 2;
+   d = Xmalloc(nbytes);
+   }
+@@ -117,7 +118,8 @@ XGetDeviceControl(
+   size_t val_size;
+ 
+   r = (xDeviceResolutionState *) d;
+-  if (r->num_valuators >= (INT_MAX / (3 * sizeof(int
++  if (sizeof(xDeviceResolutionState) > nbytes ||
++  r->num_valuators >= (INT_MAX / (3 * sizeof(int
+   goto out;
+   val_size = 3 * sizeof(int) * r->num_valuators;
+   if ((sizeof(xDeviceResolutionState) + val_size) > nbytes)
+diff --git a/src/XGetFCtl.c b/src/XGetFCtl.c
+index 7fd6d0e..82dcc64 100644
+--- a/src/XGetFCtl.c
 b/src/XGetFCtl.c
+@@ -73,6 +73,7 @@ XGetFeedbackControl(
+ XFeedbackState *Sav = NULL;
+ xFeedbackState *f = NULL;
+ xFeedbackState *sav = NULL;
++char *end = NULL;
+ xGetFeedbackControlReq *req;
+ xGetFeedbackControlReply rep;
+ XExtDisplayInfo

Re: FOSDEM 2016 was awesome! Let's do FOSDEM 2017 (we are IN!)

[Ludovic Courtès]

Pjotr Prins  skribis:

> Good news! 
>
> We have just been informed that GNU Guile/Guix has a half day devroom
> for FOSDEM 2017 again.  
>
>   https://fosdem.org/2017/

Awesome, congrats!  Thank you!

Ludo’.

Re: [PATCH v3] gnu: Add sunxi-tools.

[Ludovic Courtès]

Danny Milosavljevic  skribis:

> * gnu/packages/admin.scm (sunxi-tools): New variable.
> ---
>  gnu/packages/admin.scm | 56 
> ++
>  1 file changed, 56 insertions(+)

Pushed, thanks!

In the future, could you please avoid the option of ‘git send-email’
that makes the patch body a MIME attachment?  TIA.  :-)

Ludo’.

Re: master fails to system build (at-spi2-core? guix?)

[Leo Famulari]

On Wed, Oct 05, 2016 at 12:01:57AM +0200, Ricardo Wurmus wrote:
> 
> ng0  writes:
> 
> > ng0  writes:
> >
> >> So the build machine was still on guix-0.10something. I had to use
> >> --fallback and while at-spi2-core is gone too, this machine fails
> >> differently:
> >
> > and --without-grafs it succeeds at least on that machine... this bug is
> > weird.
> 
> […]
> 
> >> suspicious ownership or permission on 
> >> `/gnu/store/lqjbg0h8055v5yxpv8xzxn86jhk76k05-guix-0.11.0-1.4420'; 
> >> rejecting this build output
> 
> I also sometimes get these “suspicious ownership” errors.  ISTR that
> this an unresolved bug.  Just rerunning the command usually does it for
> me.

This is the bug report:

http://bugs.gnu.org/22954

Re: FOSDEM 2016 was awesome! Let's do FOSDEM 2017 (we are IN!)

[Alex Sassmannshausen]

W00t! Fantastic, well done :-)

Alex

Pjotr Prins writes:

> Good news! 
>
> We have just been informed that GNU Guile/Guix has a half day devroom
> for FOSDEM 2017 again.  
>
>   https://fosdem.org/2017/
>
> Book your resp. flights/trains/boats!
>
> Pj.
>
> On Tue, Aug 30, 2016 at 10:28:56AM +0200, Alex Sassmannshausen wrote:
>> 
>> Sounds great ??? glad to hear it :-)
>> 
>> Alex
>> 
>> Pjotr Prins writes:
>> 
>> > Hi Alex,
>> >
>> > The proposal has been submitted to FOSDEM and you are on it :)
>> >
>> > Pj.
>> >
>> > On Mon, Aug 29, 2016 at 09:37:35AM +0200, Alex Sassmannshausen wrote:
>> >> Hi,
>> >> 
>> >> Wow, how time flies!  Last year was definitely amazing, and I'd love to
>> >> be involved to make that happen again.
>> >> 
>> >> I'd be very happy to help out organizing stuff on the day if we still
>> >> need volunteers for that.  Alternatively, I could also help with the
>> >> proposal for the event.  I'm afraid I've been a little slow on my
>> >> response this year.  What's the status with that?  Do you need someone
>> >> to make a first draft or are we past that already?
>> >> 
>> >> Thanks for taking the initiative here!
>> >> 
>> >> Alex
>> >> 
>> >> Pjotr Prins writes:
>> >> 
>> >> > FOSDEM 2017 call for proposals has started:
>> >> >
>> >> >   https://fosdem.org/2017/news/2016-07-20-call-for-participation/
>> >> >
>> >> > We need help with writing the proposal (we can build on last years
>> >> > this time), we need help on selecting talks and we need help creating
>> >> > the schedule. Finally, if we get a slot, we need help to organise the
>> >> > day.
>> >> >
>> >> > Who wants to be part of this exciting day? 
>> >> >
>> >> > Pj.
>> >> >
>> >> > On Tue, Feb 02, 2016 at 11:35:45AM -0800, Christopher Allan Webber 
>> >> > wrote:
>> >> >> Alex Sassmannshausen writes:
>> >> >> 
>> >> >> > Hello,
>> >> >> >
>> >> >> > Ludovic Court??s writes:
>> >> >> >
>> >> >> >> Hi there!
>> >> >> >>
>> >> >> >> I just came back from FOSDEM where we had an awesome Guile devroom 
>> >> >> >> with
>> >> >> >> nice people and great talks!
>> >> >> >
>> >> >> > I really want to echo Ludo's sentiments.  I had a great time in our 
>> >> >> > dev
>> >> >> > room and it was really nice to put faces to the names I see popping 
>> >> >> > up
>> >> >> > in IRC and on the mailing list. I really hope we'll be able to do 
>> >> >> > this
>> >> >> > again next year!
>> >> >> 
>> >> >> An extra echo from me.
>> >> >> 
>> >> >> >> The room of 80 seats was full pretty much all the time, and I think 
>> >> >> >> we
>> >> >> >> were all excited to see so many people stop by the devroom.  Many 
>> >> >> >> shared
>> >> >> >> the impression that we were at an important moment of Guile???s 
>> >> >> >> history.
>> >> >> >> The transition with the Lua track that followed was also insightful 
>> >> >> >> and
>> >> >> >> a pleasant experience.
>> >> >> 
>> >> >> I was optimistic about this being a big moment in Guile's history, but
>> >> >> after this FOSDEM, my enthusiasm and excitement has doubled, maybe
>> >> >> tripled!  I can't wait to see what's happening in the year ahead!
>> >> >> 
>> >> >> >> I would like to send a big Thank You to Pjotr Prins who took the
>> >> >> >> initiative and organized all this masterfully, from applying for the
>> >> >> >> devroom, to contacting potential speakers (dozens and dozens of
>> >> >> >> messages!), to getting up early on Saturday to make sure everything
>> >> >> >> would be fine in the devroom???  Pjotr, you did an awesome job!
>> >> >> >>
>> >> >> >> Thanks to Paul van der Walt who also woke up early to help out with
>> >> >> >> video in the devroom, and obviously, thanks to all the speakers and
>> >> >> >> attendees!
>> >> >> >
>> >> >> > +1 for sure.  Thank you very much for the commitment in time and 
>> >> >> > energy!
>> >> >> >
>> >> >> > Alex
>> >> >> 
>> >> >> Yes, thank you! :)
>> >> 
>> 

Re: FOSDEM 2016 was awesome! Let's do FOSDEM 2017 (we are IN!)

[Pjotr Prins]

Good news! 

We have just been informed that GNU Guile/Guix has a half day devroom
for FOSDEM 2017 again.  

  https://fosdem.org/2017/

Book your resp. flights/trains/boats!

Pj.

On Tue, Aug 30, 2016 at 10:28:56AM +0200, Alex Sassmannshausen wrote:
> 
> Sounds great ??? glad to hear it :-)
> 
> Alex
> 
> Pjotr Prins writes:
> 
> > Hi Alex,
> >
> > The proposal has been submitted to FOSDEM and you are on it :)
> >
> > Pj.
> >
> > On Mon, Aug 29, 2016 at 09:37:35AM +0200, Alex Sassmannshausen wrote:
> >> Hi,
> >> 
> >> Wow, how time flies!  Last year was definitely amazing, and I'd love to
> >> be involved to make that happen again.
> >> 
> >> I'd be very happy to help out organizing stuff on the day if we still
> >> need volunteers for that.  Alternatively, I could also help with the
> >> proposal for the event.  I'm afraid I've been a little slow on my
> >> response this year.  What's the status with that?  Do you need someone
> >> to make a first draft or are we past that already?
> >> 
> >> Thanks for taking the initiative here!
> >> 
> >> Alex
> >> 
> >> Pjotr Prins writes:
> >> 
> >> > FOSDEM 2017 call for proposals has started:
> >> >
> >> >   https://fosdem.org/2017/news/2016-07-20-call-for-participation/
> >> >
> >> > We need help with writing the proposal (we can build on last years
> >> > this time), we need help on selecting talks and we need help creating
> >> > the schedule. Finally, if we get a slot, we need help to organise the
> >> > day.
> >> >
> >> > Who wants to be part of this exciting day? 
> >> >
> >> > Pj.
> >> >
> >> > On Tue, Feb 02, 2016 at 11:35:45AM -0800, Christopher Allan Webber wrote:
> >> >> Alex Sassmannshausen writes:
> >> >> 
> >> >> > Hello,
> >> >> >
> >> >> > Ludovic Court??s writes:
> >> >> >
> >> >> >> Hi there!
> >> >> >>
> >> >> >> I just came back from FOSDEM where we had an awesome Guile devroom 
> >> >> >> with
> >> >> >> nice people and great talks!
> >> >> >
> >> >> > I really want to echo Ludo's sentiments.  I had a great time in our 
> >> >> > dev
> >> >> > room and it was really nice to put faces to the names I see popping up
> >> >> > in IRC and on the mailing list. I really hope we'll be able to do this
> >> >> > again next year!
> >> >> 
> >> >> An extra echo from me.
> >> >> 
> >> >> >> The room of 80 seats was full pretty much all the time, and I think 
> >> >> >> we
> >> >> >> were all excited to see so many people stop by the devroom.  Many 
> >> >> >> shared
> >> >> >> the impression that we were at an important moment of Guile???s 
> >> >> >> history.
> >> >> >> The transition with the Lua track that followed was also insightful 
> >> >> >> and
> >> >> >> a pleasant experience.
> >> >> 
> >> >> I was optimistic about this being a big moment in Guile's history, but
> >> >> after this FOSDEM, my enthusiasm and excitement has doubled, maybe
> >> >> tripled!  I can't wait to see what's happening in the year ahead!
> >> >> 
> >> >> >> I would like to send a big Thank You to Pjotr Prins who took the
> >> >> >> initiative and organized all this masterfully, from applying for the
> >> >> >> devroom, to contacting potential speakers (dozens and dozens of
> >> >> >> messages!), to getting up early on Saturday to make sure everything
> >> >> >> would be fine in the devroom???  Pjotr, you did an awesome job!
> >> >> >>
> >> >> >> Thanks to Paul van der Walt who also woke up early to help out with
> >> >> >> video in the devroom, and obviously, thanks to all the speakers and
> >> >> >> attendees!
> >> >> >
> >> >> > +1 for sure.  Thank you very much for the commitment in time and 
> >> >> > energy!
> >> >> >
> >> >> > Alex
> >> >> 
> >> >> Yes, thank you! :)
> >> 
> 

-- 

Re: [PATCH] gnu: Add hyperrogue.

[Kei Kebreau]

Alex Kost  writes:

> Kei Kebreau (2016-10-04 16:01 -0400) wrote:
>
> [...]
>> All issues corrected! If you could check over it a second time to be
>> sure, that would be appreciated. Thanks for your assistance! :-)
>
> I think it's OK now, thanks!
>
> And I've just lost an hour playing this game :-)
>
Bwahahahaha!
>> From bff2f006ca78a54955857afc5559e5662e21c7e1 Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau 
>> Date: Tue, 4 Oct 2016 15:58:21 -0400
>> Subject: [PATCH] gnu: Add hyperrogue.
>>
>> * gnu/packages/games.scm (hyperrogue): New variable.
>> ---
>>  gnu/packages/games.scm | 86 
>> ++
>>  1 file changed, 86 insertions(+)
>>
>> diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
>> index cd5cf6f..5d61487 100644
>> --- a/gnu/packages/games.scm
>> +++ b/gnu/packages/games.scm
>> @@ -2896,3 +2896,89 @@ extinguishing action, intense boss battles, a catchy 
>> soundtrack and lots of
>>  throwing people around in pseudo-randomly generated buildings.")
>>  (license (list license:zlib ; for source code
>> license:cc-by-sa3.0  ; for graphics and music assets
>> +
>> +(define-public hyperrogue
>> +  (package
>> +(name "hyperrogue")
>> +(version "8.3j")
>> +(source (origin
>> +  (method url-fetch)
>> +  (uri (string-append
>> +"http://www.roguetemple.com/z/hyper/";
>> +name "-83j.zip"))
>> +  (sha256
>> +   (base32
>> +"1ag95d84m4j0rqyn9hj7655znixw2j57bpf93nk14nfy02xz1g6p"))
>> +  (modules '((guix build utils)))
>> +  ;; remove .exe and .dll files
>
> Rather:  ;; Remove .exe and .dll files.
>
>> +  (snippet
>> +   '(for-each delete-file (find-files "." "\\.(exe|dll)$")
>> +(build-system gnu-build-system)
>> +(arguments
>> + '(#:tests? #f ; no check target
>> +   #:make-flags '("-Csrc")
>> +   #:phases
>> +   (modify-phases %standard-phases
>> + (add-after 'set-paths 'set-sdl-paths
>> +   (lambda* (#:key inputs #:allow-other-keys)
>> + (setenv "CPATH"
>> + (string-append (assoc-ref inputs "sdl-union")
>> +"/include/SDL"
>> + ;; Fix font and music paths.
>> + (replace 'configure
>> +   (lambda* (#:key inputs outputs #:allow-other-keys)
>> + (let ((out (assoc-ref outputs "out"))
>> +   (dejavu-dir (string-append
>> +(assoc-ref inputs "font-dejavu")
>> +"/share/fonts/truetype"))
>> +   (dejavu-font "DejaVuSans-Bold.ttf")
>> +   (music-file "hyperrogue-music.txt"))
>> +   (with-directory-excursion "src"
>> + (substitute* "graph.cpp"
>> +   ((dejavu-font)
>> +(string-append dejavu-dir "/" dejavu-font))
>> +   (((string-append "\\./" music-file))
>> +(string-append out "/share/hyperrogue/" music-file)))
>> + (substitute* music-file
>> +   (("\\*/")
>> +(string-append out "/share/hyperrogue/")
>> + #t))
>> + (replace 'install
>> +   (lambda* (#:key inputs outputs #:allow-other-keys)
>> + (let* ((out (assoc-ref outputs "out"))
>> +(bin (string-append out "/bin"))
>> +(share-dir (string-append out "/share/hyperrogue")))
>> +   (mkdir-p bin)
>> +   (copy-file "src/hyper" (string-append bin "/hyperrogue"))
>> +   (mkdir-p share-dir)
>> +   (copy-file "src/hyperrogue-music.txt"
>> +  (string-append share-dir "/hyperrogue-music.txt"))
>> +   (for-each (lambda (file)
>> + (copy-file file (string-append share-dir "/" file)))
>> + (find-files "." "\\.ogg$")))
>> + #t)
>> +(inputs
>> + `(("font-dejavu" ,font-dejavu)
>> +   ("glew" ,glew)
>> +   ("libpng" ,libpng)
>> +   ("sdl-union" ,(sdl-union (list sdl
>> +  sdl-gfx
>> +  sdl-mixer
>> +  sdl-ttf)
>> +(home-page "http://www.roguetemple.com/z/hyper/";)
>> +(synopsis "Non-euclidean graphical rogue-like game")
>> +(description
>> + "HyperRogue is a game in which the player collects treasures and fights
>> +monsters -- rogue-like but for the fact that it is played on the hyperbolic
>> +plane and not in euclidean space.
>> +
>> +In HyperRogue, the player can move through different parts of the
>> world, which
>> +are home to particular creatures and may be subject to own rules of
>> \"physics\".
>> +
>> +While it can use ASCII characters to display the world the

[PATCH] gnu: lispf4: Remove it.

[ng0]

* gnu/packages/lisp.scm (lispf4): Delete variable.
The package in its current state is unusable and documentation
with unclear licenses is included.
---
 gnu/packages/lisp.scm | 44 
 1 file changed, 44 deletions(-)

diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index 439433a..2e50897 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -443,50 +443,6 @@ interface.")
 (license (list license:lgpl2.1
license:clarified-artistic ;TRIVIAL-LDAP package
 
-(define-public lispf4
-  (let ((commit "174d8764d2f9764e8f4794c2e3feada9f9c1f1ba"))
-(package
-  (name "lispf4")
-  (version (string-append "0.0.0-1" "-"
-  (string-take commit 7)))
-  (source (origin
-(method git-fetch)
-(uri (git-reference
-  (url "https://github.com/blakemcbride/LISPF4.git";)
-  (commit commit)))
-(file-name (string-append name "-" version "-checkout"))
-(sha256
- (base32
-  "18k8kfn30za637y4bfbm9x3vv4psa3q8f7bi9h4h0qlb8rz8m92c"
-  (build-system gnu-build-system)
-  ;; 80 MB appended Documentation -> output:doc
-  (outputs '("out" "doc"))
-  (arguments
-   `(#:make-flags
- '("-f" "Makefile.unx" "CC=gcc")
- #:tests? #f ; No 'check phase
- #:phases
- (modify-phases %standard-phases
-   (delete 'configure)
-   (replace 'install
-(lambda* (#:key outputs #:allow-other-keys)
-  (let* ((out (assoc-ref outputs "out"))
- (bin (string-append out "/bin"))
- (doc (string-append (assoc-ref outputs "doc")
- "/share/doc/lispf4")))
-(install-file "lispf4" bin)
-(install-file "SYSATOMS" bin)
-(install-file "BASIC.IMG" bin)
-(copy-recursively "Documentation" doc))
-#t)
-  (synopsis "InterLisp interpreter")
-  (description
-   "LISPF4 is an InterLisp interpreter written in FORTRAN by Mats Nordstrom
-in the early 80's.  It was converted to C by Blake McBride and supports much of
-the InterLisp Standard.")
-  (home-page "https://github.com/blakemcbride/LISPF4.git";)
-  (license license:expat
-
 (define-public femtolisp
   (let ((commit "68c5b1225572ecf2c52baf62f928063e5a30511b")
 (revision "1"))
-- 
2.10.1

[PATCH] gnu: Add r-bsgenome-celegans-ucsc-ce10.

[Ricardo Wurmus]

* gnu/packages/bioinformatics.scm (r-bsgenome-celegans-ucsc-ce10): New
variable.
---
 gnu/packages/bioinformatics.scm | 32 
 1 file changed, 32 insertions(+)

diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index ac46fe4..76e6c31 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -6929,6 +6929,38 @@ elegans (Worm) as provided by UCSC (ce6, May 2008) and 
stored in Biostrings
 objects.")
 (license license:artistic2.0)))
 
+(define-public r-bsgenome-celegans-ucsc-ce10
+  (package
+(name "r-bsgenome-celegans-ucsc-ce10")
+(version "1.4.0")
+(source (origin
+  (method url-fetch)
+  ;; We cannot use bioconductor-uri here because this tarball is
+  ;; located under "data/annotation/" instead of "bioc/".
+  (uri (string-append "http://www.bioconductor.org/packages/";
+  "release/data/annotation/src/contrib/"
+  "BSgenome.Celegans.UCSC.ce10_"
+  version ".tar.gz"))
+  (sha256
+   (base32
+"1zaym97jk4npxk14ifvwz2rvhm4zx9xgs33r9vvx9rlynp0gydrk"
+(properties
+ `((upstream-name . "BSgenome.Celegans.UCSC.ce10")))
+(build-system r-build-system)
+;; As this package provides little more than a very large data file it
+;; doesn't make sense to build substitutes.
+(arguments `(#:substitutable? #f))
+(propagated-inputs
+ `(("r-bsgenome" ,r-bsgenome)))
+(home-page
+ "http://www.bioconductor.org/packages/BSgenome.Celegans.UCSC.ce10/";)
+(synopsis "Full genome sequences for Worm")
+(description
+ "This package provides full genome sequences for Caenorhabditis
+elegans (Worm) as provided by UCSC (ce10, Oct 2010) and stored in Biostrings
+objects.")
+(license license:artistic2.0)))
+
 (define-public r-bsgenome-dmelanogaster-ucsc-dm3
   (package
 (name "r-bsgenome-dmelanogaster-ucsc-dm3")
-- 
2.9.3

[PATCH] gnu: lispf4: Remove it.

[ng0]

Drop lispf4. This will close the currently open bug on it.
https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00224.html

Re: [PATCH 2/2] gnu: lispf4: Fix the searchpath for SYSATOMS.

[ng0]

Ricardo Wurmus  writes:

> ng0  writes:
>
>> ng0  writes:
>>
>>> Hi,
>>>
>>> thanks for trying to help with this.
>>>
>>> Ricardo Wurmus  writes:
>>>
 ng0  writes:

> * gnu/packages/lisp.scm (lispf4)[arguments]: Fix the searchpath for 
> SYSATOMS.
> ---
>  gnu/packages/lisp.scm | 14 +-
>  1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
> index 7836d48..d66fb8b 100644
> --- a/gnu/packages/lisp.scm
> +++ b/gnu/packages/lisp.scm
> @@ -474,8 +474,20 @@ interface.")
>   #:phases
>   (modify-phases %standard-phases
> (delete 'configure)
> +   (add-before 'build 'fix-searchpath
> + (lambda _
> +   (substitute* "Lispf42.f"
> + (("NAME='SYSATOMS'")
> +  (string-append "NAME='" (assoc-ref %outputs "out")
> + "/bin/SYSATOMS'")))
> +   (substitute* "lispf42.c"
> + (("SYSATOMS")
> +  (string-append (assoc-ref %outputs "out") 
> "/bin/SYSATOMS"))
> + ;;(("8+1") "72+8+1"
> + (("c_b98_st") "c_b98")
> + (("c_b98.val") ""
> (replace 'install
> -(lambda* (#:key outputs #:allow-other-keys)
> + (lambda* (#:key outputs #:allow-other-keys)
>(let* ((out (assoc-ref outputs "out"))
>   (bin (string-append out "/bin"))
>   (doc (string-append (assoc-ref outputs "doc")


 Here’s an alternative:

(add-before 'build 'fix-reference-to-SYSATOMS
  (lambda* (#:key outputs #:allow-other-keys)
(substitute* "lispf42.c"
  (("#define c_b98.*")
   (string-append "#define c_b98 \""
  (assoc-ref outputs "out")
  "/bin/SYSATOMS\"\n")))
#t))
>>>
>>> Thanks, I'll try this in combination with the proposed move, but if I
>>> don't succeed with it today I will start working on my priority tasks
>>> and do this in november or whenever I get the chance.
>>>
 This won’t work, however, because during the build phase the lispf4
 executable is called to run a script.  At that point SYSATOMS only
 exists in the current directory.  So with the above phase the build
 would fail.

 A hack to solve this would be to first install “SYSATOMS” to the target
 directory and then build.
>>
>> And this fixes at least running it :) New patch incoming soon. This
>> depends on the one which deletes the bundles, can you apply that when
>> you do the one which will I will send in later?
>
> Yes, but have you actually tried using it?  I have and while useless
> stuff like “(LIST 1 2 3)” works, creating own definitions does not.
>
> Here’s an example from the manual:
>
> ~~
> _(DE KAR(X) ((SUBR . CAR) X]
> --- Undefined function  
> APPLY
> DE
> --- Reset   
> _
> ~~
>
> Installing BASIC.IMG to $out/bin has no effect.  The thing behaves the
> same when the image is not installed at all.

Hm. Okay, I will look into this as soon as I can dedicate time to it.

> Currently, this package cannot be used and I don’t want to have
> a continuous stream of patches to develop the package in master.  Please
> test this thoroughly on your own and then submit a new patch to fix all
> the problems.

Ok

> Another thing I noticed is that this package comes with a full
> reference of Interlisp, which seems unrelated to this particular
> implementation.  The reference is a whole book and it is not clear under
> what license it is released.
>
> I’m currently tempted to remove the package because in its current state
> it isn’t usable and there doesn’t seem to be anyone using it to have
> noticed that it’s broken.  That’s somewhat unsatisfying.
>
> ~~ Ricardo
>
>

I fully agree, please remove it.
I will re-add it as soon as I have a working copy, stripped off the
bloat it currently carries and solving the non-functional state.
Maybe it's even easier to re-implement in Guile what SIEMENS-INTERLISP
did back then, and drop any work on this completely... For now I'll move
this back to my long work-in-progress bench.

Re: [PATCH 2/2] gnu: lispf4: Fix the searchpath for SYSATOMS.

[Ricardo Wurmus]

ng0  writes:

> ng0  writes:
>
>> Hi,
>>
>> thanks for trying to help with this.
>>
>> Ricardo Wurmus  writes:
>>
>>> ng0  writes:
>>>
 * gnu/packages/lisp.scm (lispf4)[arguments]: Fix the searchpath for 
 SYSATOMS.
 ---
  gnu/packages/lisp.scm | 14 +-
  1 file changed, 13 insertions(+), 1 deletion(-)

 diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
 index 7836d48..d66fb8b 100644
 --- a/gnu/packages/lisp.scm
 +++ b/gnu/packages/lisp.scm
 @@ -474,8 +474,20 @@ interface.")
   #:phases
   (modify-phases %standard-phases
 (delete 'configure)
 +   (add-before 'build 'fix-searchpath
 + (lambda _
 +   (substitute* "Lispf42.f"
 + (("NAME='SYSATOMS'")
 +  (string-append "NAME='" (assoc-ref %outputs "out")
 + "/bin/SYSATOMS'")))
 +   (substitute* "lispf42.c"
 + (("SYSATOMS")
 +  (string-append (assoc-ref %outputs "out") 
 "/bin/SYSATOMS"))
 + ;;(("8+1") "72+8+1"
 + (("c_b98_st") "c_b98")
 + (("c_b98.val") ""
 (replace 'install
 -(lambda* (#:key outputs #:allow-other-keys)
 + (lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
   (bin (string-append out "/bin"))
   (doc (string-append (assoc-ref outputs "doc")
>>>
>>>
>>> Here’s an alternative:
>>>
>>>(add-before 'build 'fix-reference-to-SYSATOMS
>>>  (lambda* (#:key outputs #:allow-other-keys)
>>>(substitute* "lispf42.c"
>>>  (("#define c_b98.*")
>>>   (string-append "#define c_b98 \""
>>>  (assoc-ref outputs "out")
>>>  "/bin/SYSATOMS\"\n")))
>>>#t))
>>
>> Thanks, I'll try this in combination with the proposed move, but if I
>> don't succeed with it today I will start working on my priority tasks
>> and do this in november or whenever I get the chance.
>>
>>> This won’t work, however, because during the build phase the lispf4
>>> executable is called to run a script.  At that point SYSATOMS only
>>> exists in the current directory.  So with the above phase the build
>>> would fail.
>>>
>>> A hack to solve this would be to first install “SYSATOMS” to the target
>>> directory and then build.
>
> And this fixes at least running it :) New patch incoming soon. This
> depends on the one which deletes the bundles, can you apply that when
> you do the one which will I will send in later?

Yes, but have you actually tried using it?  I have and while useless
stuff like “(LIST 1 2 3)” works, creating own definitions does not.

Here’s an example from the manual:

~~
_(DE KAR(X) ((SUBR . CAR) X]
--- Undefined function  
APPLY
DE
--- Reset   
_
~~

Installing BASIC.IMG to $out/bin has no effect.  The thing behaves the
same when the image is not installed at all.

Currently, this package cannot be used and I don’t want to have
a continuous stream of patches to develop the package in master.  Please
test this thoroughly on your own and then submit a new patch to fix all
the problems.

Another thing I noticed is that this package comes with a full
reference of Interlisp, which seems unrelated to this particular
implementation.  The reference is a whole book and it is not clear under
what license it is released.

I’m currently tempted to remove the package because in its current state
it isn’t usable and there doesn’t seem to be anyone using it to have
noticed that it’s broken.  That’s somewhat unsatisfying.

~~ Ricardo

Re: [PATCH] gnu: lispf4 fixes.

[ng0]

ng0  writes:

> ng0  writes:
>
>> ng0  writes:
>>
>>>   [PATCH 1/2] gnu: lispf4: Remove prebuilt binaries.
>>>
>>> This patch can be applied, it is finished.
>>>
>>>   [PATCH 2/2] gnu: lispf4: Fix the searchpath for SYSATOMS.
>>
>> PATCH 2/2 is now: Fix the reference to SYSATOMS, incoming in this thread
>> soon.
>>
>>> This patch requires further input.. The way Ricardo described this
>>> it could be the solution to the SYSATOMS problems (bug #22732) if
>>> someone can write functional C.
>>> If this does not fixes it in the end, I would consider the little
>>> help upstream wants to provide in fixing this and just drop lispf4.
>>> https://github.com/blakemcbride/LISPF4/issues/1
>>>
>>>
>>
>> -- 
>>
>>
>
> Furthermore I think I will re-read the Documentation of how blake
> mcbride ported lispf4 and decide to remove the 'ported' and / or the
> name or specify it in a more clear way. If Blake McBride added nothing,
> it would be reasonable by the quality of messed up code f2c produced to
> just write
>
> description: LISPF4 is an InterLisp interpreter written in FORTRAN by
> Mats Nordstrom, it supports much of the InterLisp Standard.
>

But when you read
https://github.com/blakemcbride/LISPF4/tree/master/Documentation
you see that what has been done was (quoting here):

The conversion steps I performed are as follows:

1.  Convert the system to C and got it running via the F2C program.

2.  Replace the Fortran calls to equivalent C calls to get rid of the
need for the Fortran support library.

3.  Enabled the use of command line arguments to control startup
options.

4.  Changed memory usage to allow runtime capacity specifications.

5.  Changed some code to make it a little more portable.  (The system
should be highly portable in general though.)

Since I have modified the converted C code you should not attempt to
go from the Fortran code to C without loosing all of my changes.
The Fortran code as-is will not run with F2C without a few tweaks.

The system successfully builds on 32 and 64 bit machines.  You may
need to make some adjustments in f2c.h



so the description should at least reflect that McBride did some changes.
> ...while I'm not yet clear about Interlisp vs Interlisp-D, two different
> families often thrown into just Interlisp.
>
> Furthermore I will adjust the homepage (terrible mistake with the ".git"
> at the end, it's annoying.
>
> And when this is done and I understand more and have more time to
> dedicate to historic archiving purposes, I will start working on my own
> interlisp (this could take a while until I can start). Or I find a
> better, cleaner, free implementation of interlisp available.. so far I
> just found interlisp and interlisp-d ones on archiving sites which we
> will not be possible to run or package or both of them.
>
>

-- 

Re: [PATCH] gnu: lispf4 fixes.

[ng0]

ng0  writes:

> ng0  writes:
>
>>   [PATCH 1/2] gnu: lispf4: Remove prebuilt binaries.
>>
>> This patch can be applied, it is finished.
>>
>>   [PATCH 2/2] gnu: lispf4: Fix the searchpath for SYSATOMS.
>
> PATCH 2/2 is now: Fix the reference to SYSATOMS, incoming in this thread
> soon.
>
>> This patch requires further input.. The way Ricardo described this
>> it could be the solution to the SYSATOMS problems (bug #22732) if
>> someone can write functional C.
>> If this does not fixes it in the end, I would consider the little
>> help upstream wants to provide in fixing this and just drop lispf4.
>> https://github.com/blakemcbride/LISPF4/issues/1
>>
>>
>
> -- 
>
>

Furthermore I think I will re-read the Documentation of how blake
mcbride ported lispf4 and decide to remove the 'ported' and / or the
name or specify it in a more clear way. If Blake McBride added nothing,
it would be reasonable by the quality of messed up code f2c produced to
just write

description: LISPF4 is an InterLisp interpreter written in FORTRAN by
Mats Nordstrom, it supports much of the InterLisp Standard.


...while I'm not yet clear about Interlisp vs Interlisp-D, two different
families often thrown into just Interlisp.

Furthermore I will adjust the homepage (terrible mistake with the ".git"
at the end, it's annoying.

And when this is done and I understand more and have more time to
dedicate to historic archiving purposes, I will start working on my own
interlisp (this could take a while until I can start). Or I find a
better, cleaner, free implementation of interlisp available.. so far I
just found interlisp and interlisp-d ones on archiving sites which we
will not be possible to run or package or both of them.

Re: mailmap: new address.

[ng0]

Can someone apply this trivial patch? Thanks in advance.
ng0  writes:

> [ Unknown signature status ]
> This is in a patchset which is waiting for review, but as new patches
> get added, this should be applied.
> I am retiring my own domains next year, falling back to my hoster
> provided ones now.
> Future commits will be made by ngillm...@runbox.com only.
>
> From f2339786a1707dc53415156d6f973f339235b481 Mon Sep 17 00:00:00 2001
> From: ng0 
> Date: Wed, 21 Sep 2016 09:55:40 +
> Subject: [PATCH 5/8] mailmap: Add new address for ng0.
>
> ---
>  .mailmap | 7 ---
>  1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/.mailmap b/.mailmap
> index 2af7760..4f756ec 100644
> --- a/.mailmap
> +++ b/.mailmap
> @@ -30,9 +30,10 @@ Ludovic Courtès  
>  Mathieu Lirzin  
>  Mathieu Lirzin  
>  Nikita Karetnikov  
> -ng0  
> -ng0  
> -ng0  
> +ng0  
> +ng0  
> +ng0  
> +ng0  
>  Pjotr Prins 
>  Pjotr Prins  
>  Raimon Grau  
> -- 
> 2.10.0
>
> -- 
>   ng0

-- 

Re: [PATCH 1/2] gnu: Add gucharmap.

[Hartmut Goebel]

Am 05.10.2016 um 04:23 schrieb ren...@openmailbox.org:
> +(synopsis "Character Map")

Again, please be a bit more verbose. I do not even understand what a
"Character map" is (maybe this is an English idiom, but I'm no native
speaker.) Debian calls it "Unicode character picker and font browser",
which is more meaningful for me.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: [PATCH 2/2] gnu: Add bluefish.

[Hartmut Goebel]

Am 05.10.2016 um 04:27 schrieb ren...@openmailbox.org:
>   * gnu/packages/bluefish.scm (bluefish): New variable.

Same here: This shout go into gnu/packages/gnome.scm. We do not add a
file for every single application.

+(synopsis "HTML editor")

Could you pleae be  a bit more verbose here. Deban says "advanced Gtk+ text 
editor for web and software development" Other distributions call this "Web 
development studio" (I don't know if this is right, though).

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

[PATCH] gnu: lispf4: Fix reference to SYSATOMS.

[ng0]

* gnu/packages/lisp.scm (lispf4)[arguments]: Fix reference to SYSATOMS.

This is a solution to and closes #22732.
---
 gnu/packages/lisp.scm | 31 +--
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index 7836d48..04fea72 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -473,18 +473,29 @@ interface.")
  #:tests? #f ; No 'check phase
  #:phases
  (modify-phases %standard-phases
+   ;; TODO: SYSATOMS, BASIC.IMG should not be installed into $out/bin:
+   ;; 
https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00213.html
(delete 'configure)
+   (add-before 'build 'fix-reference-to-SYSATOMS
+ (lambda* (#:key outputs #:allow-other-keys)
+   (let* ((out (assoc-ref outputs "out"))
+  (bin (string-append out "/bin")))
+ (substitute* "lispf42.c"
+   (("#define c_b98.*")
+(string-append "#define c_b98 \""
+   bin "/SYSATOMS\"\n")))
+ (install-file "SYSATOMS" bin)
+ #t)))
(replace 'install
-(lambda* (#:key outputs #:allow-other-keys)
-  (let* ((out (assoc-ref outputs "out"))
- (bin (string-append out "/bin"))
- (doc (string-append (assoc-ref outputs "doc")
- "/share/doc/lispf4")))
-(install-file "lispf4" bin)
-(install-file "SYSATOMS" bin)
-(install-file "BASIC.IMG" bin)
-(copy-recursively "Documentation" doc))
-#t)
+ (lambda* (#:key outputs #:allow-other-keys)
+   (let* ((out (assoc-ref outputs "out"))
+  (bin (string-append out "/bin"))
+  (doc (string-append (assoc-ref outputs "doc")
+  "/share/doc/lispf4")))
+ (install-file "lispf4" bin)
+ (install-file "BASIC.IMG" bin)
+ (copy-recursively "Documentation" doc))
+   #t)
   (synopsis "InterLisp interpreter")
   (description
"LISPF4 is an InterLisp interpreter written in FORTRAN by Mats Nordstrom
-- 
2.10.1

Re: [PATCH] gnu: lispf4 fixes.

[ng0]

ng0  writes:

>   [PATCH 1/2] gnu: lispf4: Remove prebuilt binaries.
>
> This patch can be applied, it is finished.
>
>   [PATCH 2/2] gnu: lispf4: Fix the searchpath for SYSATOMS.

PATCH 2/2 is now: Fix the reference to SYSATOMS, incoming in this thread
soon.

> This patch requires further input.. The way Ricardo described this
> it could be the solution to the SYSATOMS problems (bug #22732) if
> someone can write functional C.
> If this does not fixes it in the end, I would consider the little
> help upstream wants to provide in fixing this and just drop lispf4.
> https://github.com/blakemcbride/LISPF4/issues/1
>
>

-- 

Re: [PATCH 2/2] gnu: lispf4: Fix the searchpath for SYSATOMS.

[ng0]

ng0  writes:

> Hi,
>
> thanks for trying to help with this.
>
> Ricardo Wurmus  writes:
>
>> ng0  writes:
>>
>>> * gnu/packages/lisp.scm (lispf4)[arguments]: Fix the searchpath for 
>>> SYSATOMS.
>>> ---
>>>  gnu/packages/lisp.scm | 14 +-
>>>  1 file changed, 13 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
>>> index 7836d48..d66fb8b 100644
>>> --- a/gnu/packages/lisp.scm
>>> +++ b/gnu/packages/lisp.scm
>>> @@ -474,8 +474,20 @@ interface.")
>>>   #:phases
>>>   (modify-phases %standard-phases
>>> (delete 'configure)
>>> +   (add-before 'build 'fix-searchpath
>>> + (lambda _
>>> +   (substitute* "Lispf42.f"
>>> + (("NAME='SYSATOMS'")
>>> +  (string-append "NAME='" (assoc-ref %outputs "out")
>>> + "/bin/SYSATOMS'")))
>>> +   (substitute* "lispf42.c"
>>> + (("SYSATOMS")
>>> +  (string-append (assoc-ref %outputs "out") 
>>> "/bin/SYSATOMS"))
>>> + ;;(("8+1") "72+8+1"
>>> + (("c_b98_st") "c_b98")
>>> + (("c_b98.val") ""
>>> (replace 'install
>>> -(lambda* (#:key outputs #:allow-other-keys)
>>> + (lambda* (#:key outputs #:allow-other-keys)
>>>(let* ((out (assoc-ref outputs "out"))
>>>   (bin (string-append out "/bin"))
>>>   (doc (string-append (assoc-ref outputs "doc")
>>
>>
>> Here’s an alternative:
>>
>>(add-before 'build 'fix-reference-to-SYSATOMS
>>  (lambda* (#:key outputs #:allow-other-keys)
>>(substitute* "lispf42.c"
>>  (("#define c_b98.*")
>>   (string-append "#define c_b98 \""
>>  (assoc-ref outputs "out")
>>  "/bin/SYSATOMS\"\n")))
>>#t))
>
> Thanks, I'll try this in combination with the proposed move, but if I
> don't succeed with it today I will start working on my priority tasks
> and do this in november or whenever I get the chance.
>
>> This won’t work, however, because during the build phase the lispf4
>> executable is called to run a script.  At that point SYSATOMS only
>> exists in the current directory.  So with the above phase the build
>> would fail.
>>
>> A hack to solve this would be to first install “SYSATOMS” to the target
>> directory and then build.

And this fixes at least running it :) New patch incoming soon. This
depends on the one which deletes the bundles, can you apply that when
you do the one which will I will send in later?

> Right, I have seen the complains of the script pointing to that
> directory.
>
>> BTW: I think “SYSATOMS” and the “BASIC.IMG” should not be installed to
>> “bin” because they are not executables.  Instead they should go to
>> “$out/share/lispf4”.  This would also require you to change the code
>> that loads “BASIC.IMG” (I think it won’t work right now for the same
>> reasons as why you get the error relating to “SYSATOMS”.)
>>
>> You also don’t seem to be installing “LISPF4.IMG”, which seems to be
>> required as well.
>
> I think it's different.. I think I should have installed BARE.IMG,
> BASIC.IMG and SYSATOMS. LISP4.img is generated nowhere. If it's in the
> original source, the f2c running author did a strange job.
>
>> I should also note that after looking at the code I no longer consider
>> “lispf42.c” to be source code.  It’s unreadable because it’s the
>> automatically produced output of a fortran-to-C converter, only slightly
>> modified :-/
>
> A while ago I forked this with the intention to clean it up some
> day.. Could take a long time, if at all. I find the fortran easier to
> read. Is there any reason why just using the fortran source would not
> work for us? I might have packaged gforth, but I know little about
> fortran compiling, compability etc.
> I missed a free software licensed interlisp implementation.. this lispf4
> differed from what I needed for my purposes, which would've been
> SIEMENS-INTERLISP, but I found no other interlisp at that time.
> Differed in the way that SIEMENS-INTERLISP gives you the ability to
> close every open parens with >, as a super-paren.. that's just one
> difference of many.
> (PLUS 2 4 (TIMES 80 9 (MINUS 2 300 >
> In case anyone is curious: "Christian-M. Hamann - Einführung in das
> Programmieren in LISP", published in Berlin 1985 also states New York so
> there's a chance for a translation somewhere.
>
> I'm open to suggestions other than writing my own interlisp (which would
> be very nice, but I'm at least 2 years busy on another front :) )... It
> will probably lead to writing my own interlisp.
>
>> ~~ Ricardo
>>
>>
>
> -- 
>
>

-- 

Re: [PATCH 2/2] gnu: lispf4: Fix the searchpath for SYSATOMS.

[ng0]

Hi,

thanks for trying to help with this.

Ricardo Wurmus  writes:

> ng0  writes:
>
>> * gnu/packages/lisp.scm (lispf4)[arguments]: Fix the searchpath for SYSATOMS.
>> ---
>>  gnu/packages/lisp.scm | 14 +-
>>  1 file changed, 13 insertions(+), 1 deletion(-)
>>
>> diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
>> index 7836d48..d66fb8b 100644
>> --- a/gnu/packages/lisp.scm
>> +++ b/gnu/packages/lisp.scm
>> @@ -474,8 +474,20 @@ interface.")
>>   #:phases
>>   (modify-phases %standard-phases
>> (delete 'configure)
>> +   (add-before 'build 'fix-searchpath
>> + (lambda _
>> +   (substitute* "Lispf42.f"
>> + (("NAME='SYSATOMS'")
>> +  (string-append "NAME='" (assoc-ref %outputs "out")
>> + "/bin/SYSATOMS'")))
>> +   (substitute* "lispf42.c"
>> + (("SYSATOMS")
>> +  (string-append (assoc-ref %outputs "out") 
>> "/bin/SYSATOMS"))
>> + ;;(("8+1") "72+8+1"
>> + (("c_b98_st") "c_b98")
>> + (("c_b98.val") ""
>> (replace 'install
>> -(lambda* (#:key outputs #:allow-other-keys)
>> + (lambda* (#:key outputs #:allow-other-keys)
>>(let* ((out (assoc-ref outputs "out"))
>>   (bin (string-append out "/bin"))
>>   (doc (string-append (assoc-ref outputs "doc")
>
>
> Here’s an alternative:
>
>(add-before 'build 'fix-reference-to-SYSATOMS
>  (lambda* (#:key outputs #:allow-other-keys)
>(substitute* "lispf42.c"
>  (("#define c_b98.*")
>   (string-append "#define c_b98 \""
>  (assoc-ref outputs "out")
>  "/bin/SYSATOMS\"\n")))
>#t))

Thanks, I'll try this in combination with the proposed move, but if I
don't succeed with it today I will start working on my priority tasks
and do this in november or whenever I get the chance.

> This won’t work, however, because during the build phase the lispf4
> executable is called to run a script.  At that point SYSATOMS only
> exists in the current directory.  So with the above phase the build
> would fail.
>
> A hack to solve this would be to first install “SYSATOMS” to the target
> directory and then build.

Right, I have seen the complains of the script pointing to that
directory.

> BTW: I think “SYSATOMS” and the “BASIC.IMG” should not be installed to
> “bin” because they are not executables.  Instead they should go to
> “$out/share/lispf4”.  This would also require you to change the code
> that loads “BASIC.IMG” (I think it won’t work right now for the same
> reasons as why you get the error relating to “SYSATOMS”.)
>
> You also don’t seem to be installing “LISPF4.IMG”, which seems to be
> required as well.

I think it's different.. I think I should have installed BARE.IMG,
BASIC.IMG and SYSATOMS. LISP4.img is generated nowhere. If it's in the
original source, the f2c running author did a strange job.

> I should also note that after looking at the code I no longer consider
> “lispf42.c” to be source code.  It’s unreadable because it’s the
> automatically produced output of a fortran-to-C converter, only slightly
> modified :-/

A while ago I forked this with the intention to clean it up some
day.. Could take a long time, if at all. I find the fortran easier to
read. Is there any reason why just using the fortran source would not
work for us? I might have packaged gforth, but I know little about
fortran compiling, compability etc.
I missed a free software licensed interlisp implementation.. this lispf4
differed from what I needed for my purposes, which would've been
SIEMENS-INTERLISP, but I found no other interlisp at that time.
Differed in the way that SIEMENS-INTERLISP gives you the ability to
close every open parens with >, as a super-paren.. that's just one
difference of many.
(PLUS 2 4 (TIMES 80 9 (MINUS 2 300 >
In case anyone is curious: "Christian-M. Hamann - Einführung in das
Programmieren in LISP", published in Berlin 1985 also states New York so
there's a chance for a translation somewhere.

I'm open to suggestions other than writing my own interlisp (which would
be very nice, but I'm at least 2 years busy on another front :) )... It
will probably lead to writing my own interlisp.

> ~~ Ricardo
>
>

-- 

Re: [PATCH] gnu: Add hyperrogue.

[Alex Kost]

Kei Kebreau (2016-10-04 16:01 -0400) wrote:

[...]
> All issues corrected! If you could check over it a second time to be
> sure, that would be appreciated. Thanks for your assistance! :-)

I think it's OK now, thanks!

And I've just lost an hour playing this game :-)

> From bff2f006ca78a54955857afc5559e5662e21c7e1 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau 
> Date: Tue, 4 Oct 2016 15:58:21 -0400
> Subject: [PATCH] gnu: Add hyperrogue.
>
> * gnu/packages/games.scm (hyperrogue): New variable.
> ---
>  gnu/packages/games.scm | 86 
> ++
>  1 file changed, 86 insertions(+)
>
> diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
> index cd5cf6f..5d61487 100644
> --- a/gnu/packages/games.scm
> +++ b/gnu/packages/games.scm
> @@ -2896,3 +2896,89 @@ extinguishing action, intense boss battles, a catchy 
> soundtrack and lots of
>  throwing people around in pseudo-randomly generated buildings.")
>  (license (list license:zlib ; for source code
> license:cc-by-sa3.0  ; for graphics and music assets
> +
> +(define-public hyperrogue
> +  (package
> +(name "hyperrogue")
> +(version "8.3j")
> +(source (origin
> +  (method url-fetch)
> +  (uri (string-append
> +"http://www.roguetemple.com/z/hyper/";
> +name "-83j.zip"))
> +  (sha256
> +   (base32
> +"1ag95d84m4j0rqyn9hj7655znixw2j57bpf93nk14nfy02xz1g6p"))
> +  (modules '((guix build utils)))
> +  ;; remove .exe and .dll files

Rather:  ;; Remove .exe and .dll files.

> +  (snippet
> +   '(for-each delete-file (find-files "." "\\.(exe|dll)$")
> +(build-system gnu-build-system)
> +(arguments
> + '(#:tests? #f ; no check target
> +   #:make-flags '("-Csrc")
> +   #:phases
> +   (modify-phases %standard-phases
> + (add-after 'set-paths 'set-sdl-paths
> +   (lambda* (#:key inputs #:allow-other-keys)
> + (setenv "CPATH"
> + (string-append (assoc-ref inputs "sdl-union")
> +"/include/SDL"
> + ;; Fix font and music paths.
> + (replace 'configure
> +   (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let ((out (assoc-ref outputs "out"))
> +   (dejavu-dir (string-append
> +(assoc-ref inputs "font-dejavu")
> +"/share/fonts/truetype"))
> +   (dejavu-font "DejaVuSans-Bold.ttf")
> +   (music-file "hyperrogue-music.txt"))
> +   (with-directory-excursion "src"
> + (substitute* "graph.cpp"
> +   ((dejavu-font)
> +(string-append dejavu-dir "/" dejavu-font))
> +   (((string-append "\\./" music-file))
> +(string-append out "/share/hyperrogue/" music-file)))
> + (substitute* music-file
> +   (("\\*/")
> +(string-append out "/share/hyperrogue/")
> + #t))
> + (replace 'install
> +   (lambda* (#:key inputs outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> +(bin (string-append out "/bin"))
> +(share-dir (string-append out "/share/hyperrogue")))
> +   (mkdir-p bin)
> +   (copy-file "src/hyper" (string-append bin "/hyperrogue"))
> +   (mkdir-p share-dir)
> +   (copy-file "src/hyperrogue-music.txt"
> +  (string-append share-dir "/hyperrogue-music.txt"))
> +   (for-each (lambda (file)
> +   (copy-file file (string-append share-dir "/" 
> file)))
> + (find-files "." "\\.ogg$")))
> + #t)
> +(inputs
> + `(("font-dejavu" ,font-dejavu)
> +   ("glew" ,glew)
> +   ("libpng" ,libpng)
> +   ("sdl-union" ,(sdl-union (list sdl
> +  sdl-gfx
> +  sdl-mixer
> +  sdl-ttf)
> +(home-page "http://www.roguetemple.com/z/hyper/";)
> +(synopsis "Non-euclidean graphical rogue-like game")
> +(description
> + "HyperRogue is a game in which the player collects treasures and fights
> +monsters -- rogue-like but for the fact that it is played on the hyperbolic
> +plane and not in euclidean space.
> +
> +In HyperRogue, the player can move through different parts of the world, 
> which
> +are home to particular creatures and may be subject to own rules of 
> \"physics\".
> +
> +While it can use ASCII characters to display the world the classical rogue
> +symbols, the game needs graphics to render the non-euclidean world.")
> +(license (list license:bs

Re: [PATCH 2/2] gnu: lispf4: Fix the searchpath for SYSATOMS.

[Ricardo Wurmus]

ng0  writes:

> * gnu/packages/lisp.scm (lispf4)[arguments]: Fix the searchpath for SYSATOMS.
> ---
>  gnu/packages/lisp.scm | 14 +-
>  1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
> index 7836d48..d66fb8b 100644
> --- a/gnu/packages/lisp.scm
> +++ b/gnu/packages/lisp.scm
> @@ -474,8 +474,20 @@ interface.")
>   #:phases
>   (modify-phases %standard-phases
> (delete 'configure)
> +   (add-before 'build 'fix-searchpath
> + (lambda _
> +   (substitute* "Lispf42.f"
> + (("NAME='SYSATOMS'")
> +  (string-append "NAME='" (assoc-ref %outputs "out")
> + "/bin/SYSATOMS'")))
> +   (substitute* "lispf42.c"
> + (("SYSATOMS")
> +  (string-append (assoc-ref %outputs "out") "/bin/SYSATOMS"))
> + ;;(("8+1") "72+8+1"
> + (("c_b98_st") "c_b98")
> + (("c_b98.val") ""
> (replace 'install
> -(lambda* (#:key outputs #:allow-other-keys)
> + (lambda* (#:key outputs #:allow-other-keys)
>(let* ((out (assoc-ref outputs "out"))
>   (bin (string-append out "/bin"))
>   (doc (string-append (assoc-ref outputs "doc")


Here’s an alternative:

   (add-before 'build 'fix-reference-to-SYSATOMS
 (lambda* (#:key outputs #:allow-other-keys)
   (substitute* "lispf42.c"
 (("#define c_b98.*")
  (string-append "#define c_b98 \""
 (assoc-ref outputs "out")
 "/bin/SYSATOMS\"\n")))
   #t))

This won’t work, however, because during the build phase the lispf4
executable is called to run a script.  At that point SYSATOMS only
exists in the current directory.  So with the above phase the build
would fail.

A hack to solve this would be to first install “SYSATOMS” to the target
directory and then build.

BTW: I think “SYSATOMS” and the “BASIC.IMG” should not be installed to
“bin” because they are not executables.  Instead they should go to
“$out/share/lispf4”.  This would also require you to change the code
that loads “BASIC.IMG” (I think it won’t work right now for the same
reasons as why you get the error relating to “SYSATOMS”.)

You also don’t seem to be installing “LISPF4.IMG”, which seems to be
required as well.

I should also note that after looking at the code I no longer consider
“lispf42.c” to be source code.  It’s unreadable because it’s the
automatically produced output of a fortran-to-C converter, only slightly
modified :-/

~~ Ricardo