[PATCH staging 00/23] Glib/GTK+ updates

  • Done
  • quality assurance status badge
Details
2 participants
  • Leo Famulari
  • Marius Bakke
Owner
unassigned
Submitted by
Marius Bakke
Severity
normal
M
M
Marius Bakke wrote on 11 Dec 2018 02:12
(address . guix-patches@gnu.org)
20181211011205.15542-1-mbakke@fastmail.com
This late series adds around 1000 rebuilds to the current staging
branch. They also bring many of the GNOME family libraries to the
latest upstream versions.

The good:
* Latest Ghostscript, Poppler, Harfbuzz, GnuTLS, and other
security-critical libraries. Some of these have changed
build systems, or ABIs, so future patching is easier.
* Most/all regressions are already fixed.

The bad:
* GCC7 is now in the closure of cURL (via nghttp2).

The ugly:
* 37 files changed, 1225 insertions(+), 996 deletions(-)
* Total rebuild count for staging is around 4700 packages.

WDYT?

Marius Bakke (23):
gnu: cups-filters: Update to 1.21.5.
gnu: libjpeg-turbo: Update to 2.0.1.
gnu: harfbuzz: Update to 2.2.0.
gnu: poppler: Update to 0.72.0.
gnu: D-Bus: Update to 1.12.12.
gnu: glib: Remove obsolete variable.
gnu: glib: Update to 2.56.3.
gnu: pixman: Update to 0.36.0.
gnu: cairo: Update to 1.16.0.
gnu: libqmi: Update to 1.20.2.
gnu: curl: Remove replacement for 7.62.0.
gnu: ghostscript: Update to 9.26.
gnu: icu4c: Update to 63.1.
gnu: tzdata-for-tests: Update to 2018g.
gnu: nghttp2: Update to 1.35.1.
gnu: nettle: Update to 3.4.1.
gnu: cyrus-sasl: Update to 2.1.27.
gnu: jansson: Update to 2.12.
gnu: GnuTLS: Update to 3.6.5.
gnu: libuv: Update to 1.24.0.
gnu: CMake: Update to 3.13.1.
gnu: meson: Update to 0.49.0.
gnu: glib-networking: Update to 2.59.1.

gnu/local.mk | 12 +-
gnu/packages/base.scm | 18 +-
gnu/packages/build-tools.scm | 4 +-
gnu/packages/cmake.scm | 4 +-
gnu/packages/cups.scm | 4 +-
gnu/packages/curl.scm | 18 +-
gnu/packages/cyrus-sasl.scm | 9 +-
gnu/packages/emacs.scm | 10 +-
gnu/packages/freedesktop.scm | 4 +-
gnu/packages/ghostscript.scm | 8 +-
gnu/packages/glib.scm | 11 +-
gnu/packages/gnome.scm | 73 +--
gnu/packages/gtk.scm | 10 +-
gnu/packages/icu4c.scm | 4 +-
gnu/packages/image.scm | 4 +-
gnu/packages/inkscape.scm | 19 +-
gnu/packages/libevent.scm | 4 +-
gnu/packages/libreoffice.scm | 39 +-
gnu/packages/nettle.scm | 4 +-
.../patches/cairo-CVE-2016-9082.patch | 122 -----
.../patches/cairo-setjmp-wrapper.patch | 78 ---
.../patches/cyrus-sasl-CVE-2013-4122.patch | 130 -----
.../patches/ghostscript-CVE-2018-16509.patch | 193 -------
.../patches/ghostscript-bug-699708.patch | 160 ------
.../glib-networking-ssl-cert-file.patch | 29 -
.../patches/gnutls-skip-pkgconfig-test.patch | 24 -
.../patches/inkscape-poppler-compat3.patch | 499 ++++++++++++++++++
.../patches/poppler-CVE-2018-19149.patch | 80 ---
.../texlive-bin-luatex-poppler-compat.patch | 318 +++++++++++
.../texlive-bin-pdftex-poppler-compat.patch | 188 +++++++
.../texlive-bin-xetex-poppler-compat.patch | 31 ++
gnu/packages/pdf.scm | 13 +-
gnu/packages/scribus.scm | 51 +-
gnu/packages/tex.scm | 10 +-
gnu/packages/tls.scm | 17 +-
gnu/packages/web.scm | 15 +-
gnu/packages/xdisorg.scm | 4 +-
37 files changed, 1225 insertions(+), 996 deletions(-)
delete mode 100644 gnu/packages/patches/cairo-CVE-2016-9082.patch
delete mode 100644 gnu/packages/patches/cairo-setjmp-wrapper.patch
delete mode 100644 gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
delete mode 100644 gnu/packages/patches/ghostscript-CVE-2018-16509.patch
delete mode 100644 gnu/packages/patches/ghostscript-bug-699708.patch
delete mode 100644 gnu/packages/patches/glib-networking-ssl-cert-file.patch
delete mode 100644 gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
create mode 100644 gnu/packages/patches/inkscape-poppler-compat3.patch
delete mode 100644 gnu/packages/patches/poppler-CVE-2018-19149.patch
create mode 100644 gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch
create mode 100644 gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch
create mode 100644 gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch

--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:13
[PATCH staging 01/23] gnu: cups-filters: Update to 1.21.5.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-1-mbakke@fastmail.com
* gnu/packages/cups.scm (cups-filters): Update to 1.21.5.
---
gnu/packages/cups.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index acc58a840e..5eb66feed5 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -53,7 +53,7 @@
(define-public cups-filters
(package
(name "cups-filters")
- (version "1.21.0")
+ (version "1.21.5")
(source(origin
(method url-fetch)
(uri
@@ -61,7 +61,7 @@
"cups-filters-" version ".tar.xz"))
(sha256
(base32
- "0fs90xx9i4h8gbpligf5kkh21llv4kf5g3bgfbx4z272xkm7bsfi"))
+ "0azq9j7kqy18g6vgmvrbw8i4mcqdp3cbgh7q79x1b8p92w4si6rq"))
(modules '((guix build utils)))
(snippet
;; install backends, banners and filters to cups-filters output
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:13
[PATCH staging 02/23] gnu: libjpeg-turbo: Update to 2.0.1.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-2-mbakke@fastmail.com
* gnu/packages/image.scm (libjpeg-turbo): Update to 2.0.1.
---
gnu/packages/image.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 207faede91..92447c23e2 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1297,14 +1297,14 @@ PNG, and performs PNG integrity checks and corrections.")
(define-public libjpeg-turbo
(package
(name "libjpeg-turbo")
- (version "2.0.0")
+ (version "2.0.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/" name "/" version "/"
name "-" version ".tar.gz"))
(sha256
(base32
- "0s48zz6awd493hmb200abmsizh68fh1jmz98r41n4c8dbl87d23p"))))
+ "1zv6z093l3x3jzygvni7b819j7xhn6d63jhcdrckj7fz67n6ry75"))))
(build-system cmake-build-system)
(native-inputs
`(("nasm" ,nasm)))
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:13
[PATCH staging 03/23] gnu: harfbuzz: Update to 2.2.0.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-3-mbakke@fastmail.com
* gnu/packages/gtk.scm (harfbuzz): Update to 2.2.0.
---
gnu/packages/gtk.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 3b9a4145e5..7a8b6c1852 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -180,7 +180,7 @@ affine transformation (scale, rotation, shear, etc.).")
(define-public harfbuzz
(package
(name "harfbuzz")
- (version "1.8.8")
+ (version "2.2.0")
(source (origin
(method url-fetch)
(uri (string-append "https://www.freedesktop.org/software/"
@@ -188,7 +188,7 @@ affine transformation (scale, rotation, shear, etc.).")
version ".tar.bz2"))
(sha256
(base32
- "1ag3scnm1fcviqgx2p4858y433mr0ndqw6zccnccrqcr9mpcird8"))))
+ "047q63jr513azf3g1y7f5xn60b4jdjs9zsmrx04sfw5rasyzrk5p"))))
(build-system gnu-build-system)
(outputs '("out"
"bin")) ; 160K, only hb-view depend on cairo
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:13
[PATCH staging 05/23] gnu: D-Bus: Update to 1.12.12.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-5-mbakke@fastmail.com
* gnu/packages/glib.scm (dbus): Update to 1.12.12.
---
gnu/packages/glib.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 61d8e84d54..39b0a5f9e6 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -79,7 +79,7 @@
(define dbus
(package
(name "dbus")
- (version "1.12.10")
+ (version "1.12.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -87,7 +87,7 @@
version ".tar.gz"))
(sha256
(base32
- "1xywijmgfad4m3cxp0b4l6kvypwc53ckmhwwzbrc6n32jwj3ssab"))
+ "1y7mxhkw2shd9mi9s62k81lz8npjkrafapr4fyfms7hs04kg4ilm"))
(patches (search-patches "dbus-helper-search-path.patch"))))
(build-system gnu-build-system)
(arguments
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:13
[PATCH staging 06/23] gnu: glib: Remove obsolete variable.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-6-mbakke@fastmail.com
* gnu/packages/glib.scm (glib)[arguments]: Don't set DETERMINISTIC_BUILD.
---
gnu/packages/glib.scm | 3 ---
1 file changed, 3 deletions(-)

Toggle diff (16 lines)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 39b0a5f9e6..016fae11f1 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -184,9 +184,6 @@ shared NFS home directories.")
(modify-phases %standard-phases
(add-before 'build 'pre-build
(lambda* (#:key inputs outputs #:allow-other-keys)
- ;; For building deterministic pyc files
- (setenv "DETERMINISTIC_BUILD" "1")
-
;; For tests/gdatetime.c.
(setenv "TZDIR"
(string-append (assoc-ref inputs "tzdata")
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 09/23] gnu: cairo: Update to 1.16.0.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-9-mbakke@fastmail.com
* gnu/packages/patches/cairo-CVE-2016-9082.patch,
gnu/packages/patches/cairo-setjmp-wrapper.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them/
* gnu/packages/gtk.scm (cairo): Update to 1.16.0.
[source](patches): Remove.
---
gnu/local.mk | 2 -
gnu/packages/gtk.scm | 6 +-
.../patches/cairo-CVE-2016-9082.patch | 122 ------------------
.../patches/cairo-setjmp-wrapper.patch | 78 -----------
4 files changed, 2 insertions(+), 206 deletions(-)
delete mode 100644 gnu/packages/patches/cairo-CVE-2016-9082.patch
delete mode 100644 gnu/packages/patches/cairo-setjmp-wrapper.patch

Toggle diff (189 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 6541bcc8be..aaab4c72ec 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -608,8 +608,6 @@ dist_patch_DATA = \
%D%/packages/patches/boost-fix-icu-build.patch \
%D%/packages/patches/borg-respect-storage-quota.patch \
%D%/packages/patches/byobu-writable-status.patch \
- %D%/packages/patches/cairo-CVE-2016-9082.patch \
- %D%/packages/patches/cairo-setjmp-wrapper.patch \
%D%/packages/patches/calibre-no-updates-dialog.patch \
%D%/packages/patches/calibre-use-packaged-feedparser.patch \
%D%/packages/patches/casync-renameat2-declaration.patch \
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 7a8b6c1852..349d6029c4 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -113,16 +113,14 @@ tools have full access to view and control running applications.")
(define-public cairo
(package
(name "cairo")
- (version "1.14.12")
+ (version "1.16.0")
(source (origin
(method url-fetch)
(uri (string-append "https://cairographics.org/releases/cairo-"
version ".tar.xz"))
(sha256
(base32
- "05mzyxkvsfc1annjw2dja8vka01ampp9pp93lg09j8hba06g144c"))
- (patches (search-patches "cairo-CVE-2016-9082.patch"
- "cairo-setjmp-wrapper.patch"))))
+ "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy"))))
(build-system gnu-build-system)
(propagated-inputs
`(("fontconfig" ,fontconfig)
diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch b/gnu/packages/patches/cairo-CVE-2016-9082.patch
deleted file mode 100644
index ad83404194..0000000000
--- a/gnu/packages/patches/cairo-CVE-2016-9082.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From: Adrian Johnson <ajohnson@redneon.com>
-Date: Thu, 20 Oct 2016 21:12:30 +1030
-Subject: [PATCH] image: prevent invalid ptr access for > 4GB images
-
-Image data is often accessed using:
-
- image->data + y * image->stride
-
-On 64-bit achitectures if the image data is > 4GB, this computation
-will overflow since both y and stride are 32-bit types.
-
-bug report: https://bugs.freedesktop.org/show_bug.cgi?id=98165
-patch: https://bugs.freedesktop.org/attachment.cgi?id=127421
----
- boilerplate/cairo-boilerplate.c | 4 +++-
- src/cairo-image-compositor.c | 4 ++--
- src/cairo-image-surface-private.h | 2 +-
- src/cairo-mesh-pattern-rasterizer.c | 2 +-
- src/cairo-png.c | 2 +-
- src/cairo-script-surface.c | 3 ++-
- 6 files changed, 10 insertions(+), 7 deletions(-)
-
-diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c
-index 7fdbf79..4804dea 100644
---- a/boilerplate/cairo-boilerplate.c
-+++ b/boilerplate/cairo-boilerplate.c
-@@ -42,6 +42,7 @@
- #undef CAIRO_VERSION_H
- #include "../cairo-version.h"
-
-+#include <stddef.h>
- #include <stdlib.h>
- #include <ctype.h>
- #include <assert.h>
-@@ -976,7 +977,8 @@ cairo_surface_t *
- cairo_boilerplate_image_surface_create_from_ppm_stream (FILE *file)
- {
- char format;
-- int width, height, stride;
-+ int width, height;
-+ ptrdiff_t stride;
- int x, y;
- unsigned char *data;
- cairo_surface_t *image = NULL;
-diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
-index 48072f8..3ca0006 100644
---- a/src/cairo-image-compositor.c
-+++ b/src/cairo-image-compositor.c
-@@ -1575,7 +1575,7 @@ typedef struct _cairo_image_span_renderer {
- pixman_image_t *src, *mask;
- union {
- struct fill {
-- int stride;
-+ ptrdiff_t stride;
- uint8_t *data;
- uint32_t pixel;
- } fill;
-@@ -1594,7 +1594,7 @@ typedef struct _cairo_image_span_renderer {
- struct finish {
- cairo_rectangle_int_t extents;
- int src_x, src_y;
-- int stride;
-+ ptrdiff_t stride;
- uint8_t *data;
- } mask;
- } u;
-diff --git a/src/cairo-image-surface-private.h b/src/cairo-image-surface-private.h
-index 8ca694c..7e78d61 100644
---- a/src/cairo-image-surface-private.h
-+++ b/src/cairo-image-surface-private.h
-@@ -71,7 +71,7 @@ struct _cairo_image_surface {
-
- int width;
- int height;
-- int stride;
-+ ptrdiff_t stride;
- int depth;
-
- unsigned owns_data : 1;
-diff --git a/src/cairo-mesh-pattern-rasterizer.c b/src/cairo-mesh-pattern-rasterizer.c
-index 1b63ca8..e7f0db6 100644
---- a/src/cairo-mesh-pattern-rasterizer.c
-+++ b/src/cairo-mesh-pattern-rasterizer.c
-@@ -470,7 +470,7 @@ draw_pixel (unsigned char *data, int width, int height, int stride,
- tg += tg >> 16;
- tb += tb >> 16;
-
-- *((uint32_t*) (data + y*stride + 4*x)) = ((ta << 16) & 0xff000000) |
-+ *((uint32_t*) (data + y*(ptrdiff_t)stride + 4*x)) = ((ta << 16) & 0xff000000) |
- ((tr >> 8) & 0xff0000) | ((tg >> 16) & 0xff00) | (tb >> 24);
- }
- }
-diff --git a/src/cairo-png.c b/src/cairo-png.c
-index 562b743..aa8c227 100644
---- a/src/cairo-png.c
-+++ b/src/cairo-png.c
-@@ -673,7 +673,7 @@ read_png (struct png_read_closure_t *png_closure)
- }
-
- for (i = 0; i < png_height; i++)
-- row_pointers[i] = &data[i * stride];
-+ row_pointers[i] = &data[i * (ptrdiff_t)stride];
-
- png_read_image (png, row_pointers);
- png_read_end (png, info);
-diff --git a/src/cairo-script-surface.c b/src/cairo-script-surface.c
-index ea0117d..91e4baa 100644
---- a/src/cairo-script-surface.c
-+++ b/src/cairo-script-surface.c
-@@ -1202,7 +1202,8 @@ static cairo_status_t
- _write_image_surface (cairo_output_stream_t *output,
- const cairo_image_surface_t *image)
- {
-- int stride, row, width;
-+ int row, width;
-+ ptrdiff_t stride;
- uint8_t row_stack[CAIRO_STACK_BUFFER_SIZE];
- uint8_t *rowdata;
- uint8_t *data;
---
-2.1.4
-
diff --git a/gnu/packages/patches/cairo-setjmp-wrapper.patch b/gnu/packages/patches/cairo-setjmp-wrapper.patch
deleted file mode 100644
index bffac6e041..0000000000
--- a/gnu/packages/patches/cairo-setjmp-wrapper.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-Revert faulty commit to avoid undefined behaviour:
-https://bugs.freedesktop.org/show_bug.cgi?id=104325
-
-Taken from this upstream commit:
-https://cgit.freedesktop.org/cairo/commit/?h=1.14&id=2acc4382c54bd8239361ceed14423412a343d311
-
-diff --git a/src/cairo-bentley-ottmann-rectangular.c b/src/cairo-bentley-ottmann-rectangular.c
-index cb2e30c..5541bdc 100644
---- a/src/cairo-bentley-ottmann-rectangular.c
-+++ b/src/cairo-bentley-ottmann-rectangular.c
-@@ -593,12 +593,6 @@ sweep_line_insert (sweep_line_t *sweep, rectangle_t *rectangle)
- pqueue_push (sweep, rectangle);
- }
-
--static int
--sweep_line_setjmp (sweep_line_t *sweep_line)
--{
-- return setjmp (sweep_line->unwind);
--}
--
- static cairo_status_t
- _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t **rectangles,
- int num_rectangles,
-@@ -615,7 +609,7 @@ _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t **rectangles,
- rectangles, num_rectangles,
- fill_rule,
- do_traps, container);
-- if ((status = sweep_line_setjmp (&sweep_line)))
-+ if ((status = setjmp (sweep_line.unwind)))
- return status;
-
- rectangle = rectangle_pop_start (&sweep_line);
-diff --git a/src/cairo-png.c b/src/cairo-png.c
-index e64b14a..068617d 100644
---- a/src/cairo-png.c
-+++ b/src/cairo-png.c
-@@ -158,14 +158,6 @@ png_simple_warning_callback (png_structp png,
- */
- }
-
--static int
--png_setjmp (png_struct *png)
--{
--#ifdef PNG_SETJMP_SUPPORTED
-- return setjmp (png_jmpbuf (png));
--#endif
-- return 0;
--}
-
- /* Starting with libpng-1.2.30, we must explicitly specify an output_flush_fn.
- * Otherwise, we will segfault if we are writing to a stream. */
-@@ -237,8 +229,10 @@ write_png (cairo_surface_t *surface,
- goto BAIL4;
- }
-
-- if (png_setjmp (png))
-+#ifdef PNG_SETJMP_SUPPORTED
-+ if (setjmp (png_jmpbuf (png)))
- goto BAIL4;
-+#endif
-
- png_set_write_fn (png, closure, write_func, png_simple_output_flush_fn);
-
-@@ -577,11 +571,12 @@ read_png (struct png_read_closure_t *png_closure)
- png_set_read_fn (png, png_closure, stream_read_func);
-
- status = CAIRO_STATUS_SUCCESS;
--
-- if (png_setjmp (png)) {
-+#ifdef PNG_SETJMP_SUPPORTED
-+ if (setjmp (png_jmpbuf (png))) {
- surface = _cairo_surface_create_in_error (status);
- goto BAIL;
- }
-+#endif
-
- png_read_info (png, info);
-
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 10/23] gnu: libqmi: Update to 1.20.2.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-10-mbakke@fastmail.com
* gnu/packages/freedesktop.scm (libqmi): Update to 1.20.2.
---
gnu/packages/freedesktop.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index f8e97acf51..536895cba8 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -763,7 +763,7 @@ which speak the Mobile Interface Broadband Model (MBIM) protocol.")
(define-public libqmi
(package
(name "libqmi")
- (version "1.20.0")
+ (version "1.20.2")
(source (origin
(method url-fetch)
(uri (string-append
@@ -771,7 +771,7 @@ which speak the Mobile Interface Broadband Model (MBIM) protocol.")
name "-" version ".tar.xz"))
(sha256
(base32
- "1d3fca477sdwbv4bsq1cl98qc8sixrzp0gqjcmjj8mlwfk9qqhi1"))))
+ "0i6aw8jyxv84d5x8lj2g9lb8xxf1dyad8n3q0kw164pyig55jd67"))))
(build-system gnu-build-system)
(inputs
`(("libgudev" ,libgudev)))
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 07/23] gnu: glib: Update to 2.56.3.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-7-mbakke@fastmail.com
* gnu/packages/glib.scm (glib): Update to 2.56.3.
---
gnu/packages/glib.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 016fae11f1..dee349395d 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -149,7 +149,7 @@ shared NFS home directories.")
(define glib
(package
(name "glib")
- (version "2.56.2")
+ (version "2.56.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/"
@@ -157,7 +157,7 @@ shared NFS home directories.")
name "-" version ".tar.xz"))
(sha256
(base32
- "12d738n1wpvrn39zvy9xazg5h6vzyiwsw8z1qibcj09mh4bbsjnn"))
+ "1cjcqz77m62zrx7224vl3f2cxwqf28r5xpqb2jy7av0vr2scb959"))
(patches (search-patches "glib-tests-timer.patch"))))
(build-system gnu-build-system)
(outputs '("out" ; everything
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 11/23] gnu: curl: Remove replacement for 7.62.0.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-11-mbakke@fastmail.com
* gnu/packages/curl.scm (curl): Update to 7.62.0.
[replacement]: Remove field.
(curl-7.62.0): Remove variable.
---
gnu/packages/curl.scm | 18 ++----------------
1 file changed, 2 insertions(+), 16 deletions(-)

Toggle diff (44 lines)
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 61313af7d2..9430ece467 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -50,15 +50,14 @@
(define-public curl
(package
(name "curl")
- (version "7.61.1")
- (replacement curl-7.62.0)
+ (version "7.62.0")
(source (origin
(method url-fetch)
(uri (string-append "https://curl.haxx.se/download/curl-"
version ".tar.xz"))
(sha256
(base32
- "148qv1f32290r9pwg07mccawihz4srznkzsdwdl2xllvlgb16n9x"))))
+ "1hbm29r3pirhn4gkcnd94ylc4jzgn3v3v7qbay9awxg7bwx69dfs"))))
(build-system gnu-build-system)
(outputs '("out"
"doc")) ;1.2 MiB of man3 pages
@@ -142,19 +141,6 @@ tunneling, and so on.")
"See COPYING in the distribution."))
(home-page "https://curl.haxx.se/")))
-(define-public curl-7.62.0
- (package
- (inherit curl)
- (version "7.62.0")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://curl.haxx.se/download/curl-"
- version ".tar.xz"))
- (sha256
- (base32
- "1hbm29r3pirhn4gkcnd94ylc4jzgn3v3v7qbay9awxg7bwx69dfs"))))))
-
(define-public kurly
(package
(name "kurly")
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 08/23] gnu: pixman: Update to 0.36.0.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-8-mbakke@fastmail.com
* gnu/packages/xdisorg.scm (pixman): Update to 0.36.0.
---
gnu/packages/xdisorg.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index fdbe19c059..de4cac9e94 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -292,7 +292,7 @@ following the mouse.")
(define-public pixman
(package
(name "pixman")
- (version "0.34.0")
+ (version "0.36.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -300,7 +300,7 @@ following the mouse.")
version ".tar.gz"))
(sha256
(base32
- "13m842m9ffac3m9r0b4lvwjhwzg3w4353djkjpf00s0wnm4v5di1"))
+ "1blzrx50ssdv0pn56hcv2v0zw0vrjwj1sx22pkgjls1p9n6rr88w"))
(patches (search-patches "pixman-CVE-2016-5296.patch"))))
(build-system gnu-build-system)
(inputs
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:13
[PATCH staging 04/23] gnu: poppler: Update to 0.72.0.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-4-mbakke@fastmail.com
* gnu/packages/patches/poppler-CVE-2018-19149.patch: Delete file.
* gnu/packages/patches/inkscape-poppler-compat3.patch,
gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch,
gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch,
gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch: New files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/pdf.scm (poppler): Update to 0.72.0.
[replacement]: Remove field.
(poppler/fixed): Remove variable.
* gnu/packages/inkscape.scm (inkscape)[source](patches): Add
'inkscape-poppler-compat{3..5}.patch'.
* gnu/packages/tex.scm (texlive-bin)[source](patches): Update
'texlive-poppler-compat.patch'. Add
'texlive-bin-{lua,pdf,xe}tex-poppler-compat.patch'.
* gnu/packages/emacs.scm (emacs-pdf-tools)[source](modules, snippet): New
fields.
* gnu/packages/scribus.scm (scribus)[source](patches): Add upstream patch origins.
[source](modules, snippet): New fields.
* gnu/packages/libreoffice.scm (libreoffice)[source](patches): Add three
upstream origins.
[source](snippet, modules): New field.
---
gnu/local.mk | 5 +-
gnu/packages/emacs.scm | 10 +-
gnu/packages/inkscape.scm | 19 +-
gnu/packages/libreoffice.scm | 39 +-
.../patches/inkscape-poppler-compat3.patch | 499 ++++++++++++++++++
.../patches/poppler-CVE-2018-19149.patch | 80 ---
.../texlive-bin-luatex-poppler-compat.patch | 318 +++++++++++
.../texlive-bin-pdftex-poppler-compat.patch | 188 +++++++
.../texlive-bin-xetex-poppler-compat.patch | 31 ++
gnu/packages/pdf.scm | 13 +-
gnu/packages/scribus.scm | 51 +-
gnu/packages/tex.scm | 10 +-
12 files changed, 1163 insertions(+), 100 deletions(-)
create mode 100644 gnu/packages/patches/inkscape-poppler-compat3.patch
delete mode 100644 gnu/packages/patches/poppler-CVE-2018-19149.patch
create mode 100644 gnu/packages/patches/texlive-bin-luatex-poppler-compat.patch
create mode 100644 gnu/packages/patches/texlive-bin-pdftex-poppler-compat.patch
create mode 100644 gnu/packages/patches/texlive-bin-xetex-poppler-compat.patch

Toggle diff (447 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 3f19b3fe79..6541bcc8be 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -832,6 +832,7 @@ dist_patch_DATA = \
%D%/packages/patches/icedtea-7-hotspot-gcc-segfault-workaround.patch \
%D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
+ %D%/packages/patches/inkscape-poppler-compat3.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \
%D%/packages/patches/isl-0.11.1-aarch64-support.patch \
@@ -1061,7 +1062,6 @@ dist_patch_DATA = \
%D%/packages/patches/plink-endian-detection.patch \
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \
%D%/packages/patches/podofo-cmake-3.12.patch \
- %D%/packages/patches/poppler-CVE-2018-19149.patch \
%D%/packages/patches/portaudio-audacity-compat.patch \
%D%/packages/patches/portmidi-modular-build.patch \
%D%/packages/patches/postgresql-disable-resolve_symlinks.patch \
@@ -1186,6 +1186,9 @@ dist_patch_DATA = \
%D%/packages/patches/teeworlds-use-latest-wavpack.patch \
%D%/packages/patches/texinfo-perl-compat.patch \
%D%/packages/patches/texinfo-5-perl-compat.patch \
+ %D%/packages/patches/texlive-bin-luatex-poppler-compat.patch \
+ %D%/packages/patches/texlive-bin-pdftex-poppler-compat.patch \
+ %D%/packages/patches/texlive-bin-xetex-poppler-compat.patch \
%D%/packages/patches/telegram-purple-adjust-test.patch \
%D%/packages/patches/texi2html-document-encoding.patch \
%D%/packages/patches/texi2html-i18n.patch \
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index d8a9ffeaed..24446bfc9e 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -1634,7 +1634,15 @@ filters, new key bindings and faces. It can be enabled by
(sha256
(base32
"1i4647vax5na73basc5dz4lh9kprir00fh8ps4i0l1y3ippnjs2s"))
- (patches (search-patches "emacs-pdf-tools-poppler.patch"))))
+ (patches (search-patches "emacs-pdf-tools-poppler.patch"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; In addition to the above patch, we need this additional
+ ;; provision for compatibility with Poppler 0.72:
+ (substitute* "server/poppler-hack.cc"
+ (("getCString") "c_str"))
+ #t))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; there are no tests
diff --git a/gnu/packages/inkscape.scm b/gnu/packages/inkscape.scm
index 1673cc602e..eae8ac962b 100644
--- a/gnu/packages/inkscape.scm
+++ b/gnu/packages/inkscape.scm
@@ -71,7 +71,24 @@
(file-name "inkscape-poppler-compat2.patch")
(sha256
(base32
- "14k9yrfjz4nx3bz9dk91q74mc0i7rvl2qzkwhcy1br71yqjvngn5")))))))
+ "14k9yrfjz4nx3bz9dk91q74mc0i7rvl2qzkwhcy1br71yqjvngn5")))
+ (search-patch "inkscape-poppler-compat3.patch")
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://gitlab.com/inkscape/inkscape/commit/"
+ "d047859d90cef3784e2d13e40887a70d8d517897.diff"))
+ (file-name "inkscape-poppler-compat4.patch")
+ (sha256
+ (base32
+ "0xdfg3q4g4m15z7wna4brjn5j4kr15qiqc2f25vcw2nnr6x54qcp")))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://gitlab.com/inkscape/inkscape/commit/"
+ "b3d59cc8106da3bf6020a6c47eeb3b8a7bbae1a9.diff"))
+ (file-name "inkscape-poppler-compat5.patch")
+ (sha256
+ (base32
+ "0haviy66q9szizmvb82msfj80bb3wgi1fnq3ml8fyfp8l90a1217")))))))
(build-system cmake-build-system)
(inputs
`(("aspell" ,aspell)
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 45e2f63767..eadf7697ae 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -984,9 +984,44 @@ converting QuarkXPress file format. It supports versions 3.1 to 4.1.")
(file-name "libreoffice-mdds.patch")
(sha256
(base32
- "0apbmammmp4pk473xiv5vk50r4c5gjvqzf9jkficksvz58q6114f"))))
+ "0apbmammmp4pk473xiv5vk50r4c5gjvqzf9jkficksvz58q6114f")))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/LibreOffice/core/commit/"
+ "1688a395d05125b83eac6cd5c43f0e3f2f66c491"
+ ".patch"))
+ (file-name "libreoffice-poppler-compat.patch")
+ (sha256
+ (base32
+ "0ia5avmj772mrgs6m4qqf01hs8hzpy3nafidj7w7gqx2zz2s5ih9")))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/LibreOffice/core/commit/"
+ "5e8bdd9203dd642111c62a6668ee665a20d4ba19"
+ ".patch"))
+ (file-name "libreoffice-poppler-gbool.patch")
+ (sha256
+ (base32
+ "19kc74h5vnk48l2vny8zmm2lkxpwc7g8n9d3wwpg99748dvbmikd")))
+ (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/LibreOffice/core/commit/"
+ "8ff41a26caf51544699863c89598d37d93dc1b21"
+ ".patch"))
+ (file-name "libreoffice-poppler-0.71.patch")
+ (sha256
+ (base32
+ "1dsd0gynjf7d6412dd2sx70xa2s8kld7ibyjdkwg5w9hhi2zxw2f"))))
(search-patches "libreoffice-icu.patch"
- "libreoffice-glm.patch")))))
+ "libreoffice-glm.patch")))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ (for-each (lambda (file)
+ ;; Adjust to renamed function in Poppler 0.72.
+ (substitute* file (("getCString") "c_str")))
+ (find-files "sdext/source/pdfimport/xpdfwrapper"))
+ #t))))
(build-system glib-or-gtk-build-system)
(native-inputs
`(("bison" ,bison)
diff --git a/gnu/packages/patches/inkscape-poppler-compat3.patch b/gnu/packages/patches/inkscape-poppler-compat3.patch
new file mode 100644
index 0000000000..eaaf7d93f1
--- /dev/null
+++ b/gnu/packages/patches/inkscape-poppler-compat3.patch
@@ -0,0 +1,499 @@
+Fix compatibility with Poppler >= 0.69.
+
+This is a combination of these upstream commits:
+https://gitlab.com/inkscape/inkscape/commit/722e121361d0f784083d10e897155b7d4e44e515
+https://gitlab.com/inkscape/inkscape/commit/402c0274420fe39fd2f3393bc7d8d8879d436358
+
+...with slight adjustments for the 0.92.3 release tarball.
+
+diff --git a/CMakeScripts/DefineDependsandFlags.cmake b/CMakeScripts/DefineDependsandFlags.cmake
+--- a/CMakeScripts/DefineDependsandFlags.cmake
++++ b/CMakeScripts/DefineDependsandFlags.cmake
+@@ -116,18 +116,6 @@ if(ENABLE_POPPLER)
+ set(HAVE_POPPLER_GLIB ON)
+ endif()
+ endif()
+- if(POPPLER_VERSION VERSION_GREATER "0.26.0" OR
+- POPPLER_VERSION VERSION_EQUAL "0.26.0")
+- set(POPPLER_EVEN_NEWER_COLOR_SPACE_API ON)
+- endif()
+- if(POPPLER_VERSION VERSION_GREATER "0.29.0" OR
+- POPPLER_VERSION VERSION_EQUAL "0.29.0")
+- set(POPPLER_EVEN_NEWER_NEW_COLOR_SPACE_API ON)
+- endif()
+- if(POPPLER_VERSION VERSION_GREATER "0.58.0" OR
+- POPPLER_VERSION VERSION_EQUAL "0.58.0")
+- set(POPPLER_NEW_OBJECT_API ON)
+- endif()
+ else()
+ set(ENABLE_POPPLER_CAIRO OFF)
+ endif()
+diff --git a/src/extension/internal/pdfinput/pdf-input.cpp b/src/extension/internal/pdfinput/pdf-input.cpp
+--- a/src/extension/internal/pdfinput/pdf-input.cpp
++++ b/src/extension/internal/pdfinput/pdf-input.cpp
+@@ -793,7 +793,7 @@ PdfInput::open(::Inkscape::Extension::Input * /*mod*/, const gchar * uri) {
+ dlg->getImportSettings(prefs);
+
+ // Apply crop settings
+- PDFRectangle *clipToBox = NULL;
++ _POPPLER_CONST PDFRectangle *clipToBox = NULL;
+ double crop_setting;
+ sp_repr_get_double(prefs, "cropTo", &crop_setting);
+
+diff --git a/src/extension/internal/pdfinput/pdf-input.h b/src/extension/internal/pdfinput/pdf-input.h
+--- a/src/extension/internal/pdfinput/pdf-input.h
++++ b/src/extension/internal/pdfinput/pdf-input.h
+@@ -15,6 +15,7 @@
+ #endif
+
+ #ifdef HAVE_POPPLER
++#include "poppler-transition-api.h"
+
+ #include <gtkmm/dialog.h>
+
+diff --git a/src/extension/internal/pdfinput/pdf-parser.cpp b/src/extension/internal/pdfinput/pdf-parser.cpp
+--- a/src/extension/internal/pdfinput/pdf-parser.cpp
++++ b/src/extension/internal/pdfinput/pdf-parser.cpp
+@@ -36,6 +36,7 @@ extern "C" {
+ #include "pdf-parser.h"
+ #include "util/units.h"
+
++#include "glib/poppler-features.h"
+ #include "goo/gmem.h"
+ #include "goo/GooString.h"
+ #include "GlobalParams.h"
+@@ -294,8 +295,8 @@ PdfParser::PdfParser(XRef *xrefA,
+ int /*pageNum*/,
+ int rotate,
+ Dict *resDict,
+- PDFRectangle *box,
+- PDFRectangle *cropBox) :
++ _POPPLER_CONST PDFRectangle *box,
++ _POPPLER_CONST PDFRectangle *cropBox) :
+ xref(xrefA),
+ builder(builderA),
+ subPage(gFalse),
+@@ -317,7 +318,7 @@ PdfParser::PdfParser(XRef *xrefA,
+ builder->setDocumentSize(Inkscape::Util::Quantity::convert(state->getPageWidth(), "pt", "px"),
+ Inkscape::Util::Quantity::convert(state->getPageHeight(), "pt", "px"));
+
+- double *ctm = state->getCTM();
++ const double *ctm = state->getCTM();
+ double scaledCTM[6];
+ for (int i = 0; i < 6; ++i) {
+ baseMatrix[i] = ctm[i];
+@@ -352,7 +353,7 @@ PdfParser::PdfParser(XRef *xrefA,
+ PdfParser::PdfParser(XRef *xrefA,
+ Inkscape::Extension::Internal::SvgBuilder *builderA,
+ Dict *resDict,
+- PDFRectangle *box) :
++ _POPPLER_CONST PDFRectangle *box) :
+ xref(xrefA),
+ builder(builderA),
+ subPage(gTrue),
+@@ -571,7 +572,7 @@ const char *PdfParser::getPreviousOperator(unsigned int look_back) {
+
+ void PdfParser::execOp(Object *cmd, Object args[], int numArgs) {
+ PdfOperator *op;
+- char *name;
++ const char *name;
+ Object *argPtr;
+ int i;
+
+@@ -619,7 +620,7 @@ void PdfParser::execOp(Object *cmd, Object args[], int numArgs) {
+ (this->*op->func)(argPtr, numArgs);
+ }
+
+-PdfOperator* PdfParser::findOp(char *name) {
++PdfOperator* PdfParser::findOp(const char *name) {
+ int a = -1;
+ int b = numOps;
+ int cmp = -1;
+@@ -1751,7 +1752,7 @@ void PdfParser::doShadingPatternFillFallback(GfxShadingPattern *sPat,
+ GBool stroke, GBool eoFill) {
+ GfxShading *shading;
+ GfxPath *savedPath;
+- double *ctm, *btm, *ptm;
++ const double *ctm, *btm, *ptm;
+ double m[6], ictm[6], m1[6];
+ double xMin, yMin, xMax, yMax;
+ double det;
+@@ -1993,7 +1994,7 @@ void PdfParser::doFunctionShFill1(GfxFunctionShading *shading,
+ GfxColor color0M, color1M, colorM0, colorM1, colorMM;
+ GfxColor colors2[4];
+ double functionColorDelta = colorDeltas[pdfFunctionShading-1];
+- double *matrix;
++ const double *matrix;
+ double xM, yM;
+ int nComps, i, j;
+
+@@ -2173,7 +2174,7 @@ void PdfParser::doPatchMeshShFill(GfxPatchMeshShading *shading) {
+ }
+ }
+
+-void PdfParser::fillPatch(GfxPatch *patch, int nComps, int depth) {
++void PdfParser::fillPatch(_POPPLER_CONST GfxPatch *patch, int nComps, int depth) {
+ GfxPatch patch00 = blankPatch();
+ GfxPatch patch01 = blankPatch();
+ GfxPatch patch10 = blankPatch();
+@@ -2581,7 +2582,11 @@ void PdfParser::opShowSpaceText(Object args[], int /*numArgs*/)
+ }
+ }
+
++#if POPPLER_CHECK_VERSION(0,64,0)
+ void PdfParser::doShowText(const GooString *s) {
++#else
++void PdfParser::doShowText(GooString *s) {
++#endif
+ GfxFont *font;
+ int wMode;
+ double riseX, riseY;
+@@ -2590,11 +2595,15 @@ void PdfParser::doShowText(const GooString *s) {
+ double x, y, dx, dy, tdx, tdy;
+ double originX, originY, tOriginX, tOriginY;
+ double oldCTM[6], newCTM[6];
+- double *mat;
++ const double *mat;
+ Object charProc;
+ Dict *resDict;
+ Parser *oldParser;
++#if POPPLER_CHECK_VERSION(0,64,0)
++ const char *p;
++#else
+ char *p;
++#endif
+ int len, n, uLen;
+
+ font = state->getFont();
+@@ -2630,7 +2639,7 @@ void PdfParser::doShowText(const GooString *s) {
+ double lineX = state->getLineX();
+ double lineY = state->getLineY();
+ oldParser = parser;
+- p = g_strdup(s->getCString());
++ p = s->getCString();
+ len = s->getLength();
+ while (len > 0) {
+ n = font->getNextChar(p, len, &code,
+@@ -2685,7 +2694,7 @@ void PdfParser::doShowText(const GooString *s) {
+
+ } else {
+ state->textTransformDelta(0, state->getRise(), &riseX, &riseY);
+- p = g_strdup(s->getCString());
++ p = s->getCString();
+ len = s->getLength();
+ while (len > 0) {
+ n = font->getNextChar(p, len, &code,
+@@ -2731,7 +2740,11 @@ void PdfParser::opXObject(Object args[], int /*numArgs*/)
+ {
+ Object obj1, obj2, obj3, refObj;
+
+- char *name = g_strdup(args[0].getName());
++#if POPPLER_CHECK_VERSION(0,64,0)
++ const char *name = args[0].getName();
++#else
++ char *name = args[0].getName();
++#endif
+ #if defined(POPPLER_NEW_OBJECT_API)
+ if ((obj1 = res->lookupXObject(name)).isNull()) {
+ #else
+@@ -3656,7 +3669,6 @@ void PdfParser::opBeginImage(Object /*args*/[], int /*numArgs*/)
+ Stream *PdfParser::buildImageStream() {
+ Object dict;
+ Object obj;
+- char *key;
+ Stream *str;
+
+ // build dictionary
+@@ -3674,26 +3686,17 @@ Stream *PdfParser::buildImageStream() {
+ obj.free();
+ #endif
+ } else {
+- key = copyString(obj.getName());
+-#if defined(POPPLER_NEW_OBJECT_API)
+- obj = parser->getObj();
+-#else
+- obj.free();
+- parser->getObj(&obj);
+-#endif
+- if (obj.isEOF() || obj.isError()) {
+- gfree(key);
++ Object obj2;
++ _POPPLER_CALL(obj2, parser->getObj);
++ if (obj2.isEOF() || obj2.isError()) {
++ _POPPLER_FREE(obj);
+ break;
+ }
+-#if defined(POPPLER_NEW_OBJECT_API)
+- dict.dictAdd(key, std::move(obj));
+- }
+- obj = parser->getObj();
+-#else
+- dict.dictAdd(key, &obj);
++ _POPPLER_DICTADD(dict, obj.getName(), obj2);
++ _POPPLER_FREE(obj);
++ _POPPLER_FREE(obj2);
+ }
+- parser->getObj(&obj);
+-#endif
++ _POPPLER_CALL(obj, parser->getObj);
+ }
+ if (obj.isEOF()) {
+ error(errSyntaxError, getPos(), "End of file in inline image");
+diff --git a/src/extension/internal/pdfinput/pdf-parser.h b/src/extension/internal/pdfinput/pdf-parser.h
+--- a/src/extension/internal/pdfinput/pdf-parser.h
++++ b/src/extension/internal/pdfinput/pdf-parser.h
+@@ -9,6 +9,7 @@
+ #define PDF_PARSER_H
+
+ #ifdef HAVE_POPPLER
++#include "poppler-transition-api.h"
+
+ #ifdef USE_GCC_PRAGMAS
+ #pragma interface
+@@ -25,6 +26,7 @@ namespace Inkscape {
+ // TODO clean up and remove using:
+ using Inkscape::Extension::Internal::SvgBuilder;
+
++#include "glib/poppler-features.h"
+ #include "goo/gtypes.h"
+ #include "Object.h"
+
+@@ -127,11 +129,14 @@ public:
+
+ // Constructor for regular output.
+ PdfParser(XRef *xrefA, SvgBuilder *builderA, int pageNum, int rotate,
+- Dict *resDict, PDFRectangle *box, PDFRectangle *cropBox);
++ Dict *resDict,
++ _POPPLER_CONST PDFRectangle *box,
++ _POPPLER_CONST PDFRectangle *cropBox);
+
+ // Constructor for a sub-page object.
+ PdfParser(XRef *xrefA, Inkscape::Extension::Internal::SvgBuilder *builderA,
+- Dict *resDict, PDFRectangle *box);
++ Dict *resDict,
++ _POPPLER_CONST PDFRectangle *box);
+
+ virtual ~PdfParser();
+
+@@ -185,7 +190,7 @@ private:
+
+ void go(GBool topLevel);
+ void execOp(Object *cmd, Object args[], int numArgs);
+- PdfOperator *findOp(char *name);
++ PdfOperator *findOp(const char *name);
+ GBool checkArg(Object *arg, TchkType type);
+ int getPos();
+
+@@ -256,7 +261,7 @@ private:
+ double x2, double y2, GfxColor *color2,
+ int nComps, int depth);
+ void doPatchMeshShFill(GfxPatchMeshShading *shading);
+- void fillPatch(GfxPatch *patch, int nComps, int depth);
++ void fillPatch(_POPPLER_CONST GfxPatch *patch, int nComps, int depth);
+ void doEndPath();
+
+ // path clipping operators
+@@ -287,7 +292,12 @@ private:
+ void opMoveShowText(Object args[], int numArgs);
+ void opMoveSetShowText(Object args[], int numArgs);
+ void opShowSpaceText(Object args[], int numArgs);
++#if POPPLER_CHECK_VERSION(0,64,0)
+ void doShowText(const GooString *s);
++#else
++ void doShowText(GooString *s);
++#endif
++
+
+ // XObject operators
+ void opXObject(Object args[], int numArgs);
+diff --git a/src/extension/internal/pdfinput/poppler-transition-api.h
This message was truncated. Download the full message here.
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 12/23] gnu: ghostscript: Update to 9.26.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-12-mbakke@fastmail.com
* gnu/packages/patches/ghostscript-bug-699708.patch,
gnu/packages/patches/ghostscript-CVE-2018-16509.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/ghostscript.scm (ghostscript): Update to 9.26.
[source](patches): Remove obsolete.
---
gnu/local.mk | 2 -
gnu/packages/ghostscript.scm | 8 +-
.../patches/ghostscript-CVE-2018-16509.patch | 193 ------------------
.../patches/ghostscript-bug-699708.patch | 160 ---------------
4 files changed, 3 insertions(+), 360 deletions(-)
delete mode 100644 gnu/packages/patches/ghostscript-CVE-2018-16509.patch
delete mode 100644 gnu/packages/patches/ghostscript-bug-699708.patch

Toggle diff (406 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index aaab4c72ec..45d8effc11 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -738,8 +738,6 @@ dist_patch_DATA = \
%D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \
%D%/packages/patches/ghc-dont-pass-linker-flags-via-response-files.patch \
%D%/packages/patches/ghc-haddock-library-unbundle.patch \
- %D%/packages/patches/ghostscript-CVE-2018-16509.patch \
- %D%/packages/patches/ghostscript-bug-699708.patch \
%D%/packages/patches/ghostscript-no-header-id.patch \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index b46451d94e..d8c0050513 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -135,7 +135,7 @@ printing, and psresize, for adjusting page sizes.")
(define-public ghostscript
(package
(name "ghostscript")
- (version "9.24")
+ (version "9.26")
(source
(origin
(method url-fetch)
@@ -145,10 +145,8 @@ printing, and psresize, for adjusting page sizes.")
"/ghostscript-" version ".tar.xz"))
(sha256
(base32
- "1mk922rnml93w2g42yxiyn8xqanc50cm65irrgh0b6lp4kgifjfl"))
- (patches (search-patches "ghostscript-CVE-2018-16509.patch"
- "ghostscript-bug-699708.patch"
- "ghostscript-no-header-creationdate.patch"
+ "1645f47all5w27bfhiq15vycdm954lmr6agqkrp68ksq6xglgvch"))
+ (patches (search-patches "ghostscript-no-header-creationdate.patch"
"ghostscript-no-header-id.patch"
"ghostscript-no-header-uuid.patch"))
(modules '((guix build utils)))
diff --git a/gnu/packages/patches/ghostscript-CVE-2018-16509.patch b/gnu/packages/patches/ghostscript-CVE-2018-16509.patch
deleted file mode 100644
index 50ffa3cb98..0000000000
--- a/gnu/packages/patches/ghostscript-CVE-2018-16509.patch
+++ /dev/null
@@ -1,193 +0,0 @@
-Ghostscript 9.24 was released with an incomplete fix for CVE-2018-16509:
-https://nvd.nist.gov/vuln/detail/CVE-2018-16509
-https://bugs.chromium.org/p/project-zero/issues/detail?id=1640#c19
-https://bugs.ghostscript.com/show_bug.cgi?id=699718
-
-The reproducers no longer work after applying these commits:
-
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e914f1da46e33decc534486598dc3eadf69e6efb
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
-https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=643b24dbd002fb9c131313253c307cf3951b3d47
-
-This patch is a "squashed" version of those.
-
-diff --git a/Resource/Init/gs_setpd.ps b/Resource/Init/gs_setpd.ps
-index bba3c8c0e..8fa7c51df 100644
---- a/Resource/Init/gs_setpd.ps
-+++ b/Resource/Init/gs_setpd.ps
-@@ -95,27 +95,41 @@ level2dict begin
- { % Since setpagedevice doesn't create new device objects,
- % we must (carefully) reinstall the old parameters in
- % the same device.
-- .currentpagedevice pop //null currentdevice //null .trysetparams
-+ .currentpagedevice pop //null currentdevice //null
-+ { .trysetparams } .internalstopped
-+ {
-+ //null
-+ } if
- dup type /booleantype eq
- { pop pop }
-- { % This should never happen!
-+ {
- SETPDDEBUG { (Error in .trysetparams!) = pstack flush } if
-- cleartomark pop pop pop
-+ {cleartomark pop pop pop} .internalstopped pop
-+ % if resetting the entire device state failed, at least put back the
-+ % security related key
-+ currentdevice //null //false mark /.LockSafetyParams
-+ currentpagedevice /.LockSafetyParams .knownget not
-+ {systemdict /SAFER .knownget not {//false} } if
-+ .putdeviceparamsonly
- /.installpagedevice cvx /rangecheck signalerror
- }
- ifelse pop pop
- % A careful reading of the Red Book reveals that an erasepage
- % should occur, but *not* an initgraphics.
- erasepage .beginpage
-- } bind def
-+ } bind executeonly def
-
- /.uninstallpagedevice
-- { 2 .endpage { .currentnumcopies //false .outputpage } if
-+ {
-+ {2 .endpage { .currentnumcopies //false .outputpage } if} .internalstopped pop
- nulldevice
- } bind def
-
- (%grestorepagedevice) cvn
-- { .uninstallpagedevice grestore .installpagedevice
-+ {
-+ .uninstallpagedevice
-+ grestore
-+ .installpagedevice
- } bind def
-
- (%grestoreallpagedevice) cvn
-diff --git a/psi/zdevice2.c b/psi/zdevice2.c
-index 0c7080d57..159a0c0d9 100644
---- a/psi/zdevice2.c
-+++ b/psi/zdevice2.c
-@@ -251,8 +251,8 @@ z2currentgstate(i_ctx_t *i_ctx_p)
- /* ------ Wrappers for operators that reset the graphics state. ------ */
-
- /* Check whether we need to call out to restore the page device. */
--static bool
--restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
-+static int
-+restore_page_device(i_ctx_t *i_ctx_p, const gs_gstate * pgs_old, const gs_gstate * pgs_new)
- {
- gx_device *dev_old = gs_currentdevice(pgs_old);
- gx_device *dev_new;
-@@ -260,9 +260,10 @@ restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
- gx_device *dev_t2;
- bool samepagedevice = obj_eq(dev_old->memory, &gs_int_gstate(pgs_old)->pagedevice,
- &gs_int_gstate(pgs_new)->pagedevice);
-+ bool LockSafetyParams = dev_old->LockSafetyParams;
-
- if ((dev_t1 = (*dev_proc(dev_old, get_page_device)) (dev_old)) == 0)
-- return false;
-+ return 0;
- /* If we are going to putdeviceparams in a callout, we need to */
- /* unlock temporarily. The device will be re-locked as needed */
- /* by putdeviceparams from the pgs_old->pagedevice dict state. */
-@@ -271,23 +272,51 @@ restore_page_device(const gs_gstate * pgs_old, const gs_gstate * pgs_new)
- dev_new = gs_currentdevice(pgs_new);
- if (dev_old != dev_new) {
- if ((dev_t2 = (*dev_proc(dev_new, get_page_device)) (dev_new)) == 0)
-- return false;
-- if (dev_t1 != dev_t2)
-- return true;
-+ samepagedevice = true;
-+ else if (dev_t1 != dev_t2)
-+ samepagedevice = false;
-+ }
-+
-+ if (LockSafetyParams && !samepagedevice) {
-+ const int required_ops = 512;
-+ const int required_es = 32;
-+
-+ /* The %grestorepagedevice must complete: the biggest danger
-+ is operand stack overflow. As we use get/putdeviceparams
-+ that means pushing all the device params onto the stack,
-+ pdfwrite having by far the largest number of parameters
-+ at (currently) 212 key/value pairs - thus needing (currently)
-+ 424 entries on the op stack. Allowing for working stack
-+ space, and safety margin.....
-+ */
-+ if (required_ops + ref_stack_count(&o_stack) >= ref_stack_max_count(&o_stack)) {
-+ gs_currentdevice(pgs_old)->LockSafetyParams = LockSafetyParams;
-+ return_error(gs_error_stackoverflow);
-+ }
-+ /* We also want enough exec stack space - 32 is an overestimate of
-+ what we need to complete the Postscript call out.
-+ */
-+ if (required_es + ref_stack_count(&e_stack) >= ref_stack_max_count(&e_stack)) {
-+ gs_currentdevice(pgs_old)->LockSafetyParams = LockSafetyParams;
-+ return_error(gs_error_execstackoverflow);
-+ }
- }
- /*
- * The current implementation of setpagedevice just sets new
- * parameters in the same device object, so we have to check
- * whether the page device dictionaries are the same.
- */
-- return !samepagedevice;
-+ return samepagedevice ? 0 : 1;
- }
-
- /* - grestore - */
- static int
- z2grestore(i_ctx_t *i_ctx_p)
- {
-- if (!restore_page_device(igs, gs_gstate_saved(igs)))
-+ int code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+ if (code < 0) return code;
-+
-+ if (code == 0)
- return gs_grestore(igs);
- return push_callout(i_ctx_p, "%grestorepagedevice");
- }
-@@ -297,7 +326,9 @@ static int
- z2grestoreall(i_ctx_t *i_ctx_p)
- {
- for (;;) {
-- if (!restore_page_device(igs, gs_gstate_saved(igs))) {
-+ int code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+ if (code < 0) return code;
-+ if (code == 0) {
- bool done = !gs_gstate_saved(gs_gstate_saved(igs));
-
- gs_grestore(igs);
-@@ -328,11 +359,15 @@ z2restore(i_ctx_t *i_ctx_p)
- if (code < 0) return code;
-
- while (gs_gstate_saved(gs_gstate_saved(igs))) {
-- if (restore_page_device(igs, gs_gstate_saved(igs)))
-+ code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+ if (code < 0) return code;
-+ if (code > 0)
- return push_callout(i_ctx_p, "%restore1pagedevice");
- gs_grestore(igs);
- }
-- if (restore_page_device(igs, gs_gstate_saved(igs)))
-+ code = restore_page_device(i_ctx_p, igs, gs_gstate_saved(igs));
-+ if (code < 0) return code;
-+ if (code > 0)
- return push_callout(i_ctx_p, "%restorepagedevice");
-
- code = dorestore(i_ctx_p, asave);
-@@ -355,9 +390,12 @@ static int
- z2setgstate(i_ctx_t *i_ctx_p)
- {
- os_ptr op = osp;
-+ int code;
-
- check_stype(*op, st_igstate_obj);
-- if (!restore_page_device(igs, igstate_ptr(op)))
-+ code = restore_page_device(i_ctx_p, igs, igstate_ptr(op));
-+ if (code < 0) return code;
-+ if (code == 0)
- return zsetgstate(i_ctx_p);
- return push_callout(i_ctx_p, "%setgstatepagedevice");
- }
diff --git a/gnu/packages/patches/ghostscript-bug-699708.patch b/gnu/packages/patches/ghostscript-bug-699708.patch
deleted file mode 100644
index 1567be1c6f..0000000000
--- a/gnu/packages/patches/ghostscript-bug-699708.patch
+++ /dev/null
@@ -1,160 +0,0 @@
-Additional security fix that missed 9.24.
-
-Taken from upstream:
-http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
-
-From fb713b3818b52d8a6cf62c951eba2e1795ff9624 Mon Sep 17 00:00:00 2001
-From: Chris Liddell <chris.liddell@artifex.com>
-Date: Thu, 6 Sep 2018 09:16:22 +0100
-Subject: [PATCH] Bug 699708 (part 1): 'Hide' non-replaceable error handlers
- for SAFER
-
-We already had a 'private' dictionary for non-standard errors: gserrordict.
-
-This now includes all the default error handlers, the dictionary is made
-noaccess and all the prodedures are bound and executeonly.
-
-When running with -dSAFER, in the event of a Postscript error, instead of
-pulling the handler from errordict, we'll pull it from gserrordict - thus
-malicious input cannot trigger problems by the use of custom error handlers.
-
-errordict remains open and writeable, so files such as the Quality Logic tests
-that install their own handlers will still 'work', with the exception that the
-custom error handlers will not be called.
-
-This is a 'first pass', 'sledgehammer' approach: a nice addition would to allow
-an integrator to specify a list of errors that are not to be replaced (for
-example, embedded applications would probably want to ensure that VMerror is
-always handled as they intend).
----
- Resource/Init/gs_init.ps | 29 ++++++++++++++++++-----------
- psi/interp.c | 30 +++++++++++++++++++++---------
- 2 files changed, 39 insertions(+), 20 deletions(-)
-
-diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps
-index 071c39205..bc8b7951c 100644
---- a/Resource/Init/gs_init.ps
-+++ b/Resource/Init/gs_init.ps
-@@ -881,7 +881,7 @@ userdict /.currentresourcefile //null put
- { not exch pop exit } { pop } ifelse
- }
- for exch pop .quit
-- } bind def
-+ } bind executeonly def
- /.errorhandler % <command> <errorname> .errorhandler -
- { % Detect an internal 'stopped'.
- 1 .instopped { //null eq { pop pop stop } if } if
-@@ -926,7 +926,7 @@ userdict /.currentresourcefile //null put
- $error /globalmode get $error /.nosetlocal get and .setglobal
- $error /.inerror //false put
- stop
-- } bind def
-+ } bind executeonly def
- % Define the standard handleerror. We break out the printing procedure
- % (.printerror) so that it can be extended for binary output
- % if the Level 2 facilities are present.
-@@ -976,7 +976,7 @@ userdict /.currentresourcefile //null put
- ifelse % newerror
- end
- flush
-- } bind def
-+ } bind executeonly def
- /.printerror_long % long error printout,
- % $error is on the dict stack
- { % Push the (anonymous) stack printing procedure.
-@@ -1053,14 +1053,14 @@ userdict /.currentresourcefile //null put
- { (Current file position is ) print position = }
- if
-
-- } bind def
-+ } bind executeonly def
- % Define a procedure for clearing the error indication.
- /.clearerror
- { $error /newerror //false put
- $error /errorname //null put
- $error /errorinfo //null put
- 0 .setoserrno
-- } bind def
-+ } bind executeonly def
-
- % Define $error. This must be in local VM.
- .currentglobal //false .setglobal
-@@ -1086,11 +1086,15 @@ end
- /errordict ErrorNames length 3 add dict
- .forcedef % errordict is local, systemdict is global
- .setglobal % back to global VM
--% For greater Adobe compatibility, we put all non-standard errors in a
--% separate dictionary, gserrordict. It does not need to be in local VM,
--% because PostScript programs do not access it.
-+% gserrordict contains all the default error handling methods, but unlike
-+% errordict it is noaccess after creation (also it is in global VM).
-+% When running 'SAFER', we'll ignore the contents of errordict, which
-+% may have been tampered with by the running job, and always use gserrordict
-+% gserrordict also contains any non-standard errors, for better compatibility
-+% with Adobe.
-+%
- % NOTE: the name gserrordict is known to the interpreter.
--/gserrordict 5 dict def
-+/gserrordict ErrorNames length 3 add dict def
- % Register an error in errordict. We make this a procedure because we only
- % register the Level 1 errors here: the rest are registered by "feature"
- % files. However, ErrorNames contains all of the error names regardless of
-@@ -1119,8 +1123,11 @@ errordict begin
- } bind def
- end % errordict
-
--% Put non-standard errors in gserrordict.
--gserrordict /unknownerror errordict /unknownerror get put
-+% Put all the default handlers in gserrordict
-+gserrordict
-+errordict {2 index 3 1 roll put} forall
-+noaccess pop
-+% remove the non-standard errors from errordict
- errordict /unknownerror .undef
- % Define a stable private copy of handleerror that we will always use under
- % JOBSERVER mode.
-diff --git a/psi/interp.c b/psi/interp.c
-index c27b70dca..d41a9d3f5 100644
---- a/psi/interp.c
-+++ b/psi/interp.c
-@@ -661,16 +661,28 @@ again:
- return code;
- if (gs_errorname(i_ctx_p, code, &error_name) < 0)
- return code; /* out-of-range error code! */
-- /*
-- * For greater Adobe compatibility, only the standard PostScript errors
-- * are defined in errordict; the rest are in gserrordict.
-+
-+ /* If LockFilePermissions is true, we only refer to gserrordict, which
-+ * is not accessible to Postcript jobs
- */
-- if (dict_find_string(systemdict, "errordict", &perrordict) <= 0 ||
-- (dict_find(perrordict, &error_name, &epref) <= 0 &&
-- (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
-- dict_find(perrordict, &error_name, &epref) <= 0))
-- )
-- return code; /* error name not in errordict??? */
-+ if (i_ctx_p->LockFilePermissions) {
-+ if (((dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
-+ dict_find(perrordict, &error_name, &epref) <= 0))
-+ )
-+ return code; /* error name not in errordict??? */
-+ }
-+ else {
-+ /*
-+ * For greater Adobe compatibility, only the standard PostScript errors
-+ * are defined in errordict; the rest are in gserrordict.
-+ */
-+ if (dict_find_string(systemdict, "errordict", &perrordict) <= 0 ||
-+ (dict_find(perrordict, &error_name, &epref) <= 0 &&
-+ (dict_find_string(systemdict, "gserrordict", &perrordict) <= 0 ||
-+ dict_find(perrordict, &error_name, &epref) <= 0))
-+ )
-+ return code; /* error name not in errordict??? */
-+ }
- doref = *epref;
- epref = &doref;
- /* Push the error object on the operand stack if appropriate. */
---
-2.18.0
-
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 13/23] gnu: icu4c: Update to 63.1.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-13-mbakke@fastmail.com
* gnu/packages/icu4c.scm (icu4c): Update to 63.1.
---
gnu/packages/icu4c.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 2d28107e81..6e93d6aed9 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -32,7 +32,7 @@
(define-public icu4c
(package
(name "icu4c")
- (version "62.1")
+ (version "63.1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -42,7 +42,7 @@
(string-map (lambda (x) (if (char=? x #\.) #\_ x)) version)
"-src.tgz"))
(sha256
- (base32 "18ssgnwzzpm1g1fvbm9h1fvryiwxvvn5wc3fdakdsl33cs6qdn9x"))))
+ (base32 "17fbk0lm2clsxbmjzvyp245ayx0n4chji3ky1f3fbz2ljjv91i05"))))
(build-system gnu-build-system)
(inputs
`(("perl" ,perl)))
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 14/23] gnu: tzdata-for-tests: Update to 2018g.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-14-mbakke@fastmail.com
* gnu/packages/base.scm (tzdata-for-tests): Inherit TZDATA.
---
gnu/packages/base.scm | 18 +-----------------
1 file changed, 1 insertion(+), 17 deletions(-)

Toggle diff (31 lines)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 55a0290600..932416a60d 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -1173,23 +1173,7 @@ and daylight-saving rules.")
(define-public tzdata-for-tests
(hidden-package
(package
- (inherit tzdata)
- (version "2018d")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://www.iana.org/time-zones/repository"
- "/releases/tzdata" version ".tar.gz"))
- (sha256
- (base32
- "0m6020dnk9r40z7k36jp13fa06xip3hn0fdx3nly66jzxgffs1ji"))))
- (inputs `(("tzcode" ,(origin
- (method url-fetch)
- (uri (string-append
- "http://www.iana.org/time-zones/repository/releases/tzcode"
- version ".tar.gz"))
- (sha256
- (base32
- "1nd882yhsazmcfqmcqyfig3axycryl30gmizgqhqsx5dpa2lxr3x")))))))))
+ (inherit tzdata))))
(define-public libiconv
(package
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 15/23] gnu: nghttp2: Update to 1.35.1.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-15-mbakke@fastmail.com
* gnu/packages/web.scm (nghttp2): Update to 1.35.1.
[native-inputs]: Add GCC-7.
[arguments]: Add workaround for https://bugs.gnu.org/30756.
---
gnu/packages/web.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (48 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index caf56e4119..17deb5c222 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -79,6 +79,7 @@
#:use-module (gnu packages flex)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages kerberos)
+ #:use-module (gnu packages gcc)
#:use-module (gnu packages gd)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib)
@@ -6696,7 +6697,7 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
(define-public nghttp2
(package
(name "nghttp2")
- (version "1.32.0")
+ (version "1.35.1")
(source
(origin
(method url-fetch)
@@ -6705,12 +6706,13 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0zbgp8f80h2zlfn8cd2ldrmgl81jzcdh1141n71aqmfckzaqj2kh"))))
+ "0fi6qg2w82636wixwkqy7bclpgxslmvg82r431hs8h6aqc4mnzwv"))))
(build-system gnu-build-system)
(outputs (list "out"
"lib")) ; only libnghttp2
(native-inputs
`(("pkg-config" ,pkg-config)
+ ("gcc" ,gcc-7) ; 1.35.0 requires GCC6 or later
;; Required by tests.
("cunit" ,cunit)
@@ -6742,6 +6744,9 @@ derivation by David Revoy from the original MonsterID by Andreas Gohr.")
(("@prefix@")
(assoc-ref outputs "lib")))
#t))
+ (add-before 'configure 'work-around-bug-30756
+ (lambda _
+ (for-each unsetenv '("C_INCLUDE_PATH" "CPLUS_INCLUDE_PATH")) #t))
(add-before 'check 'set-timezone-directory
(lambda* (#:key inputs #:allow-other-keys)
(setenv "TZDIR" (string-append (assoc-ref inputs "tzdata")
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 16/23] gnu: nettle: Update to 3.4.1.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-16-mbakke@fastmail.com
* gnu/packages/nettle.scm (nettle): Update to 3.4.1.
---
gnu/packages/nettle.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm
index 1212f32812..1f91b74d8b 100644
--- a/gnu/packages/nettle.scm
+++ b/gnu/packages/nettle.scm
@@ -75,14 +75,14 @@ themselves.")
;; This version is not API-compatible with version 2. In particular, lsh
;; cannot use it yet. So keep it separate.
(package (inherit nettle-2)
- (version "3.4")
+ (version "3.4.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/nettle/nettle-"
version ".tar.gz"))
(sha256
(base32
- "150y8655h629wn946dvzasq16qxsc1m9nf58mifvhl350bgl4ymf"))))
+ "1bcji95n1iz9p9vsgdgr26v6s7zhpsxfbjjwpqcihpfd6lawyhgr"))))
(arguments
(substitute-keyword-arguments (package-arguments nettle-2)
((#:configure-flags flags)
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 17/23] gnu: cyrus-sasl: Update to 2.1.27.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-17-mbakke@fastmail.com
* gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/cyrus-sasl.scm (cyrus-sasl): Update to 2.1.27.
[source](patches): Remove.
[inputs]: Move MIT-KRB5 from here ...
[propagated-inputs]: ... to here. New field.
---
gnu/local.mk | 1 -
gnu/packages/cyrus-sasl.scm | 9 +-
.../patches/cyrus-sasl-CVE-2013-4122.patch | 130 ------------------
3 files changed, 5 insertions(+), 135 deletions(-)
delete mode 100644 gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch

Toggle diff (181 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 45d8effc11..0d279e55eb 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -649,7 +649,6 @@ dist_patch_DATA = \
%D%/packages/patches/cube-nocheck.patch \
%D%/packages/patches/cursynth-wave-rand.patch \
%D%/packages/patches/cvs-2017-12836.patch \
- %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch \
%D%/packages/patches/datamash-arm-tests.patch \
%D%/packages/patches/dbus-helper-search-path.patch \
%D%/packages/patches/deja-dup-use-ref-keyword-for-iter.patch \
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index 60c1e0ef94..0a5e464719 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -31,7 +31,7 @@
(define-public cyrus-sasl
(package
(name "cyrus-sasl")
- (version "2.1.26")
+ (version "2.1.27")
(source (origin
(method url-fetch)
(uri (list (string-append
@@ -40,13 +40,14 @@
(string-append
"ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
version ".tar.gz")))
- (patches (search-patches "cyrus-sasl-CVE-2013-4122.patch"))
(sha256 (base32
- "1hvvbcsg21nlncbgs0cgn3iwlnb3vannzwsp6rwvnn9ba4v53g4g"))))
+ "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))))
(build-system gnu-build-system)
(inputs `(("gdbm" ,gdbm)
- ("mit-krb5" ,mit-krb5)
("openssl" ,openssl)))
+ (propagated-inputs
+ `(;; cyrus-sasl.pc refers to -lkrb5, so propagate it.
+ ("mit-krb5" ,mit-krb5)))
(arguments
'(#:configure-flags (list (string-append "--with-plugindir="
(assoc-ref %outputs "out")
diff --git a/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch b/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
deleted file mode 100644
index fc72e42e03..0000000000
--- a/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-Fix CVE-2013-4122.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122
-
-Patch copied from upstream source repository:
-https://github.com/cyrusimap/cyrus-sasl/commit/dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
-
-From dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d Mon Sep 17 00:00:00 2001
-From: mancha <mancha1@hush.com>
-Date: Thu, 11 Jul 2013 10:08:07 +0100
-Subject: Handle NULL returns from glibc 2.17+ crypt()
-
-Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
-(w/ NULL return) if the salt violates specifications. Additionally,
-on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
-passed to crypt() fail with EPERM (w/ NULL return).
-
-When using glibc's crypt(), check return value to avoid a possible
-NULL pointer dereference.
-
-Patch by mancha1@hush.com.
----
- pwcheck/pwcheck_getpwnam.c | 3 ++-
- pwcheck/pwcheck_getspnam.c | 4 +++-
- saslauthd/auth_getpwent.c | 4 +++-
- saslauthd/auth_shadow.c | 8 +++-----
- 4 files changed, 11 insertions(+), 8 deletions(-)
-
-diff --git a/pwcheck/pwcheck_getpwnam.c b/pwcheck/pwcheck_getpwnam.c
-index 4b34222..400289c 100644
---- a/pwcheck/pwcheck_getpwnam.c
-+++ b/pwcheck/pwcheck_getpwnam.c
-@@ -32,6 +32,7 @@ char *userid;
- char *password;
- {
- char* r;
-+ char* crpt_passwd;
- struct passwd *pwd;
-
- pwd = getpwnam(userid);
-@@ -41,7 +42,7 @@ char *password;
- else if (pwd->pw_passwd[0] == '*') {
- r = "Account disabled";
- }
-- else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
-+ else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
- r = "Incorrect password";
- }
- else {
-diff --git a/pwcheck/pwcheck_getspnam.c b/pwcheck/pwcheck_getspnam.c
-index 2b11286..6d607bb 100644
---- a/pwcheck/pwcheck_getspnam.c
-+++ b/pwcheck/pwcheck_getspnam.c
-@@ -32,13 +32,15 @@ char *userid;
- char *password;
- {
- struct spwd *pwd;
-+ char *crpt_passwd;
-
- pwd = getspnam(userid);
- if (!pwd) {
- return "Userid not found";
- }
-
-- if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
-+ crpt_passwd = crypt(password, pwd->sp_pwdp);
-+ if (!crpt_passwd || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
- return "Incorrect password";
- }
- else {
-diff --git a/saslauthd/auth_getpwent.c b/saslauthd/auth_getpwent.c
-index fc8029d..d4ebe54 100644
---- a/saslauthd/auth_getpwent.c
-+++ b/saslauthd/auth_getpwent.c
-@@ -77,6 +77,7 @@ auth_getpwent (
- {
- /* VARIABLES */
- struct passwd *pw; /* pointer to passwd file entry */
-+ char *crpt_passwd; /* encrypted password */
- int errnum;
- /* END VARIABLES */
-
-@@ -105,7 +106,8 @@ auth_getpwent (
- }
- }
-
-- if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
-+ crpt_passwd = crypt(password, pw->pw_passwd);
-+ if (!crpt_passwd || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
- if (flags & VERBOSE) {
- syslog(LOG_DEBUG, "DEBUG: auth_getpwent: %s: invalid password", login);
- }
-diff --git a/saslauthd/auth_shadow.c b/saslauthd/auth_shadow.c
-index 677131b..1988afd 100644
---- a/saslauthd/auth_shadow.c
-+++ b/saslauthd/auth_shadow.c
-@@ -210,8 +210,8 @@ auth_shadow (
- RETURN("NO Insufficient permission to access NIS authentication database (saslauthd)");
- }
-
-- cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
-- if (strcmp(sp->sp_pwdp, cpw)) {
-+ cpw = crypt(password, sp->sp_pwdp);
-+ if (!cpw || strcmp(sp->sp_pwdp, (const char *)cpw)) {
- if (flags & VERBOSE) {
- /*
- * This _should_ reveal the SHADOW_PW_LOCKED prefix to an
-@@ -221,10 +221,8 @@ auth_shadow (
- syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
- sp->sp_pwdp, cpw);
- }
-- free(cpw);
- RETURN("NO Incorrect password");
- }
-- free(cpw);
-
- /*
- * The following fields will be set to -1 if:
-@@ -286,7 +284,7 @@ auth_shadow (
- RETURN("NO Invalid username");
- }
-
-- if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
-+ if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
- if (flags & VERBOSE) {
- syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
- password, upw->upw_passwd);
---
-cgit v0.12
-
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 20/23] gnu: libuv: Update to 1.24.0.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-20-mbakke@fastmail.com
* gnu/packages/libevent.scm (libuv): Update to 1.24.0.
---
gnu/packages/libevent.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 2de29707ca..c9ed941202 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -122,14 +122,14 @@ limited support for fork events.")
(define-public libuv
(package
(name "libuv")
- (version "1.23.0")
+ (version "1.24.0")
(source (origin
(method url-fetch)
(uri (string-append "https://dist.libuv.org/dist/v" version
"/libuv-v" version ".tar.gz"))
(sha256
(base32
- "09yf7c71n8b80nbsv4lsmq5nqmb0rylhpx3z9jgkv5za9lr6sx6i"))))
+ "01pg0zsfr8mxlpipkbpw0dpsl26x5s966f5br7dx9ac29abk419q"))))
(build-system gnu-build-system)
(arguments
'(;; XXX: Some tests want /dev/tty, attempt to make connections, etc.
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 18/23] gnu: jansson: Update to 2.12.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-18-mbakke@fastmail.com
* gnu/packages/web.scm (jansson): Update to 2.12.
[source](uri): Use bzip2 compressed tarball.
---
gnu/packages/web.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 17deb5c222..f8315d4379 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -510,15 +510,15 @@ libraries for working with JNLP applets.")
(define-public jansson
(package
(name "jansson")
- (version "2.11")
+ (version "2.12")
(source (origin
(method url-fetch)
(uri
(string-append "http://www.digip.org/jansson/releases/jansson-"
- version ".tar.gz"))
+ version ".tar.bz2"))
(sha256
(base32
- "1x5jllzzqamq6kahx9d9a5mrarm9m3f30vfxvcqpi6p4mcnz91bf"))))
+ "1lp1mv8pjp5yziws66cy0dhpcam4bbjqhffk13v4vgdybp674pb4"))))
(build-system gnu-build-system)
(home-page "http://www.digip.org/jansson/")
(synopsis "JSON C library")
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 21/23] gnu: CMake: Update to 3.13.1.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-21-mbakke@fastmail.com
* gnu/packages/cmake.scm (cmake): Update to 3.13.1.
---
gnu/packages/cmake.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/cmake.scm b/gnu/packages/cmake.scm
index 5abf087557..7186cf98df 100644
--- a/gnu/packages/cmake.scm
+++ b/gnu/packages/cmake.scm
@@ -44,7 +44,7 @@
(define-public cmake
(package
(name "cmake")
- (version "3.12.2")
+ (version "3.13.1")
(source (origin
(method url-fetch)
(uri (string-append "https://www.cmake.org/files/v"
@@ -52,7 +52,7 @@
"/cmake-" version ".tar.gz"))
(sha256
(base32
- "19410mxgcyvk5q42phaclb1hz6rl08z4yj8iriq706p5k5bli5qg"))
+ "04123d7fgnn1fs5p0nwyq397ss89r0y4wkg9a09qiwkjsvk1rzmy"))
(modules '((guix build utils)))
(snippet
'(begin
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 19/23] gnu: GnuTLS: Update to 3.6.5.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-19-mbakke@fastmail.com
* gnu/packages/patches/gnutls-skip-pkgconfig-test.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/tls.scm (gnutls): Update to 3.6.5.
[source](patches): Remove obsolete.
[source](snippet): Add Guile detection fix.
---
gnu/local.mk | 1 -
.../patches/gnutls-skip-pkgconfig-test.patch | 24 -------------------
gnu/packages/tls.scm | 17 +++++++++----
3 files changed, 12 insertions(+), 30 deletions(-)
delete mode 100644 gnu/packages/patches/gnutls-skip-pkgconfig-test.patch

Toggle diff (34 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 0d279e55eb..3f2ca7a845 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -772,7 +772,6 @@ dist_patch_DATA = \
%D%/packages/patches/gnucash-price-quotes-perl.patch \
%D%/packages/patches/gnucash-disable-failing-tests.patch \
%D%/packages/patches/gnutls-skip-trust-store-test.patch \
- %D%/packages/patches/gnutls-skip-pkgconfig-test.patch \
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
%D%/packages/patches/gobject-introspection-cc.patch \
%D%/packages/patches/gobject-introspection-girepository.patch \
diff --git a/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch b/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
deleted file mode 100644
index 1fad7c14e3..0000000000
--- a/gnu/packages/patches/gnutls-skip-pkgconfig-test.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-FIXME: The static test fails with an error such as:
-
-/tmp/guix-build-gnutls-3.5.13.drv-0/ccOnGPmc.o: In function `main':
-c.29617.tmp.c:(.text+0x5): undefined reference to `gnutls_global_init'
-collect2: error: ld returned 1 exit status
-FAIL pkgconfig.sh (exit status: 1)
-
-diff --git a/tests/pkgconfig.sh b/tests/pkgconfig.sh
-index 6bd4e62f9..05aab8278 100755
---- a/tests/pkgconfig.sh
-+++ b/tests/pkgconfig.sh
-@@ -57,11 +57,7 @@ echo "Trying dynamic linking with:"
- echo " * flags: $(${PKGCONFIG} --libs gnutls)"
- echo " * common: ${COMMON}"
- echo " * lib: ${CFLAGS}"
--cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
--
--echo ""
--echo "Trying static linking with $(${PKGCONFIG} --libs --static gnutls)"
--cc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --static --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
-+gcc ${TMPFILE} -o ${TMPFILE_O} $(${PKGCONFIG} --libs gnutls) $(${PKGCONFIG} --cflags gnutls) ${COMMON}
-
- rm -f ${TMPFILE} ${TMPFILE_O}
-
Toggle diff (39 lines)
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index d9971441c6..73be90d0d3 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -162,7 +162,7 @@ living in the same process.")
(define-public gnutls
(package
(name "gnutls")
- (version "3.5.18")
+ (version "3.6.5")
(source (origin
(method url-fetch)
(uri
@@ -171,12 +171,19 @@ living in the same process.")
(string-append "mirror://gnupg/gnutls/v"
(version-major+minor version)
"/gnutls-" version ".tar.xz"))
- (patches
- (search-patches "gnutls-skip-trust-store-test.patch"
- "gnutls-skip-pkgconfig-test.patch"))
+ (patches (search-patches "gnutls-skip-trust-store-test.patch"))
(sha256
(base32
- "0d02x28fwkkx7xzn7807nww6idchizzq3plx8sfcyiw7wzclh8mf"))))
+ "0ddvg97dyrh8dkffv1mdc0knxx5my3qdbzv97s4a6jggmk9wwgh7"))
+ (modules '((guix build utils)))
+ (snippet
+ '(begin
+ ;; XXX: The generated configure script in GnuTLS 3.6.5
+ ;; apparently does not know about Guile 2.2.
+ (substitute* "configure"
+ (("guile_versions_to_search=\"2\\.0 1\\.8\"")
+ "guile_versions_to_search=\"2.2 2.0 1.8\""))
+ #t))))
(build-system gnu-build-system)
(arguments
`(; Ensure we don't keep a reference to this buggy software.
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 22/23] gnu: meson: Update to 0.49.0.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-22-mbakke@fastmail.com
* gnu/packages/build-tools.scm (meson): Update to 0.49.0.
---
gnu/packages/build-tools.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm
index d42d03cee9..628b36fff5 100644
--- a/gnu/packages/build-tools.scm
+++ b/gnu/packages/build-tools.scm
@@ -158,7 +158,7 @@ files and generates build instructions for the Ninja build system.")
(define-public meson
(package
(name "meson")
- (version "0.48.2")
+ (version "0.49.0")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/mesonbuild/meson/"
@@ -166,7 +166,7 @@ files and generates build instructions for the Ninja build system.")
version ".tar.gz"))
(sha256
(base32
- "01jmm2wmnqhqk6f2gfhzhyzh0il6bjbyl8syy457p76ws2zxisir"))))
+ "0l8m1v7cl5ybm7psfqmmdqbvmnsbb1qhb8ni3hwap3i0mk29a0zv"))))
(build-system python-build-system)
(arguments
`(;; FIXME: Tests require many additional inputs, a fix for the RUNPATH
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 02:14
[PATCH staging 23/23] gnu: glib-networking: Update to 2.59.1.
(address . 33701@debbugs.gnu.org)
20181211011416.15902-23-mbakke@fastmail.com
* gnu/packages/gnome.scm (glib-networking): Update to 2.59.1.
[build-system]: Change to MESON-BUILD-SYSTEM.
[arguments]: Remove.
(libsoup)[arguments]: Remove obsolete 'pre-check' code.
---
gnu/local.mk | 1 -
gnu/packages/gnome.scm | 73 +------------------
.../glib-networking-ssl-cert-file.patch | 29 --------
3 files changed, 3 insertions(+), 100 deletions(-)
delete mode 100644 gnu/packages/patches/glib-networking-ssl-cert-file.patch

Toggle diff (150 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 3f2ca7a845..03627b98c1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -741,7 +741,6 @@ dist_patch_DATA = \
%D%/packages/patches/ghostscript-no-header-uuid.patch \
%D%/packages/patches/ghostscript-no-header-creationdate.patch \
%D%/packages/patches/giflib-make-reallocarray-private.patch \
- %D%/packages/patches/glib-networking-ssl-cert-file.patch \
%D%/packages/patches/glib-tests-timer.patch \
%D%/packages/patches/glibc-CVE-2015-5180.patch \
%D%/packages/patches/glibc-CVE-2015-7547.patch \
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 9d8e4a8d33..059eb46cdc 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -2396,7 +2396,7 @@ library.")
(define-public glib-networking
(package
(name "glib-networking")
- (version "2.54.1")
+ (version "2.59.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/glib-networking/"
@@ -2404,29 +2404,8 @@ library.")
name "-" version ".tar.xz"))
(sha256
(base32
- "0bq16m9nh3gcz9x2fvygr0iwxd2pxcbrm3lj3kihsnh1afv8g9za"))
- (patches
- (search-patches "glib-networking-ssl-cert-file.patch"))))
- (build-system gnu-build-system)
- (arguments
- `(#:configure-flags
- '("--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt")
- #:phases
- (modify-phases %standard-phases
- (add-before 'configure 'patch-giomoduledir
- ;; Install GIO modules into $out/lib/gio/modules.
- (lambda _
- (substitute* "configure"
- (("GIO_MODULE_DIR=.*")
- (string-append "GIO_MODULE_DIR=" %output
- "/lib/gio/modules\n")))
- #t))
- (add-before 'check 'use-empty-ssl-cert-file
- (lambda _
- ;; The ca-certificates.crt is not available in the build
- ;; environment.
- (setenv "SSL_CERT_FILE" "/dev/null")
- #t)))))
+ "09nf78wzjfvbd722smn4wq4c7njyswg3kvgvim2h635b5dl94jqd"))))
+ (build-system meson-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)))
@@ -2516,55 +2495,9 @@ libxml to ease remote use of the RESTful API.")
;; The 'check-local' target runs 'env LANG=C sort -u',
;; unset 'LC_ALL' to make 'LANG' working.
(unsetenv "LC_ALL")
- ;; The ca-certificates.crt is not available in the build
- ;; environment.
- (setenv "SSL_CERT_FILE" "/dev/null")
;; HTTPD in Guix uses mod_event and does not build prefork.
(substitute* "tests/httpd.conf"
(("^LoadModule mpm_prefork_module.*$") "\n"))
-
- ;; Generate a self-signed certificate that has "localhost" as its
- ;; 'dnsName'. Failing to do that, and starting with GnuTLS
- ;; 3.5.12, tests such as "ssl-tests" fail:
- ;;
- ;; ERROR:ssl-test.c:406:do_tls_interaction_test: Unexpected status 6 Unacceptable TLS certificate (expected 200 OK)
- ;;
- ;; 'certtool' is interactive so we have to pipe it the answers.
- ;; Reported at <https://bugzilla.gnome.org/show_bug.cgi?id=784696>.
- (let ((pipe (open-output-pipe "certtool --generate-self-signed \
- --load-privkey tests/test-key.pem --outfile tests/test-cert.pem")))
- (for-each (lambda (line)
- (display line pipe)
- (newline pipe))
- '("" ;Common name
- "" ;UID
- "Guix" ;Organizational unit name
- "GNU" ;Organization name
- "" ;Locality name
- "" ;State or province
- "" ;Country
- "" ;subject's domain component (DC)
- "" ;E-mail
- "" ;serial number
- "-1" ;expiration time
- "N" ;belong to authority?
- "N" ;web client certificate?
- "N" ;IPsec IKE?
- "Y" ;web server certificate?
- "localhost" ;dnsName of subject
- "" ;dnsName of subject (end)
- "" ;URI of subject
- "127.0.0.1" ;IP address of subject
- "" ;signing?
- "" ;encryption?
- "" ;sign OCSP requests?
- "" ;sign code?
- "" ;time stamping?
- "" ;email protection?
- "" ;URI of the CRL distribution point
- "y" ;above info OK?
- ))
- (close-pipe pipe))
#t))
(replace 'install
(lambda _
diff --git a/gnu/packages/patches/glib-networking-ssl-cert-file.patch b/gnu/packages/patches/glib-networking-ssl-cert-file.patch
deleted file mode 100644
index 32bdd0790f..0000000000
--- a/gnu/packages/patches/glib-networking-ssl-cert-file.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@gmail.com>
-Date: Fri, 14 Aug 2015 17:28:36 +0800
-Subject: [PATCH] gnutls: Allow overriding the anchor file location by
- 'SSL_CERT_FILE'
-
----
- tls/gnutls/gtlsbackend-gnutls.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c
-index 55ec1a5..217d3c8 100644
---- a/tls/gnutls/gtlsbackend-gnutls.c
-+++ b/tls/gnutls/gtlsbackend-gnutls.c
-@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls *self,
- GError **error)
- {
- const gchar *anchor_file = NULL;
-+ anchor_file = g_getenv ("SSL_CERT_FILE");
- #ifdef GTLS_SYSTEM_CA_FILE
-- anchor_file = GTLS_SYSTEM_CA_FILE;
-+ if (!anchor_file)
-+ anchor_file = GTLS_SYSTEM_CA_FILE;
- #endif
- return g_tls_file_database_new (anchor_file, error);
- }
---
-2.4.3
-
--
2.20.0
M
M
Marius Bakke wrote on 11 Dec 2018 21:42
Re: [bug#33701] [PATCH staging 00/23] Glib/GTK+ updates
(address . 33701@debbugs.gnu.org)
87k1kfssm6.fsf@fastmail.com
Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (10 lines)
> This late series adds around 1000 rebuilds to the current staging
> branch. They also bring many of the GNOME family libraries to the
> latest upstream versions.
>
> The good:
> * Latest Ghostscript, Poppler, Harfbuzz, GnuTLS, and other
> security-critical libraries. Some of these have changed
> build systems, or ABIs, so future patching is easier.
> * Most/all regressions are already fixed.

Whoops, I spoke too soon: I upgraded glib-networking from 2.58 to 2.59
in the last minute (to fix a test failure), but the change broke libsoup
and possibly more.

In v2 of this series, two patches have diverged. Libsoup was adjusted
to cope with the new "certtool" API from GnuTLS 3.6:
Attachment: 0019-gnu-GnuTLS-Update-to-3.6.5.patch
...while Glib-Networking was downgraded to 2.58, and removes related
code at the same time:
Attachment: 0023-gnu-glib-networking-Update-to-2.58.0.patch
The reason for removing SSL_CERT_FILE completely instead of adjusting
the patch is that Glib-Networking no longer does any certificate
handling by itself, instead everything is handed over to GnuTLS. Thus
supporting such a patch is difficult, and it does not seem to be needed
anymore in practice.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlwQISEACgkQoqBt8qM6
VPpY8Qf+OCOAFs7H0dqvFmkbhIvjIjDz5YKaAdMWR2W+xn9AfGiKRGpPgKqx3+++
AMLivLyz8DCAnf5nCKm/i80HpeLX9uGp/NWZGkJoGF56dVIQSdcaT3LDAdqJM0gC
B1of5xJfShCcuegTTa9NkP+eSPYpgeoyoA80Lny7UGQhgfR526sxkalKEiGtqJTk
gWkSaynQ1yVyYzlJwjFPK462m7ZzVAK1xpFWRRGZw3dK6v1fhCsX3jDtRGviaG0n
sk5AFy3gIuvh/He+xa27jM0t9tGSuAPHGkmHMtfNfCdKeH0K8nl45EqL01wlIsnV
yDvA8mO0bICtbl0DS3EL3pC2EINs7g==
=+KEK
-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 12 Dec 2018 02:05
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 33701@debbugs.gnu.org)
20181212010549.GA5512@jasmine.lan
On Tue, Dec 11, 2018 at 02:12:05AM +0100, Marius Bakke wrote:
Toggle quote (8 lines)
> This late series adds around 1000 rebuilds to the current staging
> branch. They also bring many of the GNOME family libraries to the
> latest upstream versions.
>
> The good:
> * Latest Ghostscript, Poppler, Harfbuzz, GnuTLS, and other
> security-critical libraries.

That's great.

Toggle quote (3 lines)
> Some of these have changed
> build systems, or ABIs, so future patching is easier.

Okay, makes sense.

Toggle quote (2 lines)
> * Most/all regressions are already fixed.

Good :)

Toggle quote (3 lines)
> The bad:
> * GCC7 is now in the closure of cURL (via nghttp2).

Oh well.

Toggle quote (7 lines)
>
> The ugly:
> * 37 files changed, 1225 insertions(+), 996 deletions(-)
> * Total rebuild count for staging is around 4700 packages.
>
> WDYT?

It seems like a lot, but it's probably not higher than previous staging
branches, right? I have an intuitive sense of how quickly Hydra could
build this, but not for Cuirass on <berlin.guixsd.org>. Does it seem
reasonable to you?
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlwQXucACgkQJkb6MLrK
fwjVuxAA7XOR2nQfwRQbprlJwZrRH0UwmG7T2ZzVMzFjj71DQGND7CXgCAXow0e+
iel4DIFZiRpGJORw73LZUubtA66z21XcJtTRyhbziQW7Mx6xpskxnJC3vksORV21
zhIi9K9Cg/Ftgb6M/eNqoVtrvpkQ8vwodXEdqJ0ve29plANUzlwKusd+IT5qSfiu
hGXnmQ1TL0kBdOkn6vsBlvki77Ey58WHp2NB4qIPdmjkzNdMwZ7VT131PutU6Etb
3eAZKnrgnDuMW2P4kfk8hmuK79sZLaaO0MGIspLhKI/t7sS+8oq7zzq7YBeFQUwc
rzBMLVzr5xz0I8FoJ17RK+eNW6569x/6zQTQeQ81DSAS1dGPRVPqUMLGOqIZj8+a
19M2Sbth6WdGJ0bYxb/lv9nPqaMi8wkbu6HwbTHE5XzxKzTm1Nl6/VID88QmLQDl
n3JGvm4yupbj8+QGpauXGzoFwzxCb7Fwnx1XPzg1kwHodli3nNgfTmfs6OoliNsA
CJwCaK/rKpfa48iaOWGxOw8eYLp0f1QmdOTagK/7xSEf21AyNWaonmJfXN1ZqBqc
LDKkOcQAnw/KaRpZVD5JKjxU6Etv1XEk8FstXEAT5xeR5bulgYZaoGfzzY6iz2zE
uo3pzVUP0f2+lrRdBxw4ojBSNKMtSbHzDaIpJsnh6+0zDCr0sK8=
=c80Z
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 12 Dec 2018 02:07
Re: [bug#33701] [PATCH staging 12/23] gnu: ghostscript: Update to 9.26.
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 33701@debbugs.gnu.org)
20181212010720.GB5512@jasmine.lan
On Tue, Dec 11, 2018 at 02:14:05AM +0100, Marius Bakke wrote:
Toggle quote (6 lines)
> * gnu/packages/patches/ghostscript-bug-699708.patch,
> gnu/packages/patches/ghostscript-CVE-2018-16509.patch: Delete files.
> * gnu/local.mk (dist_patch_DATA): Remove them.
> * gnu/packages/ghostscript.scm (ghostscript): Update to 9.26.
> [source](patches): Remove obsolete.

Very good, this is an important update.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlwQX0gACgkQJkb6MLrK
fwg8zRAA39e5JRtw7Zq2069XGdimg3Cru+fg5bqIs/VqbqB/0K2kyOItACNR+2+X
k2C/c1Q1uwqzCEK8pSxSy0Jo8K1ZhYE3XaA4NjEQHVvBKKLumGBG8UAG8QbImvM3
iLQ5hxikfT1zhji98IUjU8HtsLwTeyFVuNmkXFOFx3bArFWwoZY9ezPHRd0x72am
a5gJ4xy0lLxQm5fZYdpvhpQ/eOl56VM2s23DfWhbdOxt1oa0GjzyTj3ovTBTclsz
S6lDKMA1C44m9GoMEZxsaxmZjZo+ZYIbyr+OlTbosZ1mTG6p2eq8w8tw96pX00hn
1TwVeI+ozChgPpK/hNSUW7WI/YNKxWkBO0NKbLDSJ7zSEI3SEHF/S7EjOjE6VbjZ
M23S2m9HR9ZujjJxh8V6CzMYHCREMXRrgOZwJKTYdX0qT3LEMupMgX+BPw5w35e/
YVSumyeIbbhbltjUPKu6+rMp3FFwrzYRIDGg5n6VVxWKzawQyLJnjmvjqc2cqUJQ
0GELZzEiP3SQ6B2YvUslccmFrptvPFRMG2dyoocx/lBMhfkJKbF7FQcu/zRXuMH8
lb1qvYQYtuK88W6NFLEpoyt60UgxbfesTAHvlb6PxvYpWK1ajWJpddtKOrnE/Kt/
UmnkQ6pOrbE37p6i/vwshrWubSkwUajtdkqL119XC50L0jqMfw4=
=URiY
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 12 Dec 2018 02:08
Re: [bug#33701] [PATCH staging 04/23] gnu: poppler: Update to 0.72.0.
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 33701@debbugs.gnu.org)
20181212010855.GC5512@jasmine.lan
On Tue, Dec 11, 2018 at 02:13:57AM +0100, Marius Bakke wrote:
Toggle quote (5 lines)
> * gnu/packages/scribus.scm (scribus)[source](patches): Add upstream patch origins.
> [source](modules, snippet): New fields.
> * gnu/packages/libreoffice.scm (libreoffice)[source](patches): Add three
> upstream origins.

Can you add some brief comments explaining the purpose of these patches?
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlwQX6cACgkQJkb6MLrK
fwiFAQ//dCujWnq5ahlDb4kwsij4Talieg4B/jZrLs6mdFmHJdOQSgyrVlUPOjUw
ZSAp54DsyLRG44RyUKkPNP7XZebjyoVbKSPCc+CRWlVoHxJTytAWoTi3zI4bNhZN
lFhZWdG/jI2GVTJ4fjcpoKpQ7CG9WOzL+OsjBX6BVEKUCYz2Kid7UxMH/+M7Vkft
CwW3H7Enk14oS6oJ22Z2Kg/58flDwgLngD1v6QEcY6oYsQwyyPM5Vln1aTcsOAro
ScYr9Toyfea38x47ZziUx8GVVLe6nOsKz87+0PCAuwJlUb+juRzoSQEQ8rw817/x
YkNLdlx6fIKnSCARDgIWIruO2vllplal7Yzr75Sr3jS+u6Uh8sG2jZ8f3TVA/4TD
ismTZyJPFb0BDBk50EPZ+kr8sbdQuRMd0z7BoK8CdjmoEwrkbplqmPcY0+KiJRlf
EYAdJqpOclQcBystJqga21Np98UT0Vmf6NDdLyw878jlrv0Y6zvyKIRP1QrAShj3
2lAkZ3UkLFpdTcaJnHH7FRpAwcclqpyjqFRrPXgvhrc7uqK9cjuBvzv+K0J8ozH1
Np8XBGuRDfFCb9CTaUeAMTQXdC8+XPufcfqipfxux2BT6QaBaF1rVUdAUoTJ/HuP
k1k3vn6XUhkkL9rVGsfFHxYSz65H7Ygks1uXsH9eRx/jKucA4ko=
=RZew
-----END PGP SIGNATURE-----


M
M
Marius Bakke wrote on 12 Dec 2018 21:57
Re: [bug#33701] [PATCH staging 00/23] Glib/GTK+ updates
(name . Leo Famulari)(address . leo@famulari.name)(address . 33701-done@debbugs.gnu.org)
87lg4ubgzn.fsf@fastmail.com
Leo Famulari <leo@famulari.name> writes:
Toggle quote (12 lines)
>>
>> The ugly:
>> * 37 files changed, 1225 insertions(+), 996 deletions(-)
>> * Total rebuild count for staging is around 4700 packages.
>>
>> WDYT?
>
> It seems like a lot, but it's probably not higher than previous staging
> branches, right? I have an intuitive sense of how quickly Hydra could
> build this, but not for Cuirass on <berlin.guixsd.org>. Does it seem
> reasonable to you?

I don't have a feeling for Berlin either, but its x86 build farm is
vastly larger than Hydra. I think they can both handle ~5k * Arches
package builds within a few weeks (modulo regressions).

For x86_64, I expect Berlin to be done within a few days!

I've pushed the series with additional Poppler comments, as well as a
few new package updates. Thanks for checking!
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlwRdj0ACgkQoqBt8qM6
VPqwtggAxJAF/OcGi7TCdHaS6tLQBluLHRDk/4iSIDvudwoZA2+QLs4Dyg5Bq0Br
atJipSvKCCJmmfU4xWFL3hCoPDRh0snk0upwRlAAa244r5e6k6/J3ZuO7NDuCEOb
uI+iThX2OdIFOvDNumiFLgF+2MxOUQNYZfzqNxBtL1KqyvA5TWins2+mcSWgOsgV
UjPOYOV8mXVj+A7Cs7B8mqC8sxcNaa1Z6fWEvomqvJkZEvv4TlESFJsXHbIoqXTz
Cz2WpDanruyy/KckCcvYQTG92BIhhHCzEh/8YrjqzKcFipuvzsk2ghPdCw8mbZHP
k5kllYbPUK++DjuGbiLqw9RqRwvl8w==
=ObrE
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 33701@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 33701
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch