mirror/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2025-02-08 03:59:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into staging

Browse source
This commit is contained in:
Marius Bakke 2019-10-23 20:48:55 +02:00
commit 4c1918db34
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
51 changed files with 4617 additions and 1129 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile.am
View file

@ -564,7 +564,7 @@ EXTRA_DIST += \
tests/test.drv \
tests/signing-key.pub \
tests/signing-key.sec \
tests/cve-sample.xml \
tests/cve-sample.json \
build-aux/config.rpath \
bootstrap \
doc/build.scm \

51
doc/build.scm
View file

@ -51,6 +51,12 @@
(define info-manual
(@@ (guix self) info-manual))
(define %manual
;; The manual to build--i.e., the base name of a .texi file, such as "guix"
;; or "guix-cookbook".
(or (getenv "GUIX_MANUAL")
"guix"))
(define %languages
'("de" "en" "es" "fr" "ru" "zh_CN"))
@ -164,7 +170,9 @@ as well as images, OS examples, and translations."
(define %makeinfo-html-options
;; Options passed to 'makeinfo --html'.
'("--css-ref=https://www.gnu.org/software/gnulib/manual.css"))
'("--css-ref=https://www.gnu.org/software/gnulib/manual.css"
"-c" "EXTRA_HEAD=<meta name=\"viewport\" \
content=\"width=device-width, initial-scale=1\" />"))
(define guile-lib/htmlprag-fixed
;; Guile-Lib with a hotfix for (htmlprag).
@ -359,7 +367,7 @@ its <pre class=\"lisp\"> blocks (as produced by 'makeinfo --html')."
(define* (html-manual source #:key (languages %languages)
(version "0.0")
(manual "guix")
(manual %manual)
(date 1)
(options %makeinfo-html-options))
"Return the HTML manuals built from SOURCE for all LANGUAGES, with the given
@ -386,6 +394,13 @@ makeinfo OPTIONS."
(chr chr))
(string-downcase language)))
(define (language->texi-file-name language)
(if (string=? language "en")
(string-append #$manual-source "/"
#$manual ".texi")
(string-append #$manual-source "/"
#$manual "." language ".texi")))
;; Install a UTF-8 locale so that 'makeinfo' is at ease.
(setenv "GUIX_LOCPATH"
#+(file-append glibc-utf8-locales "/lib/locale"))
@ -395,15 +410,12 @@ makeinfo OPTIONS."
(setvbuf (current-error-port) 'line)
(for-each (lambda (language)
(let ((opts `("--html"
"-c" ,(string-append "TOP_NODE_UP_URL=/manual/"
(let* ((texi (language->texi-file-name language))
(opts `("--html"
"-c" ,(string-append "TOP_NODE_UP_URL=/manual/"
language)
#$@options
,(if (string=? language "en")
(string-append #$manual-source "/"
#$manual ".texi")
(string-append #$manual-source "/"
#$manual "." language ".texi")))))
#$@options
,texi)))
(format #t "building HTML manual for language '~a'...~%"
language)
(mkdir-p (string-append #$output "/"
@ -433,7 +445,8 @@ makeinfo OPTIONS."
(symlink #$images
(string-append #$output "/" (normalize language)
"/html_node/images"))))
'#$languages))))
(filter (compose file-exists? language->texi-file-name)
'#$languages)))))
(let* ((name (string-append manual "-html-manual"))
(manual (computed-file name build)))
@ -442,7 +455,7 @@ makeinfo OPTIONS."
(define* (pdf-manual source #:key (languages %languages)
(version "0.0")
(manual "guix")
(manual %manual)
(date 1)
(options '()))
"Return the HTML manuals built from SOURCE for all LANGUAGES, with the given
@ -570,7 +583,10 @@ from SOURCE."
(define* (html-manual-indexes source
#:key (languages %languages)
(version "0.0")
(manual "guix")
(manual %manual)
(title (if (string=? "guix" manual)
"GNU Guix Reference Manual"
"GNU Guix Cookbook"))
(date 1))
(define build
(with-extensions (list guile-json-3)
@ -674,7 +690,7 @@ from SOURCE."
(define (language-index language)
(define title
(translate "GNU Guix Reference Manual" language))
(translate #$title language))
(sxml-index
language title
@ -732,8 +748,7 @@ from SOURCE."
%iso639-languages)))
(define (top-level-index languages)
(define title
"GNU Guix Reference Manual")
(define title #$title)
(sxml-index
"en" title
`(main
@ -741,7 +756,7 @@ from SOURCE."
(@ (class "page centered-block limit-width"))
(h2 ,title)
(div
"The GNU Guix Reference Manual is available in the following
"This document is available in the following
languages:\n"
(ul
,@(map (lambda (language)
@ -782,7 +797,7 @@ languages:\n"
#:key (languages %languages)
(version "0.0")
(date (time-second (current-time time-utc)))
(manual "guix"))
(manual %manual))
"Return the union of the HTML and PDF manuals, as well as the indexes."
(directory-union (string-append manual "-manual")
(map (lambda (proc)

77
doc/guix.texi
View file

@ -9484,7 +9484,7 @@ that limit has been reset.
@cindex CVE, Common Vulnerabilities and Exposures
Report known vulnerabilities found in the Common Vulnerabilities and
Exposures (CVE) databases of the current and past year
@uref{https://nvd.nist.gov/download.cfm#CVE_FEED, published by the US
@uref{https://nvd.nist.gov/vuln/data-feeds, published by the US
NIST}.
To view information about a particular vulnerability, visit pages such as:
@ -9501,7 +9501,7 @@ where @code{CVE-YYYY-ABCD} is the CVE identifier---e.g.,
@code{CVE-2015-7554}.
Package developers can specify in package recipes the
@uref{https://nvd.nist.gov/cpe.cfm,Common Platform Enumeration (CPE)}
@uref{https://nvd.nist.gov/products/cpe,Common Platform Enumeration (CPE)}
name and version of the package when they differ from the name or version
that Guix uses, as in this example:
@ -14193,16 +14193,43 @@ Relogin after logout.
@cindex login manager
@cindex X11 login
@deffn {Scheme Procedure} sddm-service config
Return a service that spawns the SDDM graphical login manager for config of
type @code{<sddm-configuration>}.
@defvr {Scheme Variable} sddm-service-type
This is the type of the service to run the
@uref{https://github.com/sddm/sddm,SSDM display manager}. Its value
must be a @code{sddm-configuration} record (see below).
@example
(sddm-service (sddm-configuration
(auto-login-user "Alice")
(auto-login-session "xfce.desktop")))
@end example
@end deffn
Here's an example use:
@lisp
(service sddm-service-type
(sddm-configuration
(auto-login-user "alice")
(auto-login-session "xfce.desktop")))
@end lisp
@end defvr
@deftp {Data Type} sddm-configuration
This data type represents the configuration of the SDDM login manager.
The available fields are:
@table @asis
@item @code{sddm} (default: @code{sddm})
The SDDM package to use.
@item @code{display-server} (default: @code{"x11"})
This must be either @code{"x11"} or @code{"wayland"}.
@c FIXME: Add more fields.
@item @code{auto-login-user} (default: @code{""})
If non-empty, this is the user account under which to log in
automatically.
@item @code{auto-login-session} (default: @code{""})
If non-empty, this is the @file{.desktop} file name to use as the
auto-login session.
@end table
@end deftp
@cindex Xorg, configuration
@deftp {Data Type} xorg-configuration
@ -24546,6 +24573,10 @@ The type of device to connect to. Run @command{inputattach --help}, from the
@item @code{device} (default: @code{"/dev/ttyS0"})
The device file to connect to the device.
@item @code{baud-rate} (default: @code{#f})
Baud rate to use for the serial connection.
Should be a number or @code{#f}.
@item @code{log-file} (default: @code{#f})
If true, this must be the name of a file to log messages to.
@end table
@ -25973,12 +26004,10 @@ The object of the operating system configuration to deploy.
@item @code{environment}
An @code{environment-type} describing how the machine should be provisioned.
At the moment, the only supported value is
@code{managed-host-environment-type}.
@item @code{configuration} (default: @code{#f})
An object describing the configuration for the machine's @code{environment}.
If the @code{environment} has a default configuration, @code{#f} maybe used.
If the @code{environment} has a default configuration, @code{#f} may be used.
If @code{#f} is used for an environment with no default configuration,
however, an error will be thrown.
@end table
@ -26006,6 +26035,26 @@ remote host.
@end table
@end deftp
@deftp {Data Type} digital-ocean-configuration
This is the data type describing the Droplet that should be created for a
machine with an @code{environment} of @code{digital-ocean-environment-type}.
@table @asis
@item @code{ssh-key}
The path to the SSH private key to use to authenticate with the remote
host. In the future, this field may not exist.
@item @code{tags}
A list of string ``tags'' that uniquely identify the machine. Must be given
such that no two machines in the deployment have the same set of tags.
@item @code{region}
A Digital Ocean region slug, such as @code{"nyc3"}.
@item @code{size}
A Digital Ocean size slug, such as @code{"s-1vcpu-1gb"}
@item @code{enable-ipv6?}
Whether or not the droplet should be created with IPv6 networking.
@end table
@end deftp
@node Running Guix in a VM
@section Running Guix in a Virtual Machine

6
gnu/local.mk
View file

@ -425,6 +425,7 @@ GNU_SYSTEM_MODULES = \
%D%/packages/ruby.scm \
%D%/packages/rush.scm \
%D%/packages/rust.scm \
%D%/packages/rust-cbindgen.scm \
%D%/packages/samba.scm \
%D%/packages/sagemath.scm \
%D%/packages/sawfish.scm \
@ -580,6 +581,7 @@ GNU_SYSTEM_MODULES = \
%D%/system/vm.scm \
\
%D%/machine.scm \
%D%/machine/digital-ocean.scm \
%D%/machine/ssh.scm \
\
%D%/build/accounts.scm \
@ -704,6 +706,7 @@ dist_patch_DATA = \
%D%/packages/patches/ath9k-htc-firmware-objcopy.patch \
%D%/packages/patches/audacity-build-with-system-portaudio.patch \
%D%/packages/patches/automake-skip-amhello-tests.patch \
%D%/packages/patches/avahi-CVE-2018-1000845.patch \
%D%/packages/patches/avahi-localstatedir.patch \
%D%/packages/patches/avogadro-boost148.patch \
%D%/packages/patches/avogadro-eigen3-update.patch \
@ -1321,12 +1324,14 @@ dist_patch_DATA = \
%D%/packages/patches/rust-coresimd-doctest.patch \
%D%/packages/patches/rust-reproducible-builds.patch \
%D%/packages/patches/rxvt-unicode-escape-sequences.patch \
%D%/packages/patches/sbcl-graph-asdf-definitions.patch \
%D%/packages/patches/scalapack-blacs-mpi-deprecations.patch \
%D%/packages/patches/scheme48-tests.patch \
%D%/packages/patches/scotch-build-parallelism.patch \
%D%/packages/patches/scotch-integer-declarations.patch \
%D%/packages/patches/sdl-libx11-1.6.patch \
%D%/packages/patches/sdl2-mesa-compat.patch \
%D%/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch \
%D%/packages/patches/seq24-rename-mutex.patch \
%D%/packages/patches/sharutils-CVE-2018-1000097.patch \
%D%/packages/patches/shishi-fix-libgcrypt-detection.patch \
@ -1419,6 +1424,7 @@ dist_patch_DATA = \
%D%/packages/patches/wavpack-CVE-2018-6767.patch \
%D%/packages/patches/wavpack-CVE-2018-7253.patch \
%D%/packages/patches/wavpack-CVE-2018-7254.patch \
%D%/packages/patches/weasyprint-library-paths.patch \
%D%/packages/patches/wicd-bitrate-none-fix.patch \
%D%/packages/patches/wicd-get-selected-profile-fix.patch \
%D%/packages/patches/wicd-urwid-1.3.patch \

422
gnu/machine/digital-ocean.scm Normal file
View file

@ -0,0 +1,422 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Jakob L. Kreuze <zerodaysfordays@sdf.lonestar.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu machine digital-ocean)
#:use-module (gnu machine ssh)
#:use-module (gnu machine)
#:use-module (gnu services)
#:use-module (gnu services networking)
#:use-module (gnu system)
#:use-module (gnu system pam)
#:use-module (guix base32)
#:use-module (guix derivations)
#:use-module (guix i18n)
#:use-module (guix import json)
#:use-module (guix monads)
#:use-module (guix records)
#:use-module (guix ssh)
#:use-module (guix store)
#:use-module (ice-9 iconv)
#:use-module (json)
#:use-module (rnrs bytevectors)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-2)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (ssh key)
#:use-module (ssh sftp)
#:use-module (ssh shell)
#:use-module (web client)
#:use-module (web request)
#:use-module (web response)
#:use-module (web uri)
#:export (digital-ocean-configuration
digital-ocean-configuration?
digital-ocean-configuration-ssh-key
digital-ocean-configuration-tags
digital-ocean-configuration-region
digital-ocean-configuration-size
digital-ocean-configuration-enable-ipv6?
digital-ocean-environment-type))
;;; Commentary:
;;;
;;; This module implements a high-level interface for provisioning "droplets"
;;; from the Digital Ocean virtual private server (VPS) service.
;;;
;;; Code:
(define %api-base "https://api.digitalocean.com")
(define %digital-ocean-token
(make-parameter (getenv "GUIX_DIGITAL_OCEAN_TOKEN")))
(define* (post-endpoint endpoint body)
"Encode BODY as JSON and send it to the Digital Ocean API endpoint
ENDPOINT. This procedure is quite a bit more specialized than 'http-post', as
it takes care to set headers such as 'Content-Type', 'Content-Length', and
'Authorization' appropriately."
(let* ((uri (string->uri (string-append %api-base endpoint)))
(body (string->bytevector (scm->json-string body) "UTF-8"))
(headers `((User-Agent . "Guix Deploy")
(Accept . "application/json")
(Content-Type . "application/json")
(Authorization . ,(format #f "Bearer ~a"
(%digital-ocean-token)))
(Content-Length . ,(number->string
(bytevector-length body)))))
(port (open-socket-for-uri uri))
(request (build-request uri
#:method 'POST
#:version '(1 . 1)
#:headers headers
#:port port))
(request (write-request request port)))
(write-request-body request body)
(force-output (request-port request))
(let* ((response (read-response port))
(body (read-response-body response)))
(unless (= 2 (floor/ (response-code response) 100))
(raise
(condition (&message
(message (format
#f
(G_ "~a: HTTP post failed: ~a (~s)")
(uri->string uri)
(response-code response)
(response-reason-phrase response)))))))
(close-port port)
(bytevector->string body "UTF-8"))))
(define (fetch-endpoint endpoint)
"Return the contents of the Digital Ocean API endpoint ENDPOINT as an
alist. This procedure is quite a bit more specialized than 'json-fetch', as it
takes care to set headers such as 'Accept' and 'Authorization' appropriately."
(define headers
`((user-agent . "Guix Deploy")
(Accept . "application/json")
(Authorization . ,(format #f "Bearer ~a" (%digital-ocean-token)))))
(json-fetch (string-append %api-base endpoint) #:headers headers))
;;;
;;; Parameters for droplet creation.
;;;
(define-record-type* <digital-ocean-configuration> digital-ocean-configuration
make-digital-ocean-configuration
digital-ocean-configuration?
this-digital-ocean-configuration
(ssh-key digital-ocean-configuration-ssh-key) ; string
(tags digital-ocean-configuration-tags) ; list of strings
(region digital-ocean-configuration-region) ; string
(size digital-ocean-configuration-size) ; string
(enable-ipv6? digital-ocean-configuration-enable-ipv6?)) ; boolean
(define (read-key-fingerprint file-name)
"Read the private key at FILE-NAME and return the key's fingerprint as a hex
string."
(let* ((privkey (private-key-from-file file-name))
(pubkey (private-key->public-key privkey))
(hash (get-public-key-hash pubkey 'md5)))
(bytevector->hex-string hash)))
(define (machine-droplet machine)
"Return an alist describing the droplet allocated to MACHINE."
(let ((tags (digital-ocean-configuration-tags
(machine-configuration machine))))
(find (lambda (droplet)
(equal? (assoc-ref droplet "tags") (list->vector tags)))
(vector->list
(assoc-ref (fetch-endpoint "/v2/droplets") "droplets")))))
(define (machine-public-ipv4-network machine)
"Return the public IPv4 network interface of the droplet allocated to
MACHINE as an alist. The expected fields are 'ip_address', 'netmask', and
'gateway'."
(and-let* ((droplet (machine-droplet machine))
(networks (assoc-ref droplet "networks"))
(network (find (lambda (network)
(string= "public" (assoc-ref network "type")))
(vector->list (assoc-ref networks "v4")))))
network))
;;;
;;; Remote evaluation.
;;;
(define (digital-ocean-remote-eval target exp)
"Internal implementation of 'machine-remote-eval' for MACHINE instances with
an environment type of 'digital-ocean-environment-type'."
(let* ((network (machine-public-ipv4-network target))
(address (assoc-ref network "ip_address"))
(ssh-key (digital-ocean-configuration-ssh-key
(machine-configuration target)))
(delegate (machine
(inherit target)
(environment managed-host-environment-type)
(configuration
(machine-ssh-configuration
(host-name address)
(identity ssh-key)
(system "x86_64-linux"))))))
(machine-remote-eval delegate exp)))
;;;
;;; System deployment.
;;;
;; The following script was adapted from the guide available at
;; <https://wiki.pantherx.org/Installation-digital-ocean/>.
(define (guix-infect network)
"Given NETWORK, an alist describing the Droplet's public IPv4 network
interface, return a Bash script that will install the Guix system."
(format #f "#!/bin/bash
apt-get update
apt-get install xz-utils -y
wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz
cd /tmp
tar --warning=no-timestamp -xf ~~/guix-binary-1.0.1.x86_64-linux.tar.xz
mv var/guix /var/ && mv gnu /
mkdir -p ~~root/.config/guix
ln -sf /var/guix/profiles/per-user/root/current-guix ~~root/.config/guix/current
export GUIX_PROFILE=\"`echo ~~root`/.config/guix/current\" ;
source $GUIX_PROFILE/etc/profile
groupadd --system guixbuild
for i in `seq -w 1 10`; do
useradd -g guixbuild -G guixbuild \
-d /var/empty -s `which nologin` \
-c \"Guix build user $i\" --system \
guixbuilder$i;
done;
cp ~~root/.config/guix/current/lib/systemd/system/guix-daemon.service /etc/systemd/system/
systemctl start guix-daemon && systemctl enable guix-daemon
mkdir -p /usr/local/bin
cd /usr/local/bin
ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix
mkdir -p /usr/local/share/info
cd /usr/local/share/info
for i in /var/guix/profiles/per-user/root/current-guix/share/info/*; do
ln -s $i;
done
guix archive --authorize < ~~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub
# guix pull
guix package -i glibc-utf8-locales
export GUIX_LOCPATH=\"$HOME/.guix-profile/lib/locale\"
guix package -i openssl
cat > /etc/bootstrap-config.scm << EOF
(use-modules (gnu))
(use-service-modules networking ssh)
(operating-system
(host-name \"gnu-bootstrap\")
(timezone \"Etc/UTC\")
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target \"/dev/vda\")
(terminal-outputs '(console))))
(file-systems (cons (file-system
(mount-point \"/\")
(device \"/dev/vda1\")
(type \"ext4\"))
%base-file-systems))
(services
(append (list (static-networking-service \"eth0\" \"~a\"
#:netmask \"~a\"
#:gateway \"~a\"
#:name-servers '(\"84.200.69.80\" \"84.200.70.40\"))
(simple-service 'guile-load-path-in-global-env
session-environment-service-type
\\`((\"GUILE_LOAD_PATH\"
. \"/run/current-system/profile/share/guile/site/2.2\")
(\"GUILE_LOAD_COMPILED_PATH\"
. ,(string-append \"/run/current-system/profile/lib/guile/2.2/site-ccache:\"
\"/run/current-system/profile/share/guile/site/2.2\"))))
(service openssh-service-type
(openssh-configuration
(log-level 'debug)
(permit-root-login 'without-password))))
%base-services)))
EOF
# guix pull
guix system build /etc/bootstrap-config.scm
guix system reconfigure /etc/bootstrap-config.scm
mv /etc /old-etc
mkdir /etc
cp -r /old-etc/{passwd,group,shadow,gshadow,mtab,guix,bootstrap-config.scm} /etc/
guix system reconfigure /etc/bootstrap-config.scm"
(assoc-ref network "ip_address")
(assoc-ref network "netmask")
(assoc-ref network "gateway")))
(define (machine-wait-until-available machine)
"Block until the initial Debian image has been installed on the droplet
named DROPLET-NAME."
(and-let* ((droplet (machine-droplet machine))
(droplet-id (assoc-ref droplet "id"))
(endpoint (format #f "/v2/droplets/~a/actions" droplet-id)))
(let loop ()
(let ((actions (assoc-ref (fetch-endpoint endpoint) "actions")))
(unless (every (lambda (action)
(string= "completed" (assoc-ref action "status")))
(vector->list actions))
(sleep 5)
(loop))))))
(define (wait-for-ssh address ssh-key)
"Block until the an SSH session can be made as 'root' with SSH-KEY at ADDRESS."
(let loop ()
(catch #t
(lambda ()
(open-ssh-session address #:user "root" #:identity ssh-key))
(lambda args
(sleep 5)
(loop)))))
(define (add-static-networking target network)
"Return an <operating-system> based on TARGET with a static networking
configuration for the public IPv4 network described by the alist NETWORK."
(operating-system
(inherit (machine-operating-system target))
(services (cons* (static-networking-service "eth0"
(assoc-ref network "ip_address")
#:netmask (assoc-ref network "netmask")
#:gateway (assoc-ref network "gateway")
#:name-servers '("84.200.69.80" "84.200.70.40"))
(simple-service 'guile-load-path-in-global-env
session-environment-service-type
`(("GUILE_LOAD_PATH"
. "/run/current-system/profile/share/guile/site/2.2")
("GUILE_LOAD_COMPILED_PATH"
. ,(string-append "/run/current-system/profile/lib/guile/2.2/site-ccache:"
"/run/current-system/profile/share/guile/site/2.2"))))
(operating-system-user-services
(machine-operating-system target))))))
(define (deploy-digital-ocean target)
"Internal implementation of 'deploy-machine' for 'machine' instances with an
environment type of 'digital-ocean-environment-type'."
(maybe-raise-missing-api-key-error)
(maybe-raise-unsupported-configuration-error target)
(let* ((config (machine-configuration target))
(name (machine-display-name target))
(region (digital-ocean-configuration-region config))
(size (digital-ocean-configuration-size config))
(ssh-key (digital-ocean-configuration-ssh-key config))
(fingerprint (read-key-fingerprint ssh-key))
(enable-ipv6? (digital-ocean-configuration-enable-ipv6? config))
(tags (digital-ocean-configuration-tags config))
(request-body `(("name" . ,name)
("region" . ,region)
("size" . ,size)
("image" . "debian-9-x64")
("ssh_keys" . ,(vector fingerprint))
("backups" . #f)
("ipv6" . ,enable-ipv6?)
("user_data" . #nil)
("private_networking" . #nil)
("volumes" . #nil)
("tags" . ,(list->vector tags))))
(response (post-endpoint "/v2/droplets" request-body)))
(machine-wait-until-available target)
(let* ((network (machine-public-ipv4-network target))
(address (assoc-ref network "ip_address")))
(wait-for-ssh address ssh-key)
(let* ((ssh-session (open-ssh-session address #:user "root" #:identity ssh-key))
(sftp-session (make-sftp-session ssh-session)))
(call-with-remote-output-file sftp-session "/tmp/guix-infect.sh"
(lambda (port)
(display (guix-infect network) port)))
(rexec ssh-session "/bin/bash /tmp/guix-infect.sh")
;; Session will close upon rebooting, which will raise 'guile-ssh-error.
(catch 'guile-ssh-error
(lambda () (rexec ssh-session "reboot"))
(lambda args #t)))
(wait-for-ssh address ssh-key)
(let ((delegate (machine
(operating-system (add-static-networking target network))
(environment managed-host-environment-type)
(configuration
(machine-ssh-configuration
(host-name address)
(identity ssh-key)
(system "x86_64-linux"))))))
(deploy-machine delegate)))))
;;;
;;; Roll-back.
;;;
(define (roll-back-digital-ocean target)
"Internal implementation of 'roll-back-machine' for MACHINE instances with an
environment type of 'digital-ocean-environment-type'."
(let* ((network (machine-public-ipv4-network target))
(address (assoc-ref network "ip_address"))
(ssh-key (digital-ocean-configuration-ssh-key
(machine-configuration target)))
(delegate (machine
(inherit target)
(environment managed-host-environment-type)
(configuration
(machine-ssh-configuration
(host-name address)
(identity ssh-key)
(system "x86_64-linux"))))))
(roll-back-machine delegate)))
;;;
;;; Environment type.
;;;
(define digital-ocean-environment-type
(environment-type
(machine-remote-eval digital-ocean-remote-eval)
(deploy-machine deploy-digital-ocean)
(roll-back-machine roll-back-digital-ocean)
(name 'digital-ocean-environment-type)
(description "Provisioning of \"droplets\": virtual machines
provided by the Digital Ocean virtual private server (VPS) service.")))
(define (maybe-raise-missing-api-key-error)
(unless (%digital-ocean-token)
(raise (condition
(&message
(message (G_ "No Digital Ocean access token was provided. This \
may be fixed by setting the environment variable GUIX_DIGITAL_OCAEN_TOKEN to \
one procured from https://cloud.digitalocean.com/account/api/tokens.")))))))
(define (maybe-raise-unsupported-configuration-error machine)
"Raise an error if MACHINE's configuration is not an instance of
<digital-ocean-configuration>."
(let ((config (machine-configuration machine))
(environment (environment-type-name (machine-environment machine))))
(unless (and config (digital-ocean-configuration? config))
(raise (condition
(&message
(message (format #f (G_ "unsupported machine configuration '~a'
for environment of type '~a'")
config
environment))))))))

4
gnu/packages/assembly.scm
View file

@ -99,6 +99,10 @@ has strong support for macros.")
(base32
"0gv0slmm0qpq91za3v2v9glff3il594x5xsrbgab7xcmnh0ndkix"))))
(build-system gnu-build-system)
(arguments
'(#:parallel-tests? #f)) ; Some tests fail
; non-deterministically when run in
; parallel
(inputs
`(("python" ,python-wrapper)
("xmlto" ,xmlto)))

12
gnu/packages/avahi.scm
View file

@ -35,6 +35,7 @@
(package
(name "avahi")
(version "0.7")
(replacement avahi/fixed)
(home-page "http://avahi.org")
(source (origin
(method url-fetch)
@ -74,6 +75,17 @@ network. It is an implementation of the mDNS (for \"Multicast DNS\") and
DNS-SD (for \"DNS-Based Service Discovery\") protocols.")
(license lgpl2.1+)))
(define avahi/fixed
(package
(inherit avahi)
(source (origin
(inherit (package-source avahi))
(patches
(append (search-patches "avahi-CVE-2018-1000845.patch")
(origin-patches (package-source avahi))))))
;; Hide a duplicate of the CVE fixed above.
(properties `((lint-hidden-cve . ("CVE-2017-6519"))))))
(define-public nss-mdns
(package
(name "nss-mdns")

1
gnu/packages/backup.scm
View file

@ -14,7 +14,6 @@
;;; Copyright © 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2019 Alex Vong <alexvong1995@gmail.com>
;;; Copyright © 2019 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;

4
gnu/packages/bioconductor.scm
View file

@ -4568,14 +4568,14 @@ based on @dfn{Continuous Wavelet Transform} (CWT).")
(define-public r-xcms
(package
(name "r-xcms")
(version "3.6.1")
(version "3.6.2")
(source
(origin
(method url-fetch)
(uri (bioconductor-uri "xcms" version))
(sha256
(base32
"06vhqvvzlkc5bslswagrapmn5ag3x84xg9gxk0fhlmgwapqwki1g"))))
"0icww3f1kahyk96mc07yhsbyiranzm2614n509as09jf8bdhq23v"))))
(build-system r-build-system)
(propagated-inputs
`(("r-biobase" ,r-biobase)

6
gnu/packages/ci.scm
View file

@ -47,8 +47,8 @@
#:use-module (guix build-system gnu))
(define-public cuirass
(let ((commit "d27ff21e430cd38b02bd70a0dc8d60c9c2736f83")
(revision "24"))
(let ((commit "80b6e89a7b2e9a6f9dee26dcf22277970930039f")
(revision "25"))
(package
(name "cuirass")
(version (string-append "0.0.1-" revision "." (string-take commit 7)))
@ -60,7 +60,7 @@
(file-name (string-append name "-" version))
(sha256
(base32
"166xl9zfy7dm645fk2ln45bvw0y0gy0xw8fb7mprbjz8v95dh27p"))))
"0m7g7wqa1l8gab8pcyi43a6w6rxhaqbpsrwlnadwsds1b95x9bka"))))
(build-system gnu-build-system)
(arguments
'(#:modules ((guix build utils)

37
gnu/packages/cpp.scm
View file

@ -4,6 +4,7 @@
;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
;;; Copyright © 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
;;;
;;; This file is part of GNU Guix.
;;;
@ -33,6 +34,7 @@
#:use-module (gnu packages code)
#:use-module (gnu packages compression)
#:use-module (gnu packages llvm)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages tls)
#:use-module (gnu packages web))
@ -313,3 +315,38 @@ code analysis and supports cross references, hierarchies, completion and
syntax highlighting. @code{ccls} is derived from @code{cquery} which is not
maintained anymore.")
(license license:asl2.0)))
(define-public gperftools
(package
(name "gperftools")
(version "2.7")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/gperftools/gperftools")
(commit (string-append "gperftools-" version))))
(sha256
(base32 "0amvwrzn5qc0b0jpxpy5g6zkmj97zjh4hhjrd130hsg2lwwcwhy1"))
(file-name (git-file-name name version))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)
("automake" ,automake)
("libtool" ,libtool)
;; For tests:
("perl" ,perl)))
(home-page "https://github.com/gperftools/gperftools")
(synopsis "Multi-threaded malloc() and performance analysis tools for C++")
(description
"@code{gperftools} is a collection of a high-performance multi-threaded
malloc() implementation plus some thread-friendly performance analysis
tools:
@itemize
@item tcmalloc,
@item heap profiler,
@item heap checker,
@item CPU checker.
@end itemize\n")
(license license:bsd-3)))

12
gnu/packages/cran.scm
View file

@ -3089,14 +3089,13 @@ color labels, layout, etc.")
(define-public r-stringdist
(package
(name "r-stringdist")
(version "0.9.5.3")
(version "0.9.5.5")
(source
(origin
(method url-fetch)
(uri (cran-uri "stringdist" version))
(sha256
(base32
"1vbhn6qwj3bzplhq06bw1yqqq1qpf1zinnj27cr7pf1nqsbyx2nq"))))
(base32 "1dqfakclzaf878x7mhwmqrcpcql2h9cv19fz5f3ygpajf3si5kqi"))))
(build-system r-build-system)
(home-page "https://github.com/markvanderloo/stringdist")
(synopsis "Approximate string matching and string distance functions")
@ -8728,21 +8727,20 @@ and related methods.")
(define-public r-rcppgsl
(package
(name "r-rcppgsl")
(version "0.3.6")
(version "0.3.7")
(source
(origin
(method url-fetch)
(uri (cran-uri "RcppGSL" version))
(sha256
(base32
"16pdapq31729db53agnb48jkvdm97167n3bigy5zazc3q3isis1m"))))
(base32 "0cnw2k7cfqrm79r6j283aybflxig80x4n4rjkfp2317wf10mrsa5"))))
(properties `((upstream-name . "RcppGSL")))
(build-system r-build-system)
(propagated-inputs
`(("r-rcpp" ,r-rcpp)
("gsl" ,gsl)))
(native-inputs
`(("r-knitr" ,r-knitr))) ; for vignettes
`(("r-knitr" ,r-knitr))) ; for vignettes
(home-page "https://cran.r-project.org/web/packages/RcppGSL/")
(synopsis "Rcpp integration for GSL vectors and matrices")
(description

13
gnu/packages/cross-base.scm
View file

@ -454,7 +454,9 @@ target that libc."
"Return LIBC cross-built for TARGET, a GNU triplet. Use XGCC and XBINUTILS
and the cross tool chain."
(if (cross-newlib? target libc)
(native-libc target libc)
(native-libc target libc
#:xgcc xgcc
#:xbinutils xbinutils)
(let ((libc libc))
(package (inherit libc)
(name (string-append "glibc-cross-" target))
@ -511,10 +513,15 @@ and the cross tool chain."
(define* (native-libc target
#:optional
(libc glibc))
(libc glibc)
#:key
xgcc
xbinutils)
(if (target-mingw? target)
(let ((machine (substring target 0 (string-index target #\-))))
(make-mingw-w64 machine))
(make-mingw-w64 machine
#:xgcc xgcc
#:xbinutils xbinutils))
libc))
(define* (cross-newlib? target

73
gnu/packages/databases.scm
View file

@ -216,6 +216,68 @@ standard Go idioms.")
(home-page "http://labix.org/mgo")
(license license:bsd-2)))
(define-public ephemeralpg
(package
(name "ephemeralpg")
(version "2.8")
(source
(origin
(method url-fetch)
(uri (string-append
"http://eradman.com/ephemeralpg/code/ephemeralpg-"
version ".tar.gz"))
(sha256
(base32 "1dpfxsd8a52psx3zlfbqkw53m35w28qwyb87a8anz143x6gnkkr4"))))
(build-system gnu-build-system)
(arguments
'(#:make-flags (list "CC=gcc"
(string-append "PREFIX=" %output))
#:phases
(modify-phases %standard-phases
(delete 'configure)
(replace 'check
(lambda* (#:key inputs #:allow-other-keys)
;; The intention for one test is to test without PostgreSQL on
;; the $PATH, so replace the test $PATH with just the util-linux
;; bin, which contains getopt. It will hopefully be possible to
;; remove this for releases after 2.8.
(substitute* "test.rb"
(("/bin:/usr/bin")
(string-append (assoc-ref inputs "util-linux")
"/bin")))
;; Set the LC_ALL=C as some tests use sort, and the locale
;; affects the order. It will hopefully be possible to remove
;; this for releases after 2.8.
(setenv "LC_ALL" "C")
(invoke "ruby" "test.rb")
#t))
(add-after 'install 'wrap
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
(wrap-program (string-append out "/bin/pg_tmp")
`("PATH" ":" prefix
(,(string-append (assoc-ref inputs "util-linux")
"/bin")
,(string-append (assoc-ref inputs "postgresql")
"/bin")
;; For getsocket
,(string-append out "/bin")))))
#t)))))
(inputs
`(("postgresql" ,postgresql)
("util-linux" ,util-linux)))
(native-inputs
`(("ruby" ,ruby)))
(home-page "http://eradman.com/ephemeralpg/")
(synopsis "Run temporary PostgreSQL databases")
(description
"@code{pg_tmp} creates temporary PostgreSQL databases, suitable for tasks
like running software test suites. Temporary databases created with
@code{pg_tmp} have a limited shared memory footprint and are automatically
garbage-collected after a configurable number of seconds (the default is
60).")
(license license:isc)))
(define-public es-dump-restore
(package
(name "es-dump-restore")
@ -436,7 +498,7 @@ replacement for the code@{python-memcached} library.")
(search-patch "mongodb-support-unknown-linux-distributions.patch")))))
(build-system scons-build-system)
(inputs
`(("openssl" ,openssl)
`(("openssl" ,openssl-1.0)
("pcre" ,pcre)
,@(match (%current-system)
((or "x86_64-linux" "aarch64-linux" "mips64el-linux")
@ -476,6 +538,15 @@ replacement for the code@{python-memcached} library.")
,(format #f "--jobs=~a" (parallel-job-count))
"--ssl")))
(modify-phases %standard-phases
(add-after 'unpack 'patch
(lambda _
;; Remove use of GNU extensions in parse_number_test.cpp, to
;; allow compiling with GCC 7 or later
;; https://jira.mongodb.org/browse/SERVER-28063
(substitute* "src/mongo/base/parse_number_test.cpp"
(("0xabcab\\.defdefP-10")
"687.16784283419838"))
#t))
(add-after 'unpack 'scons-propagate-environment
(lambda _
;; Modify the SConstruct file to arrange for

163
gnu/packages/emacs-xyz.scm
View file

@ -7541,6 +7541,31 @@ end of a line and increment or decrement it.")
a popup window for previewing candidates.")
(license license:gpl3+))))
(define-public emacs-evil-args
(let ((commit "758ad5ae54ad34202064fec192c88151c08cb387")
(revision "1"))
(package
(name "emacs-evil-args")
(version (git-version "1.0" revision commit))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/wcsmith/evil-args.git")
(commit commit)))
(file-name (git-file-name name version))
(sha256
(base32
"0k35glgsirc3cph8v5hhjrqfh4ndwh8a28qbr03y3jl8s453xcj7"))))
(build-system emacs-build-system)
(propagated-inputs `(("emacs-evil" ,emacs-evil)))
(home-page "https://github.com/wcsmith/evil-args")
(synopsis "Motions and text objects for delimited arguments in Evil")
(description
"This package provides motions and text objects for delimited
arguments, such as arguments separated by commas and semicolons.")
(license license:expat))))
(define-public emacs-evil-exchange
(let ((commit "47691537815150715e64e6f6ec79be7746c96120")
(version "0.41")
@ -11602,6 +11627,34 @@ close, copy, cut, paste, undo, redo.")
standard Unix password manager\").")
(license license:gpl2+)))
(define-public emacs-auth-source-pass
(let ((commit "847a1f54ed48856b4dfaaa184583ef2c84173edf")
(revision "1"))
(package
(name "emacs-auth-source-pass")
(version (git-version "5.0.0" revision commit))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/NicolasPetton/auth-password-store.git")
(commit commit)))
(file-name (git-file-name name version))
(sha256
(base32 "0g48z5w6n3c54zqfpx65dfyl9jqbl15idvbb1hhw2pd9f9r8fykk"))))
(build-system emacs-build-system)
(arguments
`(#:tests? #t
#:test-command '("emacs" "--batch"
"-L" "."
"-l" "test/auth-source-pass-tests.el"
"-f" "ert-run-tests-batch-and-exit")))
(home-page "https://github.com/NicolasPetton/auth-password-store")
(synopsis "Integrate @code{auth-source} with @code{password-store}")
(description "This package helps Emacs integrate with the Unix
@code{password-store} application.")
(license license:gpl3+))))
(define-public emacs-pass
(package
(name "emacs-pass")
@ -12195,50 +12248,48 @@ according to a parsing expression grammar.")
(license license:gpl3+)))
(define-public emacs-org-ql
(let ((commit "949a06c3ab50482b749fd2d4350837a197660d96")
(revision "3"))
(package
(name "emacs-org-ql")
(version (git-version "0.3.1" revision commit))
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/alphapapa/org-ql")
(commit commit)))
(sha256
(base32
"0apcg63xm0242mjgsgw0jrcda4p4iqj7fy3sgh0p7khi4hrs5ch0"))
(file-name (git-file-name name version))))
(build-system emacs-build-system)
(propagated-inputs
`(("emacs-s" ,emacs-s)
("emacs-f" ,emacs-f)
("emacs-ov" ,emacs-ov)
("emacs-peg" ,emacs-peg)
("emacs-org-super-agenda" ,emacs-org-super-agenda)
("emacs-ts" ,emacs-ts)
("emacs-org" ,emacs-org)
("emacs-helm" ,emacs-helm)
("emacs-helm-org" ,emacs-helm-org)
("emacs-dash" ,emacs-dash)))
(native-inputs
`(("emacs-buttercup" ,emacs-buttercup)))
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'require-helm
(lambda _
(substitute* "helm-org-ql.el"
(("^;;;; Requirements")
";;;; Requirements\n(require 'helm)\n(require 'helm-org)"))
#t)))
#:tests? #t
#:test-command '("buttercup" "-L" ".")))
(home-page "https://github.com/alphapapa/org-ql/")
(synopsis "Query language for Org buffers")
(description "This package provides a Lispy query language for Org
(package
(name "emacs-org-ql")
(version "0.3.2")
(source (origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/alphapapa/org-ql")
(commit version)))
(sha256
(base32
"11bhpi2l28vp8mm9nx18jljbqdnh9vxpv9kp1dn9lpsgivcdbc34"))
(file-name (git-file-name name version))))
(build-system emacs-build-system)
(propagated-inputs
`(("emacs-s" ,emacs-s)
("emacs-f" ,emacs-f)
("emacs-ov" ,emacs-ov)
("emacs-peg" ,emacs-peg)
("emacs-org-super-agenda" ,emacs-org-super-agenda)
("emacs-ts" ,emacs-ts)
("emacs-org" ,emacs-org)
("emacs-helm" ,emacs-helm)
("emacs-helm-org" ,emacs-helm-org)
("emacs-dash" ,emacs-dash)))
(native-inputs
`(("emacs-buttercup" ,emacs-buttercup)))
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'require-helm
(lambda _
(substitute* "helm-org-ql.el"
(("^;;;; Requirements")
";;;; Requirements\n(require 'helm)\n(require 'helm-org)"))
#t)))
#:tests? #t
#:test-command '("buttercup" "-L" ".")))
(home-page "https://github.com/alphapapa/org-ql/")
(synopsis "Query language for Org buffers")
(description "This package provides a Lispy query language for Org
files, allowing for actions to be performed based on search criteria.")
(license license:gpl3+))))
(license license:gpl3+)))
(define-public emacs-org-auto-expand
(let ((commit "4938d5f6460e2f8f051ba9ac000b291bfa43ef62")
@ -12537,6 +12588,11 @@ orient yourself in the code, and tell which statements are at a given level.")
(sha256
(base32 "1kykbb1sil5cycfa5aj8dhsxc5yrx1641i2np5kwdjid6ahdlz5r"))))
(build-system emacs-build-system)
(native-inputs
`(("emacs-buttercup" ,emacs-buttercup)))
(arguments
`(#:tests? #t
#:test-command '("buttercup" "-L" ".")))
(home-page "https://github.com/DamienCassou/hierarchy")
(synopsis "Library to create and display hierarchy structures")
(description "This package provides an Emacs library to create, query,
@ -14960,7 +15016,7 @@ Org-mode. It features:
(method git-fetch)
(uri (git-reference (url home-page)
(commit (string-append "v" version))))
(file-name (string-append name "-" version ".tar.gz"))
(file-name (git-file-name name version))
(sha256
(base32
"1wi70r56pd5z0x4dp4m58p9asq03j74kdm4fi9vai83vsl2z9amq"))))
@ -16219,7 +16275,7 @@ backends, including the @command{wordnet} offline backend.")
(define-public emacs-editorconfig
(package
(name "emacs-editorconfig")
(version "0.8.0")
(version "0.8.1")
(source
(origin
(method git-fetch)
@ -16229,7 +16285,7 @@ backends, including the @command{wordnet} offline backend.")
(file-name (git-file-name name version))
(sha256
(base32
"1b2cpqz75pivl323bs60j5rszwi787x6vy68csycikqz9mhpmjn9"))))
"1djlhkap7zddknzvjsjz0agpfsms1ih05zcpg1bikid2vs4gddyr"))))
(build-system emacs-build-system)
(home-page "https://github.com/editorconfig/editorconfig-emacs")
(synopsis "Define and maintain consistent coding styles between different
@ -18482,8 +18538,8 @@ Dash docsets.")
(license license:gpl3+))))
(define-public emacs-counsel-dash
(let ((commit "24d370be9e94e90d045c49967e19484b9903fce9")
(revision "2"))
(let ((commit "7027868d483b51d949b9f20fb8f34b122ca61520")
(revision "3"))
(package
(name "emacs-counsel-dash")
(version (git-version "0.1.3" revision commit))
@ -18496,11 +18552,20 @@ Dash docsets.")
(file-name (git-file-name name version))
(sha256
(base32
"18gp7hhgng271c7bh06k9p24zqic0f64j5cicivljmyk9c3nh7an"))))
"0h3f5pxnmb21pq4hh7k4w8jzflz1k2ap7nwpjc222w0q6x6jrbjp"))))
(build-system emacs-build-system)
(propagated-inputs
`(("emacs-dash-docs" ,emacs-dash-docs)
("emacs-ivy" ,emacs-ivy)))
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'require-ivy
(lambda _
(substitute* "counsel-dash.el"
(("^\\(require 'cl-lib\\)")
"(require 'cl-lib)\n(require 'ivy)\n(require 'subr-x)"))
#t)))))
(home-page "https://github.com/dash-docs-el/counsel-dash")
(synopsis "Offline documentation browser for APIs using Dash docsets")
(description "This package uses @code{ivy-mode} to install and navigate

96
gnu/packages/emulators.scm
View file

@ -9,6 +9,8 @@
;;; Copyright © 2017, 2018, 2019 Nicolas Goaziou <mail@nicolasgoaziou.fr>
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017, 2018, 2019 Rutger Helling <rhelling@mykolab.com>
;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
;;; Copyright © 2019 David Wilson <david@daviwil.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -26,6 +28,7 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu packages emulators)
#:use-module (ice-9 match)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
@ -39,6 +42,7 @@
#:use-module (gnu packages base)
#:use-module (gnu packages boost)
#:use-module (gnu packages backup)
#:use-module (gnu packages cdrom)
#:use-module (gnu packages compression)
#:use-module (gnu packages curl)
#:use-module (gnu packages elf)
@ -82,6 +86,7 @@
#:use-module (gnu packages xorg)
#:use-module (gnu packages web)
#:use-module (guix build-system cmake)
#:use-module (guix build-system glib-or-gtk)
#:use-module (guix build-system gnu))
(define-public desmume
@ -1366,3 +1371,94 @@ functions. The source code to MAME serves as this documentation.")
;; However, over 90% of the files are under Expat license. Also, artwork,
;; keymaps, languages and samples are under CC0.
(license (list license:gpl2+ license:expat license:cc0))))
(define-public pcsxr
;; No release since 2017.
(let ((commit "6484236cb0281e8040ff6c8078c87899a3407534"))
(package
(name "pcsxr")
;; Version is tagged here: https://github.com/frealgagu/PCSX-Reloaded
(version "1.9.95")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/pcsxr/PCSX-Reloaded")
(commit commit)))
(sha256
(base32
"138mayp7zi9v4l3lm5f6xxkds619w1fgg769zm8s45c84jbz7dza"))
(file-name (git-file-name name commit))))
(build-system cmake-build-system)
(arguments
`(#:tests? #f ;no "test" target
#:configure-flags
(list "-DSND_BACKEND=pulse"
"-DENABLE_CCDDA='ON'"
"-DUSE_LIBARCHIVE='ON'"
"-DUSE_LIBCDIO='ON'")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'cd-subdir
(lambda _ (chdir "pcsxr")))
(add-before 'configure 'fix-cdio-lookup
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "cmake/FindCdio.cmake"
(("/usr/include/cdio")
(string-append (assoc-ref inputs "libcdio") "/include/cdio"))))))))
(native-inputs
`(("pkg-config" ,pkg-config)
("intltool" ,intltool)
("glib" ,glib "bin")))
(inputs
`(("libcdio" ,libcdio)
("sdl2" ,sdl2)
("gtk+" ,gtk+)
("ffmpeg" ,ffmpeg)
("libxv" ,libxv)
("libarchive" ,libarchive)
("pulseaudio" ,pulseaudio)))
(home-page "https://archive.codeplex.com/?p=pcsxr")
(synopsis "PlayStation emulator")
(description
"A PlayStation emulator based on PCSX-df Project with bugfixes and
improvements.")
(license license:gpl2+))))
(define-public gens-gs
(package
(name "gens-gs")
(version "7")
(source
(origin
(method url-fetch)
(uri (string-append "https://retrocdn.net/images/6/6d/Gens-gs-r"
version ".tar.gz"))
(sha256
(base32
"1ha5s6d3y7s9aq9f4zmn9p88109c3mrj36z2w68jhiw5xrxws833"))))
(build-system glib-or-gtk-build-system)
(arguments
`(#:system "i686-linux"
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'fix-CFLAGS
(lambda* _
;; Remove GTK API deprecation flags that cause build errors.
(substitute* "configure"
(("GTK_CFLAGS=\"\\$GTK_CFLAGS .*\"") ""))
#t)))))
(native-inputs
`(("pkg-config" ,pkg-config)
("nasm" ,nasm)))
(inputs
`(("sdl" ,sdl)
("gtk" ,gtk+-2)))
(home-page "https://segaretro.org/Gens/GS")
(synopsis "Emulator for Sega Genesis/Mega Drive systems")
(description
"Gens/GS is an emulator for the Mega Drive (also known as Sega Genesis),
derived from Gens. Project goals include clean source code, combined features
from various forks of Gens, and improved platform portability.")
(supported-systems '("i686-linux" "x86_64-linux"))
(license license:gpl2+)))

10
gnu/packages/enlightenment.scm
View file

@ -30,6 +30,7 @@
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (gnu packages)
#:use-module (gnu packages algebra)
#:use-module (gnu packages avahi)
#:use-module (gnu packages bash)
#:use-module (gnu packages check)
@ -298,6 +299,11 @@ Libraries with some extra bells and whistles.")
#:phases
(modify-phases %standard-phases
(delete 'bootstrap) ; We don't want to run the autogen script.
(add-after 'unpack 'fix-dot-desktop-creation
(lambda _
(substitute* "data/session/meson.build"
(("HAVE_WAYLAND'.*") "HAVE_WAYLAND') == true\n"))
#t))
(add-before 'configure 'set-system-actions
(lambda* (#:key inputs #:allow-other-keys)
(setenv "HOME" "/tmp")
@ -306,6 +312,7 @@ Libraries with some extra bells and whistles.")
(utils (assoc-ref inputs "util-linux"))
(libc (assoc-ref inputs "libc"))
(bluez (assoc-ref inputs "bluez"))
(bc (assoc-ref inputs "bc"))
(efl (assoc-ref inputs "efl")))
;; We need to patch the path to 'base.lst' to be able
;; to switch the keyboard layout in E.
@ -326,6 +333,8 @@ Libraries with some extra bells and whistles.")
(string-append efl "/bin/edje_cc -v %s %s %s\"")))
(substitute* "src/modules/everything/evry_plug_apps.c"
(("/usr/bin/") ""))
(substitute* "src/modules/everything/evry_plug_calc.c"
(("bc -l") (string-append bc "/bin/bc -l")))
(substitute* "data/etc/meson.build"
(("/bin/mount") (string-append utils "/bin/mount"))
(("/bin/umount") (string-append utils "/bin/umount"))
@ -343,6 +352,7 @@ Libraries with some extra bells and whistles.")
("util-linux" ,util-linux)))
(inputs
`(("alsa-lib" ,alsa-lib)
("bc" ,bc)
("bluez" ,bluez)
("dbus" ,dbus)
("efl" ,efl)

27
gnu/packages/fonts.scm
View file

@ -1000,14 +1000,31 @@ correct spacing.")
;; <https://bugs.gnu.org/32916>
(version "4.7.0")
(source (origin
(method url-fetch)
(uri (string-append "http://fontawesome.io/assets/"
name "-" version ".zip"))
(method git-fetch)
(uri (git-reference
(url "https://github.com/FortAwesome/Font-Awesome.git")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
(base32
"1m1rfwm4sjkv10j3xd2dhwk286a5912b2zgvc692cmxi5gxs68jf"))))
"0w30y26jp8nvxa3iiw7ayl6rkza1rz62msl9xw3srvxya1c77grc"))))
(build-system font-build-system)
(home-page "http://fontawesome.io")
(arguments
'(#:phases
(modify-phases %standard-phases
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(source (string-append (getcwd) "/fonts"))
(fonts (string-append out "/share/fonts")))
(for-each (lambda (file)
(install-file file (string-append fonts "/truetype")))
(find-files source "\\.(ttf|ttc)$"))
(for-each (lambda (file)
(install-file file (string-append fonts "/opentype")))
(find-files source "\\.(otf|otc)$"))
#t))))))
(home-page "https://fontawesome.com/")
(synopsis "Font that contains a rich iconset")
(description
"Font Awesome is a full suite of pictographic icons for easy scalable

27
gnu/packages/gnome.scm
View file

@ -2223,7 +2223,7 @@ engineering.")
(define-public seahorse
(package
(name "seahorse")
(version "3.30")
(version "3.30.1.1")
(source
(origin
(method url-fetch)
@ -2232,8 +2232,19 @@ engineering.")
version ".tar.xz"))
(sha256
(base32
"1sbj1czlx1fakm72dwgbn0bwm12j838yaky4mkf6hf8j8afnxmzp"))))
(build-system glib-or-gtk-build-system)
"12x7xmwh62yl0ax90v8nkx3jqzviaz9hz2g56yml78wzww20gawy"))
(patches (search-patches
"seahorse-gkr-use-0-on-empty-flags.patch"))))
(build-system meson-build-system)
(arguments
'(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'skip-gtk-update-icon-cache
;; Don't create 'icon-theme.cache'.
(lambda _
(substitute* "build-aux/meson_post_install.py"
(("gtk-update-icon-cache") "true"))
#t)))))
(inputs
`(("gtk+" ,gtk+)
("gcr" ,gcr)
@ -2241,13 +2252,15 @@ engineering.")
("gpgme" ,gpgme)
("openldap" ,openldap)
("openssh" ,openssh)
("avahi" ,avahi)
("libsecret" ,libsecret)
("libsoup" ,libsoup)))
(native-inputs
`(("intltool" ,intltool)
`(("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
("itstool" ,itstool)
("pkg-config" ,pkg-config)
("vala" ,vala)
("xmllint" ,libxml2)))
(home-page "https://launchpad.net/gnome-themes-standard")
(synopsis "Manage encryption keys and passwords in the GNOME keyring")
@ -4353,7 +4366,7 @@ USB transfers with your high-level application or system daemon.")
;; one breaks the build by referring to a
;; non-existent header (packagekit.h)
(delete-file "src/ui.c"))))))
(home-page "https://launchpad.net/simple-scan")
(home-page "https://gitlab.gnome.org/GNOME/simple-scan")
(synopsis "Document and image scanner")
(description "Simple Scan is an easy-to-use application, designed to let
users connect their scanner and quickly have the image/document in an
@ -7100,7 +7113,7 @@ dark elements. It supports GNOME, Unity, Xfce, and Openbox.")
(define-public arc-theme
(package
(name "arc-theme")
(version "20181022")
(version "20190917")
(source (origin
(method git-fetch)
(uri (git-reference
@ -7109,7 +7122,7 @@ dark elements. It supports GNOME, Unity, Xfce, and Openbox.")
(file-name (git-file-name name version))
(sha256
(base32
"08951dk1irfadwpr3p323a4fprmxg53rk2r2niwq3v62ryhi3663"))))
"1qgpk4p2hi5hd4yy0hj93kq1vs0b32wb8qkaj1wi90c8gwddq5wa"))))
(build-system gnu-build-system)
(arguments
'(#:phases

17
gnu/packages/guile.scm
View file

@ -59,6 +59,7 @@
#:use-module (guix git-download)
#:use-module (guix build-system gnu)
#:use-module (guix build-system guile)
#:use-module (guix deprecation)
#:use-module (guix utils)
#:use-module (ice-9 match)
#:use-module ((srfi srfi-1) #:prefix srfi-1:))
@ -413,7 +414,7 @@ GNU@tie{}Guile. Use the @code{(ice-9 readline)} module and call its
;;; Extensions.
;;;
(define-public guile-json
(define-public guile-json-1
(package
(name "guile-json")
(version "1.2.0")
@ -444,17 +445,21 @@ specification. These are the main features:
;; Version 1.2.0 switched to GPLv3+ (from LGPLv3+).
(license license:gpl3+)))
(define-public guile-json-1
;; This is the 1.x branch of Guile-JSON.
guile-json)
;; Deprecate the 'guile-json' alias to force the use 'guile-json-1' or
;; 'guile-json-3'. In the future, we may reuse 'guile-json' as an alias for
;; 'guile-json-3'.
(define-deprecated guile-json
guile-json-1
guile-json-1)
(export guile-json)
(define-public guile2.0-json
(package-for-guile-2.0 guile-json))
(package-for-guile-2.0 guile-json-1))
(define-public guile-json-3
;; This version is incompatible with 1.x; see the 'NEWS' file.
(package
(inherit guile-json)
(inherit guile-json-1)
(name "guile-json")
(version "3.2.0")
(source (origin

8
gnu/packages/linux.scm
View file

@ -2919,7 +2919,7 @@ country-specific regulations for the wireless spectrum.")
(define-public lm-sensors
(package
(name "lm-sensors")
(version "3.5.0")
(version "3.6.0")
(source
(origin
(method git-fetch)
@ -2929,7 +2929,7 @@ country-specific regulations for the wireless spectrum.")
(string-split version #\.) "-")))))
(file-name (git-file-name name version))
(sha256
(base32 "1mdrnb9r01z1xfdm6dpkywvf9yy9a4yzb59paih9sijwmigv19fj"))
(base32 "1ipf6wjx037sqyhy0r5jh4983h216anq9l68ckn2x5c3qc4wfmzn"))
(patches (search-patches "lm-sensors-hwmon-attrs.patch"))))
(build-system gnu-build-system)
(inputs `(("rrdtool" ,rrdtool)
@ -2940,10 +2940,10 @@ country-specific regulations for the wireless spectrum.")
("flex" ,flex)
("bison" ,bison)
("which" ,which)))
(outputs '("lib" ;avoid perl in closure
(outputs '("lib" ; avoid perl in closure
"out"))
(arguments
`(#:tests? #f ; no 'check' target
`(#:tests? #f ; no 'check' target
#:make-flags (list (string-append "PREFIX=" %output)
(string-append "ETCDIR=" (assoc-ref %outputs "lib") "/etc")
(string-append "INCLUDEDIR="

250
gnu/packages/lisp.scm
View file

@ -1508,6 +1508,8 @@ else @code{parse-number} signals an error of type @code{invalid-number}.")
(base32
"0kvz16gnxnkdz0fy1x8y5yr28nfm7i2qpvix7mgwccdpjmsb4pgm"))))
(build-system asdf-build-system/sbcl)
(native-inputs
`(("rt" ,sbcl-rt)))
(home-page "https://common-lisp.net/project/iterate/")
(synopsis "Iteration construct for Common Lisp")
(description "@code{iterate} is an iteration construct for Common Lisp.
@ -1524,6 +1526,9 @@ It is similar to the @code{CL:LOOP} macro, with these distinguishing marks:
(define-public cl-iterate
(sbcl-package->cl-source-package sbcl-iterate))
(define-public ecl-iterate
(sbcl-package->ecl-package sbcl-iterate))
(define-public sbcl-cl-uglify-js
;; There have been many bug fixes since the 2010 release.
(let ((commit "429c5e1d844e2f96b44db8fccc92d6e8e28afdd5")
@ -7833,3 +7838,248 @@ Clojure, as well as several expansions on the idea.")
(define-public ecl-arrows
(sbcl-package->ecl-package sbcl-arrows))
(define-public sbcl-simple-parallel-tasks
(let ((commit "db460f7a3f7bbfe2d3a2223ed21e162068d04dda")
(revision "0"))
(package
(name "sbcl-simple-parallel-tasks")
(version (git-version "1.0" revision commit))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/glv2/simple-parallel-tasks.git")
(commit commit)))
(file-name (git-file-name name version))
(sha256
(base32
"0amw3qk23wnlyrsgzszs6rs7y4zvxv8dr03rnqhc60mnm8ds4dd5"))))
(build-system asdf-build-system/sbcl)
(native-inputs
`(("fiveam" ,sbcl-fiveam)))
(inputs
`(("chanl" ,sbcl-chanl)))
(synopsis "Common Lisp library to evaluate some forms in parallel")
(description "This is a simple Common Lisp library to evaluate some
forms in parallel.")
(home-page "https://github.com/glv2/simple-parallel-tasks")
(license license:gpl3))))
(define-public cl-simple-parallel-tasks
(sbcl-package->cl-source-package sbcl-simple-parallel-tasks))
(define-public ecl-simple-parallel-tasks
(sbcl-package->ecl-package sbcl-simple-parallel-tasks))
(define-public sbcl-cl-heap
(package
(name "sbcl-cl-heap")
(version "0.1.6")
(source
(origin
(method url-fetch)
(uri (string-append "https://common-lisp.net/project/cl-heap/releases/"
"cl-heap_" version ".tar.gz"))
(sha256
(base32
"163hb07p2nxz126rpq3cj5dyala24n0by5i5786n2qcr1w0bak4i"))))
(build-system asdf-build-system/sbcl)
(native-inputs
`(("xlunit" ,sbcl-xlunit)))
(arguments
`(#:test-asd-file "cl-heap-tests.asd"))
(synopsis "Heap and priority queue data structures for Common Lisp")
(description
"CL-HEAP provides various implementations of heap data structures (a
binary heap and a Fibonacci heap) as well as an efficient priority queue.")
(home-page "https://common-lisp.net/project/cl-heap/")
(license license:gpl3+)))
(define-public cl-heap
(sbcl-package->cl-source-package sbcl-cl-heap))
(define-public ecl-cl-heap
(sbcl-package->ecl-package sbcl-cl-heap))
(define-public sbcl-curry-compose-reader-macros
(let ((commit "beaa92dedf392726c042184bfd6149fa8d9e6ac2")
(revision "0"))
(package
(name "sbcl-curry-compose-reader-macros")
(version (git-version "1.0.0" revision commit))
(source
(origin
(method git-fetch)
(uri
(git-reference
(url "https://github.com/eschulte/curry-compose-reader-macros.git")
(commit commit)))
(file-name (git-file-name name version))
(sha256
(base32
"0rv9bl8xrad5wfcg5zs1dazvnpmvqz6297lbn8bywsrcfnlf7h98"))))
(build-system asdf-build-system/sbcl)
(inputs
`(("alexandria" ,sbcl-alexandria)
("named-readtables" ,sbcl-named-readtables)))
(synopsis "Reader macros for partial application and composition")
(description
"This Common Lisp library provides reader macros for concise expression
of function partial application and composition.")
(home-page "https://eschulte.github.io/curry-compose-reader-macros/")
(license license:public-domain))))
(define-public cl-curry-compose-reader-macros
(sbcl-package->cl-source-package sbcl-curry-compose-reader-macros))
(define-public ecl-curry-compose-reader-macros
(sbcl-package->ecl-package sbcl-curry-compose-reader-macros))
(define-public sbcl-yason
(package
(name "sbcl-yason")
(version "0.7.7")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/phmarek/yason.git")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
(base32
"0479rbjgbj80jpk5bby18inlv1kfp771a82rlcq5psrz65qqa9bj"))))
(build-system asdf-build-system/sbcl)
(inputs
`(("alexandria" ,sbcl-alexandria)
("trivial-gray-streams" ,sbcl-trivial-gray-streams)))
(synopsis "Common Lisp JSON parser/encoder")
(description
"YASON is a Common Lisp library for encoding and decoding data in the
JSON interchange format.")
(home-page "https://github.com/phmarek/yason")
(license license:bsd-3)))
(define-public cl-yason
(sbcl-package->cl-source-package sbcl-yason))
(define-public ecl-yason
(sbcl-package->ecl-package sbcl-yason))
(define-public sbcl-stefil
(let ((commit "0398548ec95dceb50fc2c2c03e5fb0ce49b86c7a")
(revision "0"))
(package
(name "sbcl-stefil")
(version (git-version "0.1" revision commit))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://gitlab.common-lisp.net/stefil/stefil.git")
(commit commit)))
(file-name (git-file-name name version))
(sha256
(base32
"0bqz64q2szzhf91zyqyssmvrz7da6442rs01808pf3wrdq28bclh"))))
(build-system asdf-build-system/sbcl)
(inputs
`(("alexandria" ,sbcl-alexandria)
("iterate" ,sbcl-iterate)
("metabang-bind" ,sbcl-metabang-bind)))
(propagated-inputs
;; Swank doesn't have a pre-compiled package, therefore we must
;; propagate its sources.
`(("swank" ,cl-slime-swank)))
(arguments
'(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'drop-unnecessary-dependency
(lambda _
(substitute* "package.lisp"
((":stefil-system") ""))
#t)))))
(home-page "https://common-lisp.net/project/stefil/index-old.shtml")
(synopsis "Simple test framework")
(description
"Stefil is a simple test framework for Common Lisp, with a focus on
interactive development.")
(license license:public-domain))))
(define-public cl-stefil
(sbcl-package->cl-source-package sbcl-stefil))
(define-public sbcl-graph
(let ((commit "78bf9ec930d8eae4f0861b5be76765fb1e45e24f")
(revision "0"))
(package
(name "sbcl-graph")
(version (git-version "0.0.0" revision commit))
(source
(origin
(method git-fetch)
(uri
(git-reference
(url "https://github.com/eschulte/graph.git")
(commit commit)))
(file-name (git-file-name name version))
(sha256
(base32
"1qpij4xh8bqwc2myahpilcbh916v7vg0acz2fij14d3y0jm02h0g"))
(patches (search-patches "sbcl-graph-asdf-definitions.patch"))))
(build-system asdf-build-system/sbcl)
(native-inputs
`(("stefil" ,sbcl-stefil)))
(inputs
`(("alexandria" ,sbcl-alexandria)
("cl-heap" ,sbcl-cl-heap)
("curry-compose-reader-macros" ,sbcl-curry-compose-reader-macros)
("metabang-bind" ,sbcl-metabang-bind)
("named-readtables" ,sbcl-named-readtables)))
(arguments
'(#:test-asd-file "graph.test.asd"))
(synopsis "Graph data structure and algorithms for Common Lisp")
(description
"The GRAPH Common Lisp library provides a data structures to represent
graphs, as well as some graph manipulation and analysis algorithms (shortest
path, maximum flow, minimum spanning tree, etc.).")
(home-page "https://eschulte.github.io/graph/")
(license license:gpl3+))))
(define-public cl-graph
(sbcl-package->cl-source-package sbcl-graph))
(define-public sbcl-graph-dot
(package
(inherit sbcl-graph)
(name "sbcl-graph-dot")
(inputs
`(("alexandria" ,sbcl-alexandria)
("cl-ppcre" ,sbcl-cl-ppcre)
("curry-compose-reader-macros" ,sbcl-curry-compose-reader-macros)
("graph" ,sbcl-graph)
("metabang-bind" ,sbcl-metabang-bind)
("named-readtables" ,sbcl-named-readtables)))
(arguments
(substitute-keyword-arguments (package-arguments sbcl-graph)
((#:asd-file _ "") "graph.dot.asd")
((#:asd-system-name _ #f) "graph-dot")))
(synopsis "Serialize graphs to and from DOT format")))
(define-public sbcl-graph-json
(package
(inherit sbcl-graph)
(name "sbcl-graph-json")
(inputs
`(("alexandria" ,sbcl-alexandria)
("curry-compose-reader-macros" ,sbcl-curry-compose-reader-macros)
("graph" ,sbcl-graph)
("metabang-bind" ,sbcl-metabang-bind)
("named-readtables" ,sbcl-named-readtables)
("yason" ,sbcl-yason)))
(arguments
(substitute-keyword-arguments (package-arguments sbcl-graph)
((#:asd-file _ "") "graph.json.asd")
((#:asd-system-name _ #f) "graph-json")))
(synopsis "Serialize graphs to and from JSON format")))

36
gnu/packages/machine-learning.scm
View file

@ -2051,3 +2051,39 @@ includes an implementation of Global Refinement of Random Forest.")
(define-public ecl-cl-random-forest
(sbcl-package->ecl-package sbcl-cl-random-forest))
(define-public gloo
(let ((version "0.0.0") ; no proper version tag
(commit "ca528e32fea9ca8f2b16053cff17160290fc84ce")
(revision "0"))
(package
(name "gloo")
(version (git-version version revision commit))
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/facebookincubator/gloo.git")
(commit commit)))
(file-name (git-file-name name version))
(sha256
(base32
"1q9f80zy75f6njrzrqkmhc0g3qxs4gskr7ns2jdqanxa2ww7a99w"))))
(build-system cmake-build-system)
(native-inputs
`(("googletest" ,googletest)))
(arguments
`(#:configure-flags '("-DBUILD_TEST=1")
#:phases
(modify-phases %standard-phases
(replace 'check
(lambda _
(invoke "make" "gloo_test")
#t)))))
(synopsis "Collective communications library")
(description
"Gloo is a collective communications library. It comes with a
number of collective algorithms useful for machine learning applications.
These include a barrier, broadcast, and allreduce.")
(home-page "https://github.com/facebookincubator/gloo")
(license license:bsd-3))))

53
gnu/packages/make-bootstrap.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2018, 2019 Mark H Weaver <mhw@netris.org>
@ -24,6 +24,7 @@
(define-module (gnu packages make-bootstrap)
#:use-module (guix utils)
#:use-module (guix packages)
#:use-module (guix memoization)
#:use-module ((guix licenses) #:select (gpl3+))
#:use-module (guix build-system trivial)
#:use-module (guix build-system gnu)
@ -63,27 +64,29 @@
;;;
;;; Code:
(define* (glibc-for-bootstrap #:optional (base glibc))
"Return a libc deriving from BASE whose `system' and `popen' functions looks
(define glibc-for-bootstrap
(mlambdaq (base)
"Return a libc deriving from BASE whose `system' and `popen' functions looks
for `sh' in $PATH, and without nscd, and with static NSS modules."
(package (inherit base)
(source (origin (inherit (package-source base))
(patches (cons (search-patch "glibc-bootstrap-system.patch")
(origin-patches (package-source base))))))
(arguments
(substitute-keyword-arguments (package-arguments base)
((#:configure-flags flags)
;; Arrange so that getaddrinfo & co. do not contact the nscd,
;; and can use statically-linked NSS modules.
`(cons* "--disable-nscd" "--disable-build-nscd"
"--enable-static-nss"
,flags))))
(package
(inherit base)
(source (origin (inherit (package-source base))
(patches (cons (search-patch "glibc-bootstrap-system.patch")
(origin-patches (package-source base))))))
(arguments
(substitute-keyword-arguments (package-arguments base)
((#:configure-flags flags)
;; Arrange so that getaddrinfo & co. do not contact the nscd,
;; and can use statically-linked NSS modules.
`(cons* "--disable-nscd" "--disable-build-nscd"
"--enable-static-nss"
,flags))))
;; Remove the 'debug' output to allow bit-reproducible builds (when the
;; 'debug' output is used, ELF files end up with a .gnu_debuglink, which
;; includes a CRC of the corresponding debugging symbols; those symbols
;; contain store file names, so the CRC changes at every rebuild.)
(outputs (delete "debug" (package-outputs base)))))
;; Remove the 'debug' output to allow bit-reproducible builds (when the
;; 'debug' output is used, ELF files end up with a .gnu_debuglink, which
;; includes a CRC of the corresponding debugging symbols; those symbols
;; contain store file names, so the CRC changes at every rebuild.)
(outputs (delete "debug" (package-outputs base))))))
(define (package-with-relocatable-glibc p)
"Return a variant of P that uses the libc as defined by
@ -122,8 +125,8 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(package-search-paths gcc)))))
("cross-binutils" ,(cross-binutils target))
,@(%final-inputs)))
`(("libc" ,(glibc-for-bootstrap))
("libc:static" ,(glibc-for-bootstrap) "static")
`(("libc" ,(glibc-for-bootstrap glibc))
("libc:static" ,(glibc-for-bootstrap glibc) "static")
("gcc" ,(package (inherit gcc)
(outputs '("out")) ;all in one so libgcc_s is easily found
(native-search-paths
@ -135,8 +138,8 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
(package-native-search-paths gcc)))
(inputs
`(;; Distinguish the name so we can refer to it below.
("bootstrap-libc" ,(glibc-for-bootstrap))
("libc:static" ,(glibc-for-bootstrap) "static")
("bootstrap-libc" ,(glibc-for-bootstrap glibc))
("libc:static" ,(glibc-for-bootstrap glibc) "static")
,@(package-inputs gcc)))
(arguments
(substitute-keyword-arguments (package-arguments gcc)
@ -438,7 +441,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
;; GNU libc's essential shared libraries, dynamic linker, and headers,
;; with all references to store directories stripped. As a result,
;; libc.so is unusable and need to be patched for proper relocation.
(let ((glibc (glibc-for-bootstrap)))
(let ((glibc (glibc-for-bootstrap glibc)))
(package (inherit glibc)
(name "glibc-stripped")
(build-system trivial-build-system)

47
gnu/packages/mingw.scm
View file

@ -30,12 +30,21 @@
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix utils)
#:use-module (ice-9 match))
#:use-module (ice-9 match)
#:export (make-mingw-w64))
(define-public (make-mingw-w64 machine)
(let ((triplet (string-append machine "-" "w64-mingw32")))
(define* (make-mingw-w64 machine
#:key
xgcc
xbinutils
with-winpthreads?)
"Return a mingw-w64 for targeting MACHINE. If XGCC or XBINUTILS is specified,
use that gcc or binutils when cross-compiling. If WITH-WINPTHREADS? is
specified, recurse and return a mingw-w64 with support for winpthreads."
(let* ((triplet (string-append machine "-" "w64-mingw32")))
(package
(name (string-append "mingw-w64" "-" machine))
(name (string-append "mingw-w64" "-" machine
(if with-winpthreads? "-winpthreads" "")))
(version "6.0.0")
(source (origin
(method url-fetch)
@ -45,8 +54,13 @@
(sha256
(base32 "1w28mynv500y03h92nh87rgw3fnp82qwnjbxrrzqkmr63q812pl0"))
(patches (search-patches "mingw-w64-6.0.0-gcc.patch"))))
(native-inputs `(("xgcc-core" ,(cross-gcc triplet))
("xbinutils" ,(cross-binutils triplet))))
(native-inputs `(("xgcc-core" ,(if xgcc xgcc (cross-gcc triplet)))
("xbinutils" ,(if xbinutils xbinutils (cross-binutils triplet)))
,@(if with-winpthreads?
`(("xlibc" ,(make-mingw-w64 machine
#:xgcc xgcc
#:xbinutils xbinutils)))
'())))
(build-system gnu-build-system)
(search-paths
(list (search-path-specification
@ -59,7 +73,10 @@
,(string-append triplet "/lib")
,(string-append triplet "/lib64"))))))
(arguments
`(#:configure-flags '(,(string-append "--host=" triplet))
`(#:configure-flags '(,(string-append "--host=" triplet)
,@(if with-winpthreads?
'("--with-libraries=winpthreads")
'()))
#:phases
(modify-phases %standard-phases
(add-before 'configure 'setenv
@ -74,7 +91,13 @@
":" mingw-headers "/include"
":" mingw-headers "/crt"
":" mingw-headers "/defaults/include"
":" mingw-headers "/direct-x/include"))))))
":" mingw-headers "/direct-x/include"))
(when ,with-winpthreads?
(let ((xlibc (assoc-ref inputs "xlibc")))
(setenv "CROSS_LIBRARY_PATH"
(string-append
xlibc "/lib" ":"
xlibc "/" ,triplet "/lib"))))))))
#:make-flags (list "DEFS=-DHAVE_CONFIG_H -D__MINGW_HAS_DXSDK=1")
#:tests? #f ; compiles and includes glibc headers
#:strip-binaries? #f))
@ -98,4 +121,12 @@ several new APIs such as DirectX and DDK, and 64-bit support.")
(define-public mingw-w64-x86_64
(make-mingw-w64 "x86_64"))
(define-public mingw-w64-i686-winpthreads
(make-mingw-w64 "i686"
#:with-winpthreads? #t))
(define-public mingw-w64-x86_64-winpthreads
(make-mingw-w64 "x86_64"
#:with-winpthreads? #t))
(define-public mingw-w64 mingw-w64-i686)

43
gnu/packages/multiprecision.scm
View file

@ -293,7 +293,7 @@ multiplies.")
(define-public libtommath
(package
(name "libtommath")
(version "1.1.0")
(version "1.2.0")
(outputs '("out" "static"))
(source
(origin
@ -302,8 +302,7 @@ multiplies.")
"download/v" version "/ltm-" version ".tar.xz"))
(sha256
(base32
"1bbyagqzfdbg37k1n08nsqzdf44z8zsnjjinqbsyj7rxg246qilh"))
(patches (search-patches "libtommath-fix-linkage.patch"))))
"1c8q1qy88cjhdjlk3g24mra94h34c1ldvkjz0n2988c0yvn5xixp"))))
(build-system gnu-build-system)
(arguments
'(#:phases
@ -311,10 +310,6 @@ multiplies.")
(delete 'configure) ; no configure
(add-after 'unpack 'prepare-build
(lambda _
;; Don't pull in coreutils.
(substitute* "makefile_include.mk"
(("arch") "uname -m"))
;; We want the shared library by default so force it to be the
;; default makefile target.
(delete-file "makefile")
@ -326,14 +321,15 @@ multiplies.")
"/lib/libtommath.a"))
#t))
(replace 'check
(lambda* (#:key make-flags #:allow-other-keys)
(apply invoke "make" "test_standalone" make-flags)
(lambda* (#:key test-target make-flags #:allow-other-keys)
(apply invoke "make" test-target make-flags)
(invoke "sh" "test")))
(add-after 'install 'install-static-library
(lambda* (#:key outputs #:allow-other-keys)
(invoke "make" "-f" "makefile.unix" "install"
(string-append "PREFIX=" (assoc-ref outputs "static"))
(string-append "CC=" (which "gcc"))))))
#:test-target "test"
#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
"CC=gcc")))
(native-inputs
@ -346,9 +342,34 @@ simple to work with that provides fairly efficient routines that build out of
the box without configuration.")
(license unlicense)))
(define-public libtommath-1.0
(define-public libtommath-1.1
(package
(inherit libtommath)
(version "1.1.0")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/libtom/libtommath/releases/"
"download/v" version "/ltm-" version ".tar.xz"))
(sha256
(base32
"1bbyagqzfdbg37k1n08nsqzdf44z8zsnjjinqbsyj7rxg246qilh"))
(patches (search-patches "libtommath-fix-linkage.patch"))))
(arguments
(substitute-keyword-arguments (package-arguments libtommath)
((#:phases phases)
`(modify-phases ,phases
(add-after 'unpack 'patch-coreutils-call
(lambda _
;; Don't pull in coreutils.
(substitute* "makefile_include.mk"
(("arch") "uname -m"))
#t))))
((#:test-target _) "test_standalone")))))
(define-public libtommath-1.0
(package
(inherit libtommath-1.1)
(version "1.0.1")
(outputs '("out"))
(source
@ -360,7 +381,7 @@ the box without configuration.")
(base32
"0sbccdwbkfc680id2fi0x067j23biqcjqilwkk7y9339knrjy0s7"))))
(arguments
(substitute-keyword-arguments (package-arguments libtommath)
(substitute-keyword-arguments (package-arguments libtommath-1.1)
((#:phases phases)
`(modify-phases ,phases
(delete 'install-static-library)))))))

4
gnu/packages/parallel.scm
View file

@ -52,14 +52,14 @@
(define-public parallel
(package
(name "parallel")
(version "20190922")
(version "20191022")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://gnu/parallel/parallel-"
version ".tar.bz2"))
(sha256
(base32 "0qrw34rpp8g5knb2nhs8z1hz9i42nxjn6i12m4rblm0anhnfwbr8"))))
(base32 "1a89x5ix9kls1abj8zkgxdf3g3s5phzb83xcd4cwpz4szfjfw6v4"))))
(build-system gnu-build-system)
(arguments
`(#:phases

42
gnu/packages/patches/avahi-CVE-2018-1000845.patch Normal file
View file

@ -0,0 +1,42 @@
From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
From: Trent Lloyd <trent@lloyd.id.au>
Date: Sat, 22 Dec 2018 09:06:07 +0800
Subject: [PATCH] Drop legacy unicast queries from address not on local link
When handling legacy unicast queries, ensure that the source IP is
inside a subnet on the local link, otherwise drop the packet.
Fixes #145
Fixes #203
CVE-2017-6519
CVE-2018-100084
---
avahi-core/server.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/avahi-core/server.c b/avahi-core/server.c
index a2cb19a8..a2580e38 100644
--- a/avahi-core/server.c
+++ b/avahi-core/server.c
@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
if (avahi_dns_packet_is_query(p)) {
int legacy_unicast = 0;
+ char t[AVAHI_ADDRESS_STR_MAX];
/* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
* AR section completely here, so far. Until the day we add
@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
legacy_unicast = 1;
}
+ if (!is_mdns_mcast_address(dst_address) &&
+ !avahi_interface_address_on_link(i, src_address)) {
+
+ avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
+ return;
+ }
+
if (legacy_unicast)
reflect_legacy_unicast_query_packet(s, p, i, src_address, port);

70
gnu/packages/patches/sbcl-graph-asdf-definitions.patch Normal file
View file

@ -0,0 +1,70 @@
commit 52ebece1243ae6900e414b6248b5145a28348eef
Author: Guillaume Le Vaillant <glv@posteo.net>
Date: Fri Oct 18 15:41:23 2019 +0200
Use basic ASDF system definitions instead of package-inferred-system
diff --git a/graph.asd b/graph.asd
index 193b6e3..56afc8f 100644
--- a/graph.asd
+++ b/graph.asd
@@ -3,12 +3,10 @@
:version "0.0.0"
:author ("Eric Schulte <schulte.eric@gmail.com>" "Thomas Dye")
:licence "GPL V3"
- :class :package-inferred-system
- :defsystem-depends-on (:asdf-package-system)
+ :in-order-to ((test-op (test-op graph-test)))
:depends-on (alexandria
metabang-bind
named-readtables
curry-compose-reader-macros
- graph/graph))
-
-(register-system-packages "femlisp-matlisp" '(:fl.matlisp))
+ cl-heap)
+ :components ((:file "graph")))
diff --git a/graph.dot.asd b/graph.dot.asd
new file mode 100644
index 0000000..12aec7e
--- /dev/null
+++ b/graph.dot.asd
@@ -0,0 +1,8 @@
+(defsystem :graph-dot
+ :depends-on (alexandria
+ metabang-bind
+ named-readtables
+ curry-compose-reader-macros
+ cl-ppcre
+ graph)
+ :components ((:file "dot")))
diff --git a/graph.json.asd b/graph.json.asd
new file mode 100644
index 0000000..e7d091f
--- /dev/null
+++ b/graph.json.asd
@@ -0,0 +1,8 @@
+(defsystem :graph-json
+ :depends-on (alexandria
+ metabang-bind
+ named-readtables
+ curry-compose-reader-macros
+ yason
+ graph)
+ :components ((:file "json")))
diff --git a/graph.test.asd b/graph.test.asd
new file mode 100644
index 0000000..1e811e1
--- /dev/null
+++ b/graph.test.asd
@@ -0,0 +1,10 @@
+(defsystem :graph-test
+ :depends-on (alexandria
+ metabang-bind
+ named-readtables
+ curry-compose-reader-macros
+ graph
+ stefil)
+ :perform (test-op (o s)
+ (uiop:symbol-call :graph/test 'test))
+ :components ((:file "test")))

32
gnu/packages/patches/seahorse-gkr-use-0-on-empty-flags.patch Normal file
View file

@ -0,0 +1,32 @@
Patch from <https://gitlab.gnome.org/GNOME/seahorse/commit/d9db29db567012b7c72e85e1be1fbf55fcc9b667>.
From d9db29db567012b7c72e85e1be1fbf55fcc9b667 Mon Sep 17 00:00:00 2001
From: Niels De Graef <nielsdegraef@gmail.com>
Date: Sat, 11 May 2019 09:02:34 +0200
Subject: [PATCH] gkr: Use 0 on empty flags
A Flags-type variable without any flag set can be replaced with 0, so
this is a safe thing to do. It also prevents us from having to deal with
the accidental API break in libsecret (see
https://gitlab.gnome.org/GNOME/libsecret/merge_requests/19)
---
gkr/gkr-keyring-add.vala | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/gkr/gkr-keyring-add.vala b/gkr/gkr-keyring-add.vala
index 4e92a520..f60c9a22 100644
--- a/gkr/gkr-keyring-add.vala
+++ b/gkr/gkr-keyring-add.vala
@@ -41,8 +41,7 @@ public class Seahorse.Gkr.KeyringAdd : Gtk.Dialog {
var cancellable = Dialog.begin_request(this);
var service = Backend.instance().service;
- Secret.Collection.create.begin(service, this.name_entry.text, null,
- Secret.CollectionCreateFlags.COLLECTION_CREATE_NONE,
+ Secret.Collection.create.begin(service, this.name_entry.text, null, 0,
cancellable, (obj, res) => {
/* Clear the operation without cancelling it since it is complete */
Dialog.complete_request(this, false);
--
2.23.0

38
gnu/packages/patches/weasyprint-library-paths.patch Normal file
View file

@ -0,0 +1,38 @@
diff --git a/weasyprint/fonts.py b/weasyprint/fonts.py
index 377716c1..2016e01c 100644
--- a/weasyprint/fonts.py
+++ b/weasyprint/fonts.py
@@ -48,11 +48,8 @@ else:
# with OSError: dlopen() failed to load a library: cairo / cairo-2
# So let's hope we find the same file as cairo already did ;)
# Same applies to pangocairo requiring pangoft2
- fontconfig = dlopen(ffi, 'fontconfig', 'libfontconfig',
- 'libfontconfig-1.dll',
- 'libfontconfig.so.1', 'libfontconfig-1.dylib')
- pangoft2 = dlopen(ffi, 'pangoft2-1.0', 'libpangoft2-1.0-0',
- 'libpangoft2-1.0.so', 'libpangoft2-1.0.dylib')
+ fontconfig = dlopen(ffi, '@fontconfig@')
+ pangoft2 = dlopen(ffi, '@pangoft2@')
ffi.cdef('''
// FontConfig
diff --git a/weasyprint/text.py b/weasyprint/text.py
index 035074e9..08e40395 100644
--- a/weasyprint/text.py
+++ b/weasyprint/text.py
@@ -243,12 +243,9 @@ def dlopen(ffi, *names):
return ffi.dlopen(names[0]) # pragma: no cover
-gobject = dlopen(ffi, 'gobject-2.0', 'libgobject-2.0-0', 'libgobject-2.0.so',
- 'libgobject-2.0.dylib')
-pango = dlopen(ffi, 'pango-1.0', 'libpango-1.0-0', 'libpango-1.0.so',
- 'libpango-1.0.dylib')
-pangocairo = dlopen(ffi, 'pangocairo-1.0', 'libpangocairo-1.0-0',
- 'libpangocairo-1.0.so', 'libpangocairo-1.0.dylib')
+gobject = dlopen(ffi, '@gobject@')
+pango = dlopen(ffi, '@pango@')
+pangocairo = dlopen(ffi, '@pangocairo@')
gobject.g_type_init()

128
gnu/packages/pdf.scm
View file

@ -7,7 +7,7 @@
;;; Copyright © 2016 ng0 <ng0@n0.is>
;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016, 2017, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2016, 2019 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2017, 2018 Leo Famulari <leo@famulari.name>
@ -15,6 +15,8 @@
;;; Copyright © 2017, 2018 Rene Saavedra <pacoon@protonmail.com>
;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
;;; Copyright © 2019 Ben Sturmfels <ben@sturm.com.au>
;;; Copyright © 2019 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -65,6 +67,7 @@
#:use-module (gnu packages imagemagick)
#:use-module (gnu packages javascript)
#:use-module (gnu packages lesstif)
#:use-module (gnu packages libffi)
#:use-module (gnu packages linux)
#:use-module (gnu packages lua)
#:use-module (gnu packages pcre)
@ -72,6 +75,8 @@
#:use-module (gnu packages photo)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages python-check)
#:use-module (gnu packages python-web)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages qt)
#:use-module (gnu packages sdl)
@ -975,6 +980,50 @@ Note: This module isn't maintained anymore. For new projects please use
python-pypdf2 instead.")
(license license:bsd-3)))
(define-public pdfarranger
(package
(name "pdfarranger")
(version "1.3.1")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/jeromerobert/pdfarranger.git")
(commit version)))
(file-name (git-file-name name version))
(sha256
(base32 "1f8m8r81322i97wkqpmf7a4kiwnq244n6cnbldh03jc49vwq2kxx"))))
(build-system python-build-system)
(arguments
'(#:tests? #f ;no tests
#:phases (modify-phases %standard-phases
(add-after 'install 'wrap-for-typelib
(lambda* (#:key inputs outputs #:allow-other-keys)
(let* ((out (assoc-ref outputs "out"))
(program (string-append out "/bin/pdfarranger")))
(wrap-program program
`("GI_TYPELIB_PATH" ":" prefix
(,(getenv "GI_TYPELIB_PATH"))))
#t))))))
(native-inputs
`(("intltool" ,intltool)
("python-distutils-extra" ,python-distutils-extra)))
(propagated-inputs
`(("gtk+" ,gtk+)
("poppler" ,poppler)
("python-pycairo" ,python-pycairo)
("python-pygobject" ,python-pygobject)
("python-pypdf2" ,python-pypdf2)))
(home-page "https://github.com/jeromerobert/pdfarranger")
(synopsis "Merge, split and re-arrange pages from PDF documents")
(description
"PDF Arranger is a small application which allows one to merge or split
PDF documents and rotate, crop and rearrange their pages using an interactive
and intuitive graphical interface.
PDF Arranger was formerly known as PDF-Shuffler.")
(license license:gpl3+)))
(define-public pdfposter
(package
(name "pdfposter")
@ -1155,3 +1204,80 @@ manipulating PDF documents from the command line. It supports
@item displaying the mapping between logical and physical page numbers
@end itemize")
(license license:bsd-3)))
(define-public weasyprint
(package
(name "weasyprint")
(version "50")
(source
(origin
(method url-fetch)
(uri (pypi-uri "WeasyPrint" version))
(sha256
(base32 "0invs96zvmcr6wh5klj52jrcnr9qg150v9wpmbhcsf3vv1d1hbcw"))
(patches (search-patches "weasyprint-library-paths.patch"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(add-after 'unpack 'patch-library-paths
(lambda* (#:key inputs #:allow-other-keys)
(let ((fontconfig (assoc-ref inputs "fontconfig"))
(glib (assoc-ref inputs "glib"))
(pango (assoc-ref inputs "pango"))
(pangoft2 (assoc-ref inputs "pangoft2")))
(substitute* "weasyprint/fonts.py"
(("@fontconfig@")
(string-append fontconfig "/lib/libfontconfig.so"))
(("@pangoft2@")
(string-append pango "/lib/libpangoft2-1.0.so")))
(substitute* "weasyprint/text.py"
(("@gobject@")
(string-append glib "/lib/libgobject-2.0.so"))
(("@pango@")
(string-append pango "/lib/libpango-1.0.so"))
(("@pangocairo@")
(string-append pango "/lib/libpangocairo-1.0.so"))))))
(add-after 'unpack 'remove-pytest-options
(lambda _
(substitute* "setup.cfg"
;; flake8 and isort syntax checks fail, which is not our
;; business
(("addopts = --flake8 --isort") ""))))
(replace 'check
(lambda _
;; run pytest, excluding one failing test
(invoke "pytest" "-k" "not test_flex_column_wrap_reverse"))))))
(inputs
`(("fontconfig" ,fontconfig)
("glib" ,glib)
("pango" ,pango)))
(propagated-inputs
`(("gdk-pixbuf" ,gdk-pixbuf)
("python-cairocffi" ,python-cairocffi)
("python-cairosvg" ,python-cairosvg)
("python-cffi" ,python-cffi)
("python-cssselect2" ,python-cssselect2)
("python-html5lib" ,python-html5lib)
("python-pyphen" ,python-pyphen)
("python-tinycss2" ,python-tinycss2)))
(native-inputs
`(("python-pytest-cov" ,python-pytest-cov)
("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://weasyprint.org/")
(synopsis "Document factory for creating PDF files from HTML")
(description "WeasyPrint helps web developers to create PDF documents. It
turns simple HTML pages into gorgeous statistical reports, invoices, tickets,
etc.
From a technical point of view, WeasyPrint is a visual rendering engine for
HTML and CSS that can export to PDF and PNG. It aims to support web standards
for printing.
It is based on various libraries but not on a full rendering engine like
WebKit or Gecko. The CSS layout engine is written in Python, designed for
pagination, and meant to be easy to hack on. Weasyprint can also be used as a
python library.
Keywords: html2pdf, htmltopdf")
(license license:bsd-3)))

4
gnu/packages/perl.scm
View file

@ -3166,14 +3166,14 @@ separator.")
(define-public perl-error
(package
(name "perl-error")
(version "0.17027")
(version "0.17028")
(source (origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/S/SH/SHLOMIF/"
"Error-" version ".tar.gz"))
(sha256
(base32
"1gnkxf12dq2w1jmjpllp5f30ya4nll01jv2sfi24386zfn1arch7"))))
"0q796nwwiarfc6pga97380c9z8xva5545632001qj75kb1g5rn1s"))))
(build-system perl-build-system)
(native-inputs `(("perl-module-build" ,perl-module-build)))
(home-page "https://metacpan.org/release/Error")

31
gnu/packages/python-check.scm
View file

@ -3,6 +3,7 @@
;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2019 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -153,6 +154,36 @@ of the project to ensure it renders properly.")
compliance.")
(license license:bsd-3)))
(define-public python-pytest-isort
(package
(name "python-pytest-isort")
(version "0.3.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "pytest-isort" version))
(sha256
(base32 "06myn5hhxs5yp8dqr1yjsgcnnxnsrvsqannm00bvaw0qml6ydzjb"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(replace 'check
(lambda _
(setenv "PYTHONPATH"
(string-append (getcwd) ":"
(getenv "PYTHONPATH")))
(invoke "pytest"))))))
(propagated-inputs
`(("python-isort" ,python-isort)
("python-pytest" ,python-pytest)))
(home-page "https://github.com/moccu/pytest-isort/")
(synopsis "Pytest plugin to check import ordering using isort")
(description
"This package provides a pytest plugin to check import ordering using
isort.")
(license license:bsd-3)))
(define-public python-pytest-shutil
(package
(name "python-pytest-shutil")

74
gnu/packages/python-web.scm
View file

@ -13,7 +13,7 @@
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Cyril Roelandt <tipecaml@gmail.com>
;;; Copyright © 2015, 2016, 2017, 2019 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2016, 2019 Hartmut Goebel <h.goebel@crazy-compilers.com>
;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2015, 2017 Ben Woodcroft <donttrustben@gmail.com>
;;; Copyright © 2015, 2016 Christopher Allan Webber <cwebber@dustycloud.org>
@ -63,6 +63,7 @@
#:use-module (gnu packages libffi)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages python-check)
#:use-module (gnu packages python-crypto)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages sphinx)
@ -1636,14 +1637,13 @@ Amazon Web Services (AWS) API.")
(define-public python-wsgiproxy2
(package
(name "python-wsgiproxy2")
(version "0.4.5")
(version "0.4.6")
(source
(origin
(method url-fetch)
(uri (pypi-uri "WSGIProxy2" version ".tar.gz"))
(sha256
(base32
"19d9dva282vfjs784i0zkxp078lxfz4h3f621z30ij9wbf5rba6a"))))
(base32 "16jch5nic0hia28lps3c678s9s9mjdq8n87igxncjg0rpi5adqnf"))))
(build-system python-build-system)
(native-inputs
`(("python-webtest" ,python-webtest)))
@ -3301,3 +3301,69 @@ library to create slugs from unicode strings while keeping it DRY.")
(description "Generate complex HTML+JS pages with Python")
(license license:expat)))
(define-public python-tinycss2
(package
(name "python-tinycss2")
(version "1.0.2")
(source
(origin
(method url-fetch)
(uri (pypi-uri "tinycss2" version))
(sha256
(base32 "1kw84y09lggji4krkc58jyhsfj31w8npwhznr7lf19d0zbix09v4"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(replace 'check
(lambda _ (invoke "pytest"))))))
(propagated-inputs
`(("python-webencodings" ,python-webencodings)))
(native-inputs
`(("python-pytest-flake8" ,python-pytest-flake8)
("python-pytest-isort" ,python-pytest-isort)
("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://tinycss2.readthedocs.io/")
(synopsis "Low-level CSS parser for Python")
(description "@code{tinycss2} can parse strings, return Python objects
representing tokens and blocks, and generate CSS strings corresponding to
these objects.
Based on the CSS Syntax Level 3 specification, @code{tinycss2} knows the
grammar of CSS but doesnt know specific rules, properties or values supported
in various CSS modules.")
(license license:bsd-3)))
(define-public python-cssselect2
(package
(name "python-cssselect2")
(version "0.2.2")
(source
(origin
(method url-fetch)
(uri (pypi-uri "cssselect2" version))
(sha256
(base32 "0skymzb4ncrm2zdsy80f53vi0arf776lvbp51hzh4ayp1il5lj3h"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(replace 'check
(lambda _ (invoke "pytest"))))))
(propagated-inputs
`(("python-tinycss2" ,python-tinycss2)))
(native-inputs
`(("python-pytest-cov" ,python-pytest-cov)
("python-pytest-flake8" ,python-pytest-flake8)
("python-pytest-isort" ,python-pytest-isort)
("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://cssselect2.readthedocs.io/")
(synopsis "CSS selectors for Python ElementTree")
(description "@code{cssselect2} is a straightforward implementation of
CSS3 Selectors for markup documents (HTML, XML, etc.) that can be read by
ElementTree-like parsers (including cElementTree, lxml, html5lib, etc.).
Unlike the Python package @code{cssselect}, it does not translate selectors to
XPath and therefore does not have all the correctness corner cases that are
hard or impossible to fix in cssselect.")
(license license:bsd-3)))

110
gnu/packages/python-xyz.scm
View file

@ -166,14 +166,13 @@
(define-public python-psutil
(package
(name "python-psutil")
(version "5.6.2")
(version "5.6.3")
(source
(origin
(method url-fetch)
(uri (pypi-uri "psutil" version))
(sha256
(base32
"1v95vb5385qscfdvphv8l2w22bmir3d7yhpi02n58v3mlqy1r3l2"))))
(base32 "1wv31zly44qj0rp2acg58xbnc7bf6ffyadasq093l455q30qafl6"))))
(build-system python-build-system)
(arguments
;; FIXME: some tests does not return and times out.
@ -1924,13 +1923,13 @@ files.")
(define-public python-pyld
(package
(name "python-pyld")
(version "1.0.3")
(version "1.0.5")
(source (origin
(method url-fetch)
(uri (pypi-uri "PyLD" version))
(sha256
(base32
"12i2g6xdj30k7xxcibg3sc5y76snwq8l6n8fy9lyi577kgy0h2pm"))))
"1ywbdbsrkg533qh8xn9ifjh2mvam6v5msrjyqq73jfpvcp89qvff"))))
(build-system python-build-system)
(home-page "https://github.com/digitalbazaar/pyld")
(synopsis "Python implementation of the JSON-LD specification")
@ -3000,14 +2999,13 @@ receive files via the SCP1 protocol, as implemented by the OpenSSH
(define-public python-rst.linker
(package
(name "python-rst.linker")
(version "1.10")
(version "1.11")
(source
(origin
(method url-fetch)
(uri (pypi-uri "rst.linker" version))
(sha256
(base32
"0iqaacp7pj1s8avs4kc0qg0r7dscywaq37y6l9j14glqdikk0wdj"))))
(base32 "0pqsfqqx8h0pq21k8l3k62kznrgaj2ala93c64s4d9rpbr4mgkd2"))))
(build-system python-build-system)
(propagated-inputs
`(("python-dateutil" ,python-dateutil)
@ -6146,13 +6144,13 @@ Python.")
(define-public snakemake
(package
(name "snakemake")
(version "5.2.4")
(version "5.7.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "snakemake" version))
(sha256
(base32 "0gj0xxgiq3mp9qyyrbfzldiaq1giliqw0in64nqiz7vx49myqj7z"))))
(base32 "1pnpvvn8n2a78cg360wz3ldmpqrsm2wzi0c0dmvki9fnsw6fxdas"))))
(build-system python-build-system)
(arguments
;; TODO: Package missing test dependencies.
@ -6170,18 +6168,19 @@ Python.")
"/bin/snakemake")))
#t)))))
(propagated-inputs
`(("python-gitpython" ,python-gitpython)
("python-wrapt" ,python-wrapt)
("python-requests" ,python-requests)
("python-appdirs" ,python-appdirs)
`(("python-appdirs" ,python-appdirs)
("python-configargparse" ,python-configargparse)
("python-datrie" ,python-datrie)
("python-docutils" ,python-docutils)
("python-gitpython" ,python-gitpython)
("python-jinja2" ,python-jinja2)
("python-jsonschema" ,python-jsonschema)
("python-networkx" ,python-networkx)
("python-psutil" ,python-psutil)
("python-pyyaml" ,python-pyyaml)
("python-ratelimiter" ,python-ratelimiter)))
("python-ratelimiter" ,python-ratelimiter)
("python-requests" ,python-requests)
("python-wrapt" ,python-wrapt)))
(home-page "https://snakemake.readthedocs.io")
(synopsis "Python-based execution environment for make-like workflows")
(description
@ -6190,24 +6189,6 @@ providing a clean and modern domain specific specification language (DSL) in
Python style, together with a fast and comfortable execution environment.")
(license license:expat)))
;; This is currently needed for the pigx-* packages.
(define-public snakemake-4
(package (inherit snakemake)
(version "4.4.0")
(source
(origin
(method url-fetch)
(uri (pypi-uri "snakemake" version))
(sha256
(base32 "0g0paia4z7w3srnqdmavq3hrb2x7qnpf81jx50njl0p7y4y0j8jv"))))
(propagated-inputs
`(("python-wrapt" ,python-wrapt)
("python-requests" ,python-requests)
("python-appdirs" ,python-appdirs)
("python-configargparse" ,python-configargparse)
("python-pyyaml" ,python-pyyaml)
("python-ratelimiter" ,python-ratelimiter)))))
(define-public python-pyqrcode
(package
(name "python-pyqrcode")
@ -14854,14 +14835,13 @@ Included are implementations of:
(define-public bpython
(package
(name "bpython")
(version "0.17.1")
(version "0.18")
(source
(origin
(method url-fetch)
(uri (pypi-uri "bpython" version))
(sha256
(base32
"0bxhxi5zxdkrf8b4gwn0d363kdz3qnypjwhm1aydki53ph8ca1w9"))))
(base32 "1hl6frgvr2lqaxqczl8amg9xih32b3gzv429vs0qrjb8wpdj1k2n"))))
(build-system python-build-system)
(arguments
`(#:phases
@ -14884,10 +14864,10 @@ Included are implementations of:
(propagated-inputs
`(("python-pygments" ,python-pygments)
("python-requests" ,python-requests)
("python-babel" ,python-babel) ; optional, for internationalization
("python-babel" ,python-babel) ; optional, for internationalization
("python-curtsies" ,python-curtsies) ; >= 0.1.18
("python-greenlet" ,python-greenlet)
("python-urwid" ,python-urwid) ; for bpython-urwid only
("python-urwid" ,python-urwid) ; for bpython-urwid only
("python-six" ,python-six)))
(native-inputs
`(("python-sphinx" ,python-sphinx)
@ -16610,3 +16590,57 @@ It is the recommended replacement for Python's original
@code{distro} also provides a command-line interface to output the platform
information in various formats.")
(license license:asl2.0)))
(define-public python-cairosvg
(package
(name "python-cairosvg")
(version "2.4.2")
(source
(origin
(method url-fetch)
(uri (pypi-uri "CairoSVG" version))
(sha256
(base32 "1bb7irxbaxxb9ahm3z5wsx1q96mm5gzskc7b6q07h9ikcnb8yrjf"))))
(build-system python-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
(replace 'check
(lambda _ (invoke "pytest"))))))
(propagated-inputs
`(("python-cairocffi" ,python-cairocffi)
("python-cssselect2" ,python-cssselect2)
("python-defusedxml" ,python-defusedxml)
("python-pillow" ,python-pillow)
("python-tinycss2" ,python-tinycss2)))
(native-inputs
`(("python-pytest-flake8" ,python-pytest-flake8)
("python-pytest-isort" ,python-pytest-isort)
("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://cairosvg.org/")
(synopsis "SVG to PDF/PS/PNG converter based on Cairo")
(description "CairoSVG is a SVG converter based on Cairo. It can export
SVG files to PDF, PostScript and PNG files. The main part of CairoSVG is a
SVG parser, trying to follow the SVG 1.1 recommendation from the W3C. Once
parsed, the result is drawn to a Cairo surface that can be exported to
qvarious formats: PDF, PostScript, PNG and even SVG.")
(license license:lgpl3+)))
(define-public python-pyphen
(package
(name "python-pyphen")
(version "0.9.5")
(source
(origin
(method url-fetch)
(uri (pypi-uri "Pyphen" version))
(sha256
(base32 "08c9y69ry9d6m4zalhnalg86lsp9v2j5n1ziw5vxfmiihx83lqrv"))))
(build-system python-build-system)
;; TODO: Use the Guix system hyphenation packages hyphen-* rather than the
;; embedded set provided by upstream - like Debian does.
(home-page "https://github.com/Kozea/Pyphen")
(synopsis "Pure Python module to hyphenate text")
(description "Pyphen is a pure Python module to hyphenate text using
existing Hunspell hyphenation dictionaries.")
(license (list license:gpl2 license:lgpl2.1 license:mpl1.1))))

1019
gnu/packages/rust-cbindgen.scm Normal file
View file

File diff suppressed because it is too large Load diff

20
gnu/packages/statistics.scm
View file

@ -1848,16 +1848,18 @@ times.")
(define-public r-data-table
(package
(name "r-data-table")
(version "1.12.4")
(version "1.12.6")
(source (origin
(method url-fetch)
(uri (cran-uri "data.table" version))
(sha256
(base32
"0zdcbr4nixvl8ga4mp9pw1dfww35dzhzpb6ixajqasiri824m7i9"))))
"1kgbnm5gv7ax7qn8irpz7qsry2ci21axga8y7qpkidcqkxkkndn2"))))
(build-system r-build-system)
(inputs
`(("zlib" ,zlib)))
(native-inputs
`(("pkg-config" ,pkg-config)))
(home-page "https://github.com/Rdatatable/data.table/wiki")
(synopsis "Enhanced version of data.frame R object")
(description
@ -5733,16 +5735,16 @@ shaped points? Now you can!")
(define-public r-colorout
(package
(name "r-colorout")
(version "1.2-0")
(version "1.2-2")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/jalvesaq/colorout/archive/"
"v" version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(method git-fetch)
(uri (git-reference
(url "https://github.com/jalvesaq/colorout.git")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
(base32
"07vqx5ihgnq4dzn5jnfjfhdm3957v4prvf8vhnb3cwvlly4l7p9v"))))
(base32 "1rsx69wjpa73c6x2hacvvvbzdzxn7wg06gizf97kasjdlb7azmp3"))))
(build-system r-build-system)
(home-page "https://github.com/jalvesaq/colorout")
(synopsis "Colorize output in the R REPL")

7
gnu/packages/tls.scm
View file

@ -522,13 +522,13 @@ netcat implementation that supports TLS.")
(package
(name "python-acme")
;; Remember to update the hash of certbot when updating python-acme.
(version "0.37.2")
(version "0.39.0")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
(sha256
(base32
"0p3zqhna9p8iy5i9mfhzdf5bmjigs05r6rlwnxykk4n67fp8yyc8"))))
"021nyzld949ahrhamlcgmzmk8r1gxrbs8wypnks08s6y2rfvgz52"))))
(build-system python-build-system)
(arguments
`(#:phases
@ -579,7 +579,7 @@ netcat implementation that supports TLS.")
(uri (pypi-uri "certbot" version))
(sha256
(base32
"1xbfv4fwkgfp9qqzlk8wxbhchc61349m26q9fg35j9fnm253cm74"))))
"1q6zmnfyyk4rhsjg9s2gxx1ciink57ybnv32dgw8m2059lffwp48"))))
(build-system python-build-system)
(arguments
`(,@(substitute-keyword-arguments (package-arguments python-acme)
@ -613,6 +613,7 @@ netcat implementation that supports TLS.")
("python-pyopenssl" ,python-pyopenssl)
("python-configobj" ,python-configobj)
("python-configargparse" ,python-configargparse)
("python-distro" ,python-distro)
("python-zope-component" ,python-zope-component)
("python-parsedatetime" ,python-parsedatetime)
("python-six" ,python-six)

4
gnu/packages/video.scm
View file

@ -688,8 +688,8 @@ streams.")
(source (origin
(method url-fetch)
(uri (string-append
"mirror://sourceforge/" name "/" name "/"
version "/" name "-" version ".tar.gz"))
"mirror://sourceforge/libdv/libdv/"
version "/libdv-" version ".tar.gz"))
(sha256
(base32
"1fl96f2xh2slkv1i1ix7kqk576a0ak1d33cylm0mbhm96d0761d3"))))

9
gnu/packages/web.scm
View file

@ -2363,14 +2363,14 @@ HTTP requests.")
(define-public perl-cgi-simple
(package
(name "perl-cgi-simple")
(version "1.21")
(version "1.22")
(source
(origin
(method url-fetch)
(uri (string-append "mirror://cpan/authors/id/M/MA/MANWAR/"
"CGI-Simple-" version ".tar.gz"))
(sha256
(base32 "1wzc2igs4khmj7zfahvs87c24p9ks8hnqhhsyviyiix53xx2y6sg"))))
(base32 "13c7iwnnavky10ab87pi8jc1kqph03s0rhvj7myn7szhbfisc4gn"))))
(build-system perl-build-system)
(native-inputs
`(("perl-io-stringy" ,perl-io-stringy) ; for IO::Scalar
@ -4044,11 +4044,11 @@ CDF, Atom 0.3, and Atom 1.0 feeds.")
"0awfvps7k9bpg3gpgc93y401g7pjabx7mr9960vigad8vddhixqi"))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f ; TODO Tests require PostgreSQL
#:modules ((guix build utils)
'(#:modules ((guix build utils)
(guix build gnu-build-system)
(ice-9 rdelim)
(ice-9 popen))
#:test-target "check-with-tmp-database"
#:phases
(modify-phases %standard-phases
(add-after 'set-paths 'set-GUIX_ENVIRONMENT
@ -4106,6 +4106,7 @@ CDF, Atom 0.3, and Atom 1.0 feeds.")
`(("guile" ,guile-2.2)
("autoconf" ,autoconf)
("automake" ,automake)
("ephemeralpg" ,ephemeralpg)
("emacs-with-modules" ,(directory-union
"emacs-union"
(list emacs-no-x

7
gnu/packages/wine.scm
View file

@ -318,7 +318,7 @@ integrate Windows applications into your desktop.")
(define-public wine-staging-patchset-data
(package
(name "wine-staging-patchset-data")
(version "4.16")
(version "4.18")
(source
(origin
(method git-fetch)
@ -327,8 +327,7 @@ integrate Windows applications into your desktop.")
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
(base32
"0zkvwl6rxr6xcqk4a3h43cak67w6bcyqqnajz6azif07ir3z1c61"))))
(base32 "03z0haf47mpm2aj9cji3wma4jy6j12wz10kkbgmbgrkkrc5lcqc2"))))
(build-system trivial-build-system)
(native-inputs
`(("bash" ,bash)
@ -374,7 +373,7 @@ integrate Windows applications into your desktop.")
(file-name (string-append name "-" version ".tar.xz"))
(sha256
(base32
"17qxbddv23ibbayw1ai984m0dlq63cgplms2jhsc09incjhafywd"))))
"0chf6vdy41kg75liibkb862442zwi8dbjzf6l5arcy2z4580a2yi"))))
(inputs `(("autoconf" ,autoconf) ; for autoreconf
("faudio" ,faudio)
("ffmpeg" ,ffmpeg)

229
gnu/services/base.scm
View file

@ -990,7 +990,6 @@ to use as the tty. This is primarily useful for headless systems."
erase-characters kill-characters chdir delay nice extra-options)
(list
(shepherd-service
(modules '((ice-9 match) (gnu build linux-boot)))
(documentation "Run agetty on a tty.")
(provision (list (symbol-append 'term- (string->symbol (or tty "auto")))))
@ -1000,122 +999,126 @@ to use as the tty. This is primarily useful for headless systems."
;; mingetty-shepherd-service).
(requirement '(user-processes host-name udev))
(start #~(lambda args
(let ((defaulted-tty #$(or tty (default-serial-port))))
(apply
(if defaulted-tty
(make-forkexec-constructor
(list #$(file-append util-linux "/sbin/agetty")
#$@extra-options
#$@(if eight-bits?
#~("--8bits")
#~())
#$@(if no-reset?
#~("--noreset")
#~())
#$@(if remote?
#~("--remote")
#~())
#$@(if flow-control?
#~("--flow-control")
#~())
#$@(if host
#~("--host" #$host)
#~())
#$@(if no-issue?
#~("--noissue")
#~())
#$@(if init-string
#~("--init-string" #$init-string)
#~())
#$@(if no-clear?
#~("--noclear")
#~())
(modules '((ice-9 match) (gnu build linux-boot)))
(start
(with-imported-modules (source-module-closure
'((gnu build linux-boot)))
#~(lambda args
(let ((defaulted-tty #$(or tty (default-serial-port))))
(apply
(if defaulted-tty
(make-forkexec-constructor
(list #$(file-append util-linux "/sbin/agetty")
#$@extra-options
#$@(if eight-bits?
#~("--8bits")
#~())
#$@(if no-reset?
#~("--noreset")
#~())
#$@(if remote?
#~("--remote")
#~())
#$@(if flow-control?
#~("--flow-control")
#~())
#$@(if host
#~("--host" #$host)
#~())
#$@(if no-issue?
#~("--noissue")
#~())
#$@(if init-string
#~("--init-string" #$init-string)
#~())
#$@(if no-clear?
#~("--noclear")
#~())
;;; FIXME This doesn't work as expected. According to agetty(8), if this option
;;; is not passed, then the default is 'auto'. However, in my tests, when that
;;; option is selected, agetty never presents the login prompt, and the
;;; term-ttyS0 service respawns every few seconds.
#$@(if local-line
#~(#$(match local-line
('auto "--local-line=auto")
('always "--local-line=always")
('never "-local-line=never")))
#~())
#$@(if tty
#~()
#~("--keep-baud"))
#$@(if extract-baud?
#~("--extract-baud")
#~())
#$@(if skip-login?
#~("--skip-login")
#~())
#$@(if no-newline?
#~("--nonewline")
#~())
#$@(if login-options
#~("--login-options" #$login-options)
#~())
#$@(if chroot
#~("--chroot" #$chroot)
#~())
#$@(if hangup?
#~("--hangup")
#~())
#$@(if keep-baud?
#~("--keep-baud")
#~())
#$@(if timeout
#~("--timeout" #$(number->string timeout))
#~())
#$@(if detect-case?
#~("--detect-case")
#~())
#$@(if wait-cr?
#~("--wait-cr")
#~())
#$@(if no-hints?
#~("--nohints?")
#~())
#$@(if no-hostname?
#~("--nohostname")
#~())
#$@(if long-hostname?
#~("--long-hostname")
#~())
#$@(if erase-characters
#~("--erase-chars" #$erase-characters)
#~())
#$@(if kill-characters
#~("--kill-chars" #$kill-characters)
#~())
#$@(if chdir
#~("--chdir" #$chdir)
#~())
#$@(if delay
#~("--delay" #$(number->string delay))
#~())
#$@(if nice
#~("--nice" #$(number->string nice))
#~())
#$@(if auto-login
(list "--autologin" auto-login)
'())
#$@(if login-program
#~("--login-program" #$login-program)
#~())
#$@(if login-pause?
#~("--login-pause")
#~())
defaulted-tty
#$@(if baud-rate
#~(#$baud-rate)
#~())
#$@(if term
#~(#$term)
#~())))
(const #f)) ; never start.
args))))
#$@(if local-line
#~(#$(match local-line
('auto "--local-line=auto")
('always "--local-line=always")
('never "-local-line=never")))
#~())
#$@(if tty
#~()
#~("--keep-baud"))
#$@(if extract-baud?
#~("--extract-baud")
#~())
#$@(if skip-login?
#~("--skip-login")
#~())
#$@(if no-newline?
#~("--nonewline")
#~())
#$@(if login-options
#~("--login-options" #$login-options)
#~())
#$@(if chroot
#~("--chroot" #$chroot)
#~())
#$@(if hangup?
#~("--hangup")
#~())
#$@(if keep-baud?
#~("--keep-baud")
#~())
#$@(if timeout
#~("--timeout" #$(number->string timeout))
#~())
#$@(if detect-case?
#~("--detect-case")
#~())
#$@(if wait-cr?
#~("--wait-cr")
#~())
#$@(if no-hints?
#~("--nohints?")
#~())
#$@(if no-hostname?
#~("--nohostname")
#~())
#$@(if long-hostname?
#~("--long-hostname")
#~())
#$@(if erase-characters
#~("--erase-chars" #$erase-characters)
#~())
#$@(if kill-characters
#~("--kill-chars" #$kill-characters)
#~())
#$@(if chdir
#~("--chdir" #$chdir)
#~())
#$@(if delay
#~("--delay" #$(number->string delay))
#~())
#$@(if nice
#~("--nice" #$(number->string nice))
#~())
#$@(if auto-login
(list "--autologin" auto-login)
'())
#$@(if login-program
#~("--login-program" #$login-program)
#~())
#$@(if login-pause?
#~("--login-pause")
#~())
defaulted-tty
#$@(if baud-rate
#~(#$baud-rate)
#~())
#$@(if term
#~(#$term)
#~())))
(const #f)) ; never start.
args)))))
(stop #~(make-kill-destructor)))))))
(define agetty-service-type

38
gnu/services/desktop.scm
View file

@ -580,7 +580,7 @@ include the @command{udisksctl} command, part of UDisks, and GNOME Disks."
(define-record-type* <elogind-configuration> elogind-configuration
make-elogind-configuration
elogind-configuration
elogind-configuration?
(elogind elogind-package
(default elogind))
(kill-user-processes? elogind-kill-user-processes?
@ -834,7 +834,7 @@ accountsservice web site} for more information."
(define-record-type* <gnome-desktop-configuration> gnome-desktop-configuration
make-gnome-desktop-configuration
gnome-desktop-configuration
gnome-desktop-configuration?
(gnome-package gnome-package (default gnome)))
(define (gnome-polkit-settings config)
@ -872,7 +872,7 @@ and extends polkit with the actions from @code{gnome-settings-daemon}."
(define-record-type* <mate-desktop-configuration> mate-desktop-configuration
make-mate-desktop-configuration
mate-desktop-configuration
mate-desktop-configuration?
(mate-package mate-package (default mate)))
(define mate-desktop-service-type
@ -905,7 +905,7 @@ and extends polkit with the actions from @code{mate-settings-daemon}."
(define-record-type* <xfce-desktop-configuration> xfce-desktop-configuration
make-xfce-desktop-configuration
xfce-desktop-configuration
xfce-desktop-configuration?
(xfce xfce-package (default xfce)))
(define (xfce-polkit-settings config)
@ -1028,23 +1028,29 @@ as expected.")))
(default "wacom"))
(device inputattach-configuration-device
(default "/dev/ttyS0"))
(baud-rate inputattach-configuration-baud-rate
(default #f))
(log-file inputattach-configuration-log-file
(default #f)))
(define inputattach-shepherd-service
(match-lambda
(($ <inputattach-configuration> type device log-file)
(list (shepherd-service
(provision '(inputattach))
(requirement '(udev))
(documentation "inputattach daemon")
(start #~(make-forkexec-constructor
(list (string-append #$inputattach
"/bin/inputattach")
(string-append "--" #$type)
#$device)
#:log-file #$log-file))
(stop #~(make-kill-destructor)))))))
(($ <inputattach-configuration> type device baud-rate log-file)
(let ((args (append (if baud-rate
(list "--baud-rate" (number->string baud-rate))
'())
(list (string-append "--" type)
device))))
(list (shepherd-service
(provision '(inputattach))
(requirement '(udev))
(documentation "inputattach daemon")
(start #~(make-forkexec-constructor
(cons (string-append #$inputattach
"/bin/inputattach")
(quote #$args))
#:log-file #$log-file))
(stop #~(make-kill-destructor))))))))
(define inputattach-service-type
(service-type

10
gnu/services/sddm.scm
View file

@ -30,6 +30,7 @@
#:use-module (gnu system shadow)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix deprecation)
#:export (sddm-configuration
sddm-configuration?
sddm-service-type
@ -316,9 +317,14 @@ Relogin=" (if (sddm-configuration-relogin? config)
(service-extension account-service-type
(const %sddm-accounts))
(service-extension profile-service-type
sddm-profile-service)))))
sddm-profile-service)))
(default-value (sddm-configuration))
(description
"Run SDDM, a display and log-in manager for X11 and
Wayland.")))
(define* (sddm-service #:optional (config (sddm-configuration)))
(define-deprecated (sddm-service #:optional (config (sddm-configuration)))
sddm-service-type
"Run the @uref{https://github.com/sddm/sddm,SSDM display manager}
with the given @var{config}, a @code{<sddm-configuration>} object."
(service sddm-service-type config))

3
guix/build/download.scm
View file

@ -172,7 +172,8 @@ session record port using PORT as its underlying communication port."
(define %x509-certificate-directory
;; The directory where X.509 authority PEM certificates are stored.
(make-parameter (or (getenv "GUIX_TLS_CERTIFICATE_DIRECTORY")
(getenv "SSL_CERT_DIR")))) ;like OpenSSL
(getenv "SSL_CERT_DIR") ;like OpenSSL
"/etc/ssl/certs")))
(define (set-certificate-credentials-x509-trust-file!* cred file format)
"Like 'set-certificate-credentials-x509-trust-file!', but without the file

376
guix/cve.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -19,21 +19,43 @@
(define-module (guix cve)
#:use-module (guix utils)
#:use-module (guix http-client)
#:use-module (sxml ssax)
#:use-module (guix json)
#:use-module (guix i18n)
#:use-module (json)
#:use-module (web uri)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-11)
#:use-module (srfi srfi-19)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
#:use-module (ice-9 match)
#:use-module (ice-9 regex)
#:use-module (ice-9 vlist)
#:export (vulnerability?
#:export (json->cve-items
cve-item?
cve-item-cve
cve-item-configurations
cve-item-published-date
cve-item-last-modified-date
cve?
cve-id
cve-data-type
cve-data-format
cvs-references
cve-reference?
cve-reference-url
cve-reference-tags
vulnerability?
vulnerability-id
vulnerability-packages
xml->vulnerabilities
json->vulnerabilities
current-vulnerabilities
vulnerabilities->lookup-proc))
@ -41,15 +63,174 @@
;;;
;;; This modules provides the tools to fetch, parse, and digest part of the
;;; Common Vulnerabilities and Exposures (CVE) feeds provided by the US NIST
;;; at <https://nvd.nist.gov/download.cfm#CVE_FEED>.
;;; at <https://nvd.nist.gov/vuln/data-feeds>.
;;;
;;; Code:
(define-record-type <vulnerability>
(vulnerability id packages)
vulnerability?
(id vulnerability-id) ;string
(packages vulnerability-packages)) ;((p1 v1 v2 v3) (p2 v1) ...)
(define (string->date* str)
(string->date str "~Y-~m-~dT~H:~M~z"))
(define-json-mapping <cve-item> cve-item cve-item?
json->cve-item
(cve cve-item-cve "cve" json->cve) ;<cve>
(configurations cve-item-configurations ;list of sexps
"configurations" configuration-data->cve-configurations)
(published-date cve-item-published-date
"publishedDate" string->date*)
(last-modified-date cve-item-last-modified-date
"lastModifiedDate" string->date*))
(define-json-mapping <cve> cve cve?
json->cve
(id cve-id "CVE_data_meta" ;string
(cut assoc-ref <> "ID"))
(data-type cve-data-type ;'CVE
"data_type" string->symbol)
(data-format cve-data-format ;'MITRE
"data_format" string->symbol)
(references cve-item-references ;list of <cve-reference>
"references" reference-data->cve-references))
(define-json-mapping <cve-reference> cve-reference cve-reference?
json->cve-reference
(url cve-reference-url) ;string
(tags cve-reference-tags ;list of strings
"tags" vector->list))
(define (reference-data->cve-references alist)
(map json->cve-reference
(vector->list (assoc-ref alist "reference_data"))))
(define %cpe-package-rx
;; For applications: "cpe:2.3:a:VENDOR:PACKAGE:VERSION", or sometimes
;; "cpe:2.3:a:VENDOR:PACKAGE:VERSION:PATCH-LEVEL".
(make-regexp "^cpe:2\\.3:a:([^:]+):([^:]+):([^:]+):([^:]+):"))
(define (cpe->package-name cpe)
"Converts the Common Platform Enumeration (CPE) string CPE to a package
name, in a very naive way. Return two values: the package name, and its
version string. Return #f and #f if CPE does not look like an application CPE
string."
(cond ((regexp-exec %cpe-package-rx cpe)
=>
(lambda (matches)
(values (match:substring matches 2)
(match (match:substring matches 3)
("*" '_)
(version
(string-append version
(match (match:substring matches 4)
("" "")
(patch-level
;; Drop the colon from things like
;; "cpe:2.3:a:openbsd:openssh:6.8:p1".
(string-drop patch-level 1)))))))))
(else
(values #f #f))))
(define (cpe-match->cve-configuration alist)
"Convert ALIST, a \"cpe_match\" alist, into an sexp representing the package
and versions matched. Return #f if ALIST doesn't correspond to an application
package."
(let ((cpe (assoc-ref alist "cpe23Uri"))
(starti (assoc-ref alist "versionStartIncluding"))
(starte (assoc-ref alist "versionStartExcluding"))
(endi (assoc-ref alist "versionEndIncluding"))
(ende (assoc-ref alist "versionEndExcluding")))
(let-values (((package version) (cpe->package-name cpe)))
(and package
`(,package
,(cond ((and (or starti starte) (or endi ende))
`(and ,(if starti `(>= ,starti) `(> ,starte))
,(if endi `(<= ,endi) `(< ,ende))))
(starti `(>= ,starti))
(starte `(> ,starte))
(endi `(<= ,endi))
(ende `(< ,ende))
(else version)))))))
(define (configuration-data->cve-configurations alist)
"Given ALIST, a JSON dictionary for the baroque \"configurations\"
element found in CVEs, return an sexp such as (\"binutils\" (<
\"2.31\")) that represents matching configurations."
(define string->operator
(match-lambda
("OR" 'or)
("AND" 'and)))
(define (node->configuration node)
(let ((operator (string->operator (assoc-ref node "operator"))))
(cond
((assoc-ref node "cpe_match")
=>
(lambda (matches)
(let ((matches (vector->list matches)))
(match (filter-map cpe-match->cve-configuration
matches)
(() #f)
((one) one)
(lst (cons operator lst))))))
((assoc-ref node "children") ;typically for 'and'
=>
(lambda (children)
(match (filter-map node->configuration (vector->list children))
(() #f)
((one) one)
(lst (cons operator lst)))))
(else
#f))))
(let ((nodes (vector->list (assoc-ref alist "nodes"))))
(filter-map node->configuration nodes)))
(define (json->cve-items json)
"Parse JSON, an input port or a string, and return a list of <cve-item>
records."
(let* ((alist (json->scm json))
(type (assoc-ref alist "CVE_data_type"))
(format (assoc-ref alist "CVE_data_format"))
(version (assoc-ref alist "CVE_data_version")))
(unless (equal? type "CVE")
(raise (condition (&message
(message "invalid CVE feed")))))
(unless (equal? format "MITRE")
(raise (condition
(&message
(message (format #f (G_ "unsupported CVE format: '~a'")
format))))))
(unless (equal? version "4.0")
(raise (condition
(&message
(message (format #f (G_ "unsupported CVE data version: '~a'")
version))))))
(map json->cve-item
(vector->list (assoc-ref alist "CVE_Items")))))
(define (version-matches? version sexp)
"Return true if VERSION, a string, matches SEXP."
(match sexp
('_
#t)
((? string? expected)
(version-prefix? expected version))
(('or sexps ...)
(any (cut version-matches? version <>) sexps))
(('and sexps ...)
(every (cut version-matches? version <>) sexps))
(('< max)
(version>? max version))
(('<= max)
(version>=? max version))
(('> min)
(version>? version min))
(('>= min)
(version>=? version min))))
;;;
;;; High-level interface.
;;;
(define %now
(current-date))
@ -61,8 +242,8 @@
(define (yearly-feed-uri year)
"Return the URI for the CVE feed for YEAR."
(string->uri
(string-append "https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-"
(number->string year) ".xml.gz")))
(string-append "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
(number->string year) ".json.gz")))
(define %current-year-ttl
;; According to <https://nvd.nist.gov/download.cfm#CVE_FEED>, feeds are
@ -73,102 +254,11 @@
;; Update the previous year's database more and more infrequently.
(* 3600 24 (date-month %now)))
(define %cpe-package-rx
;; For applications: "cpe:/a:VENDOR:PACKAGE:VERSION", or sometimes
;; "cpe/a:VENDOR:PACKAGE:VERSION:PATCH-LEVEL".
(make-regexp "^cpe:/a:([^:]+):([^:]+):([^:]+)((:.+)?)"))
(define (cpe->package-name cpe)
"Converts the Common Platform Enumeration (CPE) string CPE to a package
name, in a very naive way. Return two values: the package name, and its
version string. Return #f and #f if CPE does not look like an application CPE
string."
(cond ((regexp-exec %cpe-package-rx (string-trim-both cpe))
=>
(lambda (matches)
(values (match:substring matches 2)
(string-append (match:substring matches 3)
(match (match:substring matches 4)
("" "")
(patch-level
;; Drop the colon from things like
;; "cpe:/a:openbsd:openssh:6.8:p1".
(string-drop patch-level 1)))))))
(else
(values #f #f))))
(define (cpe->product-alist products)
"Given PRODUCTS, a list of CPE names, return the subset limited to the
applications listed in PRODUCTS, with names converted to package names:
(cpe->product-alist
'(\"cpe:/a:gnu:libtasn1:4.7\" \"cpe:/a:gnu:libtasn1:4.6\" \"cpe:/a:gnu:cpio:2.11\"))
=> ((\"libtasn1\" \"4.7\" \"4.6\") (\"cpio\" \"2.11\"))
"
(fold (lambda (product result)
(let-values (((name version) (cpe->package-name product)))
(if name
(match result
(((previous . versions) . tail)
;; Attempt to coalesce NAME and PREVIOUS.
(if (string=? name previous)
(alist-cons name (cons version versions) tail)
(alist-cons name (list version) result)))
(()
(alist-cons name (list version) result)))
result)))
'()
(sort products string<?)))
(define %parse-vulnerability-feed
;; Parse the XML vulnerability feed from
;; <https://nvd.nist.gov/download.cfm#CVE_FEED> and return a list of
;; vulnerability objects.
(ssax:make-parser NEW-LEVEL-SEED
(lambda (elem-gi attributes namespaces expected-content
seed)
(match elem-gi
((name-space . 'entry)
(cons (assoc-ref attributes 'id) seed))
((name-space . 'vulnerable-software-list)
(cons '() seed))
((name-space . 'product)
(cons 'product seed))
(x seed)))
FINISH-ELEMENT
(lambda (elem-gi attributes namespaces parent-seed
seed)
(match elem-gi
((name-space . 'entry)
(match seed
(((? string? id) . rest)
;; Some entries have no vulnerable-software-list.
rest)
((products id . rest)
(match (cpe->product-alist products)
(()
;; No application among PRODUCTS.
rest)
(packages
(cons (vulnerability id packages)
rest))))))
(x
seed)))
CHAR-DATA-HANDLER
(lambda (str _ seed)
(match seed
(('product software-list . rest)
;; Add STR to the vulnerable software list this
;; <product> tag is part of.
(cons (cons str software-list) rest))
(x x)))))
(define (xml->vulnerabilities port)
"Read from PORT an XML feed of vulnerabilities and return a list of
vulnerability objects."
(reverse (%parse-vulnerability-feed port '())))
(define-record-type <vulnerability>
(vulnerability id packages)
vulnerability?
(id vulnerability-id) ;string
(packages vulnerability-packages)) ;((p1 sexp1) (p2 sexp2) ...)
(define vulnerability->sexp
(match-lambda
@ -180,16 +270,70 @@ vulnerability objects."
(('v id (packages ...))
(vulnerability id packages))))
(define (cve-configuration->package-list config)
"Parse CONFIG, a config sexp, and return a list of the form (P SEXP)
where P is a package name and SEXP expresses constraints on the matching
versions."
(let loop ((config config)
(packages '()))
(match config
(('or configs ...)
(fold loop packages configs))
(('and config _ ...) ;XXX
(loop config packages))
(((? string? package) '_) ;any version
(cons `(,package _)
(alist-delete package packages)))
(((? string? package) sexp)
(let ((previous (assoc-ref packages package)))
(if previous
(cons `(,package (or ,sexp ,@previous))
(alist-delete package packages))
(cons `(,package ,sexp) packages)))))))
(define (merge-package-lists lst)
"Merge the list in LST, each of which has the form (p sexp), where P
is the name of a package and SEXP is an sexp that constrains matching
versions."
(fold (lambda (plist result) ;XXX: quadratic
(fold (match-lambda*
(((package version) result)
(match (assoc-ref result package)
(#f
(cons `(,package ,version) result))
((previous)
(cons `(,package (or ,version ,previous))
(alist-delete package result))))))
result
plist))
'()
lst))
(define (cve-item->vulnerability item)
"Return a <vulnerability> corresponding to ITEM, a <cve-item> record;
return #f if ITEM does not list any configuration or if it does not list
any \"a\" (application) configuration."
(let ((id (cve-id (cve-item-cve item))))
(match (cve-item-configurations item)
(() ;no configurations
#f)
((configs ...)
(vulnerability id
(merge-package-lists
(map cve-configuration->package-list configs)))))))
(define (json->vulnerabilities json)
"Parse JSON, an input port or a string, and return the list of
vulnerabilities found therein."
(filter-map cve-item->vulnerability (json->cve-items json)))
(define (write-cache input cache)
"Read vulnerabilities as gzipped XML from INPUT, and write it as a compact
"Read vulnerabilities as gzipped JSON from INPUT, and write it as a compact
sexp to CACHE."
(call-with-decompressed-port 'gzip input
(lambda (input)
;; XXX: The SSAX "error port" is used to send pointless warnings such as
;; "warning: Skipping PI". Turn that off.
(define vulns
(parameterize ((current-ssax-error-port (%make-void-port "w")))
(xml->vulnerabilities input)))
(json->vulnerabilities input))
(write `(vulnerabilities
1 ;format version
@ -215,7 +359,7 @@ the given TTL (fetch from the NIST web site when TTL has expired)."
(lambda ()
(read-options options)))))
;; Note: We used to keep the original XML files in cache but parsing it
;; Note: We used to keep the original JSON files in cache but parsing it
;; would take typically ~15s for a year of data. Thus, we instead store a
;; summarized version thereof as an sexp, which can be parsed in 1s or so.
(let* ((port (http-fetch/cached (yearly-feed-uri year)
@ -269,8 +413,8 @@ vulnerabilities affecting the given package version."
(vhash-fold* (if version
(lambda (pair result)
(match pair
((vuln . versions)
(if (member version versions)
((vuln sexp)
(if (version-matches? version sexp)
(cons vuln result)
result))))
(lambda (pair result)

16
guix/lint.scm
View file

@ -1319,17 +1319,11 @@ or a list thereof")
(name 'github-url)
(description "Suggest GitHub URLs")
(check check-github-url))
;; FIXME: Commented out as a consequence of the XML CVE feed retirement:
;; <https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>.
;; Reinstate it once the JSON feed is supported.
;; (lint-checker
;; (name 'cve)
;; (description "Check the Common Vulnerabilities and Exposures\
;; (CVE) database")
;; (check check-vulnerabilities))
(lint-checker
(name 'cve)
(description "Check the Common Vulnerabilities and Exposures\
(CVE) database")
(check check-vulnerabilities))
(lint-checker
(name 'refresh)
(description "Check the package for new upstream releases")

1279
tests/cve-sample.json Normal file
View file

File diff suppressed because it is too large Load diff

616
tests/cve-sample.xml
View file

@ -1,616 +0,0 @@
<?xml version='1.0' encoding='UTF-8'?>
<nvd xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" nvd_xml_version="2.0" pub_date="2015-11-25T08:07:01" xsi:schemaLocation="http://scap.nist.gov/schema/patch/0.1 http://nvd.nist.gov/schema/patch_0.1.xsd http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd">
<entry id="CVE-2003-0001">
<vuln:vulnerable-configuration id="http://nvd.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.2"/>
<cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.3"/>
<cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.4"/>
<cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.5"/>
<cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.6"/>
<cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:4.7"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.1"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.10"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.11"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.12"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.13"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.14"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.15"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.16"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.17"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.18"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.19"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.2"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.20"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.3"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.4"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.5"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.6"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.7"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.8"/>
<cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:2.4.9"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000:::advanced_server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000:::datacenter_server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000:::professional"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000:::server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp1:advanced_server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp1:datacenter_server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp1:professional"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp1:server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp2:advanced_server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp2:datacenter_server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp2:professional"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000::sp2:server"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000_terminal_services"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000_terminal_services::sp1"/>
<cpe-lang:fact-ref name="cpe:/o:microsoft:windows_2000_terminal_services::sp2"/>
<cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.5"/>
<cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.5.1"/>
<cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.5.2"/>
<cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.5.3"/>
<cpe-lang:fact-ref name="cpe:/o:netbsd:netbsd:1.6"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-software-list>
<vuln:product>cpe:/o:microsoft:windows_2000::sp2:professional</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.4</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000_terminal_services::sp1</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000::sp1:advanced_server</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.19</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000::sp2:advanced_server</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000_terminal_services</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000:::advanced_server</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.20</vuln:product>
<vuln:product>cpe:/o:netbsd:netbsd:1.5.1</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000_terminal_services::sp2</vuln:product>
<vuln:product>cpe:/o:netbsd:netbsd:1.5.3</vuln:product>
<vuln:product>cpe:/o:netbsd:netbsd:1.5.2</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.6</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.9</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000:::datacenter_server</vuln:product>
<vuln:product>cpe:/o:netbsd:netbsd:1.6</vuln:product>
<vuln:product>cpe:/o:netbsd:netbsd:1.5</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.7</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.8</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000::sp1:datacenter_server</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000::sp2:datacenter_server</vuln:product>
<vuln:product>cpe:/o:freebsd:freebsd:4.3</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.10</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000::sp1:server</vuln:product>
<vuln:product>cpe:/o:freebsd:freebsd:4.5</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.12</vuln:product>
<vuln:product>cpe:/o:freebsd:freebsd:4.2</vuln:product>
<vuln:product>cpe:/o:freebsd:freebsd:4.7</vuln:product>
<vuln:product>cpe:/o:freebsd:freebsd:4.4</vuln:product>
<vuln:product>cpe:/o:freebsd:freebsd:4.6</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000::sp2:server</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.18</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.1</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.15</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000:::server</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.17</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.14</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.2</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000:::professional</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.11</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.5</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.16</vuln:product>
<vuln:product>cpe:/o:microsoft:windows_2000::sp1:professional</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.13</vuln:product>
<vuln:product>cpe:/o:linux:linux_kernel:2.4.3</vuln:product>
</vuln:vulnerable-software-list>
<vuln:cve-id>CVE-2003-0001</vuln:cve-id>
<vuln:published-datetime>2003-01-17T00:00:00.000-05:00</vuln:published-datetime>
<vuln:last-modified-datetime>2015-11-24T13:05:47.073-05:00</vuln:last-modified-datetime>
<vuln:cvss>
<cvss:base_metrics>
<cvss:score>5.0</cvss:score>
<cvss:access-vector>NETWORK</cvss:access-vector>
<cvss:access-complexity>LOW</cvss:access-complexity>
<cvss:authentication>NONE</cvss:authentication>
<cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
<cvss:integrity-impact>NONE</cvss:integrity-impact>
<cvss:availability-impact>NONE</cvss:availability-impact>
<cvss:source>http://nvd.nist.gov</cvss:source>
<cvss:generated-on-datetime>2015-11-24T12:23:33.593-05:00</cvss:generated-on-datetime>
</cvss:base_metrics>
</vuln:cvss>
<vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2665" name="oval:org.mitre.oval:def:2665"/>
<vuln:cwe id="CWE-200"/>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>CERT-VN</vuln:source>
<vuln:reference href="http://www.kb.cert.org/vuls/id/412115" xml:lang="en">VU#412115</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>BUGTRAQ</vuln:source>
<vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded" xml:lang="en">20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>BUGTRAQ</vuln:source>
<vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/307564/30/26270/threaded" xml:lang="en">20030117 Re: More information regarding Etherleak</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>BUGTRAQ</vuln:source>
<vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/305335/30/26420/threaded" xml:lang="en">20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>REDHAT</vuln:source>
<vuln:reference href="http://www.redhat.com/support/errata/RHSA-2003-088.html" xml:lang="en">RHSA-2003:088</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>REDHAT</vuln:source>
<vuln:reference href="http://www.redhat.com/support/errata/RHSA-2003-025.html" xml:lang="en">RHSA-2003:025</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>OSVDB</vuln:source>
<vuln:reference href="http://www.osvdb.org/9962" xml:lang="en">9962</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf" xml:lang="en">http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>ATSTAKE</vuln:source>
<vuln:reference href="http://www.atstake.com/research/advisories/2003/a010603-1.txt" xml:lang="en">A010603-1</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>FULLDISC</vuln:source>
<vuln:reference href="http://seclists.org/fulldisclosure/2015/Apr/5" xml:lang="en">20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html" xml:lang="en">http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>BUGTRAQ</vuln:source>
<vuln:reference href="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=104222046632243&amp;w=2" xml:lang="en">20030110 More information regarding Etherleak</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>VULNWATCH</vuln:source>
<vuln:reference href="http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html" xml:lang="en">20030110 More information regarding Etherleak</vuln:reference>
</vuln:references>
<vuln:scanner>
<vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:2665" name="oval:org.mitre.oval:def:2665"/>
</vuln:scanner>
<vuln:summary>Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.</vuln:summary>
</entry>
<entry id="CVE-2004-0230">
<vuln:vulnerable-configuration id="http://nvd.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/a:tcp:tcp"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-software-list>
<vuln:product>cpe:/a:tcp:tcp</vuln:product>
</vuln:vulnerable-software-list>
<vuln:cve-id>CVE-2004-0230</vuln:cve-id>
<vuln:published-datetime>2004-08-18T00:00:00.000-04:00</vuln:published-datetime>
<vuln:last-modified-datetime>2015-11-24T13:06:40.597-05:00</vuln:last-modified-datetime>
<vuln:cvss>
<cvss:base_metrics>
<cvss:score>5.0</cvss:score>
<cvss:access-vector>NETWORK</cvss:access-vector>
<cvss:access-complexity>LOW</cvss:access-complexity>
<cvss:authentication>NONE</cvss:authentication>
<cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
<cvss:integrity-impact>NONE</cvss:integrity-impact>
<cvss:availability-impact>PARTIAL</cvss:availability-impact>
<cvss:source>http://nvd.nist.gov</cvss:source>
<cvss:generated-on-datetime>2015-11-24T12:17:30.930-05:00</cvss:generated-on-datetime>
</cvss:base_metrics>
</vuln:cvss>
<vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5711" name="oval:org.mitre.oval:def:5711"/>
<vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4791" name="oval:org.mitre.oval:def:4791"/>
<vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3508" name="oval:org.mitre.oval:def:3508"/>
<vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:270" name="oval:org.mitre.oval:def:270"/>
<vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2689" name="oval:org.mitre.oval:def:2689"/>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>CERT</vuln:source>
<vuln:reference href="http://www.us-cert.gov/cas/techalerts/TA04-111A.html" xml:lang="en">TA04-111A</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>CERT-VN</vuln:source>
<vuln:reference href="http://www.kb.cert.org/vuls/id/415294" xml:lang="en">VU#415294</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10053" xml:lang="en">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10053</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>XF</vuln:source>
<vuln:reference href="http://xforce.iss.net/xforce/xfdb/15886" xml:lang="en">tcp-rst-dos(15886)</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>VUPEN</vuln:source>
<vuln:reference href="http://www.vupen.com/english/advisories/2006/3983" xml:lang="en">ADV-2006-3983</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://www.uniras.gov.uk/vuls/2004/236929/index.htm" xml:lang="en">http://www.uniras.gov.uk/vuls/2004/236929/index.htm</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>BID</vuln:source>
<vuln:reference href="http://www.securityfocus.com/bid/10183" xml:lang="en">10183</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>BUGTRAQ</vuln:source>
<vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded" xml:lang="en">20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>HP</vuln:source>
<vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/449179/100/0/threaded" xml:lang="en">SSRT061264</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>OSVDB</vuln:source>
<vuln:reference href="http://www.osvdb.org/4030" xml:lang="en">4030</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MS</vuln:source>
<vuln:reference href="http://www.microsoft.com/technet/security/Bulletin/MS06-064.mspx" xml:lang="en">MS06-064</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MS</vuln:source>
<vuln:reference href="http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx" xml:lang="en">MS05-019</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>CISCO</vuln:source>
<vuln:reference href="http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml" xml:lang="en">20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>FULLDISC</vuln:source>
<vuln:reference href="http://seclists.org/fulldisclosure/2015/Apr/5" xml:lang="en">20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html" xml:lang="en">http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>HP</vuln:source>
<vuln:reference href="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=108506952116653&amp;w=2" xml:lang="en">SSRT4696</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>BUGTRAQ</vuln:source>
<vuln:reference href="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=108302060014745&amp;w=2" xml:lang="en">20040425 Perl code exploting TCP not checking RST ACK.</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="http://kb.juniper.net/JSA10638" xml:lang="en">http://kb.juniper.net/JSA10638</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>SGI</vuln:source>
<vuln:reference href="ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc" xml:lang="en">20040403-01-A</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>SCO</vuln:source>
<vuln:reference href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt" xml:lang="en">SCOSA-2005.14</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>SCO</vuln:source>
<vuln:reference href="ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt" xml:lang="en">SCOSA-2005.9</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>SCO</vuln:source>
<vuln:reference href="ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt" xml:lang="en">SCOSA-2005.3</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>NETBSD</vuln:source>
<vuln:reference href="ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc" xml:lang="en">NetBSD-SA2004-006</vuln:reference>
</vuln:references>
<vuln:scanner>
<vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:3508" name="oval:org.mitre.oval:def:3508"/>
</vuln:scanner>
<vuln:scanner>
<vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:270" name="oval:org.mitre.oval:def:270"/>
</vuln:scanner>
<vuln:scanner>
<vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:2689" name="oval:org.mitre.oval:def:2689"/>
</vuln:scanner>
<vuln:scanner>
<vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5711" name="oval:org.mitre.oval:def:5711"/>
</vuln:scanner>
<vuln:scanner>
<vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:4791" name="oval:org.mitre.oval:def:4791"/>
</vuln:scanner>
<vuln:summary>TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.</vuln:summary>
</entry>
<entry id="CVE-2008-2335">
<vuln:vulnerable-configuration id="http://nvd.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/a:vastal:phpvid:1.2"/>
<cpe-lang:fact-ref name="cpe:/a:vastal:phpvid:1.1"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-software-list>
<vuln:product>cpe:/a:vastal:phpvid:1.1</vuln:product>
<vuln:product>cpe:/a:vastal:phpvid:1.2</vuln:product>
</vuln:vulnerable-software-list>
<vuln:cve-id>CVE-2008-2335</vuln:cve-id>
<vuln:published-datetime>2008-05-19T09:20:00.000-04:00</vuln:published-datetime>
<vuln:last-modified-datetime>2015-11-24T11:45:25.057-05:00</vuln:last-modified-datetime>
<vuln:cvss>
<cvss:base_metrics>
<cvss:score>4.3</cvss:score>
<cvss:access-vector>NETWORK</cvss:access-vector>
<cvss:access-complexity>MEDIUM</cvss:access-complexity>
<cvss:authentication>NONE</cvss:authentication>
<cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
<cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
<cvss:availability-impact>NONE</cvss:availability-impact>
<cvss:source>http://nvd.nist.gov</cvss:source>
<cvss:generated-on-datetime>2015-11-24T10:50:05.737-05:00</cvss:generated-on-datetime>
</cvss:base_metrics>
</vuln:cvss>
<vuln:cwe id="CWE-79"/>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>XF</vuln:source>
<vuln:reference href="http://xforce.iss.net/xforce/xfdb/42450" xml:lang="en">phpvid-query-xss(42450)</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>VUPEN</vuln:source>
<vuln:reference href="http://www.vupen.com/english/advisories/2008/2552" xml:lang="en">ADV-2008-2552</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>BID</vuln:source>
<vuln:reference href="http://www.securityfocus.com/bid/29238" xml:lang="en">29238</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MILW0RM</vuln:source>
<vuln:reference href="http://www.milw0rm.com/exploits/6422" xml:lang="en">6422</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>EXPLOIT-DB</vuln:source>
<vuln:reference href="http://www.exploit-db.com/exploits/27519" xml:lang="en">27519</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/" xml:lang="en">http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>FULLDISC</vuln:source>
<vuln:reference href="http://seclists.org/fulldisclosure/2015/Mar/59" xml:lang="en">20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html" xml:lang="en">http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>OSVDB</vuln:source>
<vuln:reference href="http://osvdb.org/show/osvdb/45171" xml:lang="en">45171</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://holisticinfosec.org/content/view/65/45/" xml:lang="en">http://holisticinfosec.org/content/view/65/45/</vuln:reference>
</vuln:references>
<vuln:summary>Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.</vuln:summary>
</entry>
<entry id="CVE-2008-3522">
<vuln:vulnerable-configuration id="http://nvd.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/a:redhat:enterprise_virtualization:3.5"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-configuration id="http://nvd.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/a:jasper_project:jasper:1.900.1"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-software-list>
<vuln:product>cpe:/a:redhat:enterprise_virtualization:3.5</vuln:product>
<vuln:product>cpe:/a:jasper_project:jasper:1.900.1</vuln:product>
</vuln:vulnerable-software-list>
<vuln:cve-id>CVE-2008-3522</vuln:cve-id>
<vuln:published-datetime>2008-10-02T14:18:05.790-04:00</vuln:published-datetime>
<vuln:last-modified-datetime>2015-11-24T11:46:04.933-05:00</vuln:last-modified-datetime>
<vuln:cvss>
<cvss:base_metrics>
<cvss:score>10.0</cvss:score>
<cvss:access-vector>NETWORK</cvss:access-vector>
<cvss:access-complexity>LOW</cvss:access-complexity>
<cvss:authentication>NONE</cvss:authentication>
<cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
<cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
<cvss:availability-impact>COMPLETE</cvss:availability-impact>
<cvss:source>http://nvd.nist.gov</cvss:source>
<cvss:generated-on-datetime>2015-11-24T10:05:46.467-05:00</cvss:generated-on-datetime>
</cvss:base_metrics>
</vuln:cvss>
<vuln:security-protection>ALLOWS_ADMIN_ACCESS</vuln:security-protection>
<vuln:cwe id="CWE-119"/>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>XF</vuln:source>
<vuln:reference href="http://xforce.iss.net/xforce/xfdb/45623" xml:lang="en">jasper-jasstreamprintf-bo(45623)</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>UBUNTU</vuln:source>
<vuln:reference href="http://www.ubuntu.com/usn/USN-742-1" xml:lang="en">USN-742-1</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>BID</vuln:source>
<vuln:reference href="http://www.securityfocus.com/bid/31470" xml:lang="en">31470</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MANDRIVA</vuln:source>
<vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2009:164" xml:lang="en">MDVSA-2009:164</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MANDRIVA</vuln:source>
<vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2009:144" xml:lang="en">MDVSA-2009:144</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MANDRIVA</vuln:source>
<vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2009:142" xml:lang="en">MDVSA-2009:142</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>GENTOO</vuln:source>
<vuln:reference href="http://security.gentoo.org/glsa/glsa-200812-18.xml" xml:lang="en">GLSA-200812-18</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>REDHAT</vuln:source>
<vuln:reference href="http://rhn.redhat.com/errata/RHSA-2015-0698.html" xml:lang="en">RHSA-2015:0698</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://bugs.gentoo.org/show_bug.cgi?id=222819" xml:lang="en">http://bugs.gentoo.org/show_bug.cgi?id=222819</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://bugs.gentoo.org/attachment.cgi?id=163282&amp;action=view" xml:lang="en">http://bugs.gentoo.org/attachment.cgi?id=163282&amp;action=view</vuln:reference>
</vuln:references>
<vuln:summary>Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.</vuln:summary>
</entry>
<entry id="CVE-2009-3301">
<vuln:vulnerable-configuration id="http://www.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:3.1.1"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:3.1.0"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:3.0.1"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:3.0.0"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.4.1"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.4.0"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.1.0"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:1.1.0"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.4.2"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.4.3"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.3.0"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.3.1"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.2.0"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.2.1"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.0.0"/>
<cpe-lang:fact-ref name="cpe:/a:sun:openoffice.org:2.0.3"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-configuration id="http://www.nist.gov/">
<cpe-lang:logical-test operator="OR" negate="false">
<cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~"/>
<cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.10"/>
<cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:9.10"/>
<cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:8.04:-:lts"/>
</cpe-lang:logical-test>
</vuln:vulnerable-configuration>
<vuln:vulnerable-software-list>
<vuln:product>cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~</vuln:product>
<vuln:product>cpe:/o:canonical:ubuntu_linux:8.04:-:lts</vuln:product>
<vuln:product>cpe:/o:canonical:ubuntu_linux:10.10</vuln:product>
<vuln:product>cpe:/a:sun:openoffice.org:2.1.0</vuln:product>
<vuln:product>cpe:/a:sun:openoffice.org:2.3.0</vuln:product>
<vuln:product>cpe:/a:sun:openoffice.org:2.2.1</vuln:product>
<!-- snipped -->
</vuln:vulnerable-software-list>
<vuln:cve-id>CVE-2009-3301</vuln:cve-id>
<vuln:published-datetime>2010-02-16T14:30:00.533-05:00</vuln:published-datetime>
<vuln:last-modified-datetime>2015-11-17T10:59:44.723-05:00</vuln:last-modified-datetime>
<vuln:cvss>
<cvss:base_metrics>
<cvss:score>9.3</cvss:score>
<cvss:access-vector>NETWORK</cvss:access-vector>
<cvss:access-complexity>MEDIUM</cvss:access-complexity>
<cvss:authentication>NONE</cvss:authentication>
<cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
<cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
<cvss:availability-impact>COMPLETE</cvss:availability-impact>
<cvss:source>http://nvd.nist.gov</cvss:source>
<cvss:generated-on-datetime>2015-11-17T10:02:50.097-05:00</cvss:generated-on-datetime>
</cvss:base_metrics>
</vuln:cvss>
<vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10423" name="oval:org.mitre.oval:def:10423"/>
<vuln:cwe id="CWE-189"/>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>CERT</vuln:source>
<vuln:reference href="http://www.us-cert.gov/cas/techalerts/TA10-287A.html" xml:lang="en">TA10-287A</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=533038" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=533038</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>XF</vuln:source>
<vuln:reference href="http://xforce.iss.net/xforce/xfdb/56240" xml:lang="en">openoffice-word-sprmtdeftable-bo(56240)</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>VUPEN</vuln:source>
<vuln:reference href="http://www.vupen.com/english/advisories/2010/2905" xml:lang="en">ADV-2010-2905</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>VUPEN</vuln:source>
<vuln:reference href="http://www.vupen.com/english/advisories/2010/0635" xml:lang="en">ADV-2010-0635</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>VUPEN</vuln:source>
<vuln:reference href="http://www.vupen.com/english/advisories/2010/0366" xml:lang="en">ADV-2010-0366</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>UBUNTU</vuln:source>
<vuln:reference href="http://www.ubuntu.com/usn/USN-903-1" xml:lang="en">USN-903-1</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>BID</vuln:source>
<vuln:reference href="http://www.securityfocus.com/bid/38218" xml:lang="en">38218</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>REDHAT</vuln:source>
<vuln:reference href="http://www.redhat.com/support/errata/RHSA-2010-0101.html" xml:lang="en">RHSA-2010:0101</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html" xml:lang="en">http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
<vuln:source>CONFIRM</vuln:source>
<vuln:reference href="http://www.openoffice.org/security/bulletin.html" xml:lang="en">http://www.openoffice.org/security/bulletin.html</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MANDRIVA</vuln:source>
<vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2010:221" xml:lang="en">MDVSA-2010:221</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>GENTOO</vuln:source>
<vuln:reference href="http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml" xml:lang="en">GLSA-201408-19</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>DEBIAN</vuln:source>
<vuln:reference href="http://www.debian.org/security/2010/dsa-1995" xml:lang="en">DSA-1995</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>SECTRACK</vuln:source>
<vuln:reference href="http://securitytracker.com/id?1023591" xml:lang="en">1023591</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>SUSE</vuln:source>
<vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html" xml:lang="en">SUSE-SA:2010:017</vuln:reference>
</vuln:references>
<vuln:scanner>
<vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10423" name="oval:org.mitre.oval:def:10423"/>
</vuln:scanner>
<vuln:summary>Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.</vuln:summary>
</entry>
<entry id="CVE-2015-8330">
<vuln:cve-id>CVE-2015-8330</vuln:cve-id>
<vuln:published-datetime>2015-11-24T15:59:25.897-05:00</vuln:published-datetime>
<vuln:last-modified-datetime>2015-11-24T15:59:26.930-05:00</vuln:last-modified-datetime>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="https://www.onapsis.com/blog/analyzing-sap-security-notes-november-2015" xml:lang="en">https://www.onapsis.com/blog/analyzing-sap-security-notes-november-2015</vuln:reference>
</vuln:references>
<vuln:references xml:lang="en" reference_type="UNKNOWN">
<vuln:source>MISC</vuln:source>
<vuln:reference href="http://erpscan.com/advisories/erpscan-15-032-sap-pco-agent-dos-vulnerability/" xml:lang="en">http://erpscan.com/advisories/erpscan-15-032-sap-pco-agent-dos-vulnerability/</vuln:reference>
</vuln:references>
<vuln:summary>The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619.</vuln:summary>
</entry>
</nvd>

83
tests/cve.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -19,10 +19,11 @@
(define-module (test-cve)
#:use-module (guix cve)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-19)
#:use-module (srfi srfi-64))
(define %sample
(search-path %load-path "tests/cve-sample.xml"))
(search-path %load-path "tests/cve-sample.json"))
(define (vulnerability id packages)
(make-struct/no-tail (@@ (guix cve) <vulnerability>) id packages))
@ -30,34 +31,76 @@
(define %expected-vulnerabilities
;; What we should get when reading %SAMPLE.
(list
;; CVE-2003-0001 has no "/a" in its product list so it is omitted.
;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number.
(vulnerability "CVE-2008-2335" '(("phpvid" "1.2" "1.1")))
(vulnerability "CVE-2008-3522" '(("enterprise_virtualization" "3.5")
("jasper" "1.900.1")))
(vulnerability "CVE-2009-3301" '(("openoffice.org" "2.3.0" "2.2.1" "2.1.0")))
;; CVE-2015-8330 has no software list.
(vulnerability "CVE-2019-0001"
;; Only the "a" CPE configurations are kept; the "o"
;; configurations are discarded.
'(("junos" (or "18.21-s4" (or "18.21-s3" "18.2")))))
(vulnerability "CVE-2019-0005"
'(("junos" (or "18.11" "18.1"))))
;; CVE-2019-0005 has no "a" configurations.
(vulnerability "CVE-2019-14811"
'(("ghostscript" (< "9.28"))))
(vulnerability "CVE-2019-17365"
'(("nix" (<= "2.3"))))
(vulnerability "CVE-2019-1010180"
'(("gdb" _))) ;any version
(vulnerability "CVE-2019-1010204"
'(("binutils" (and (>= "2.21") (<= "2.31.1")))
("binutils_gold" (and (>= "1.11") (<= "1.16")))))
;; CVE-2019-18192 has no associated configurations.
))
(test-begin "cve")
(test-equal "xml->vulnerabilities"
(test-equal "json->cve-items"
'("CVE-2019-0001"
"CVE-2019-0005"
"CVE-2019-14811"
"CVE-2019-17365"
"CVE-2019-1010180"
"CVE-2019-1010204"
"CVE-2019-18192")
(map (compose cve-id cve-item-cve)
(call-with-input-file %sample json->cve-items)))
(test-equal "cve-item-published-date"
'(2019)
(delete-duplicates
(map (compose date-year cve-item-published-date)
(call-with-input-file %sample json->cve-items))))
(test-equal "json->vulnerabilities"
%expected-vulnerabilities
(call-with-input-file %sample xml->vulnerabilities))
(call-with-input-file %sample json->vulnerabilities))
(test-equal "vulnerabilities->lookup-proc"
(list (list (first %expected-vulnerabilities))
(list (list (third %expected-vulnerabilities)) ;ghostscript
(list (third %expected-vulnerabilities))
'()
(list (fifth %expected-vulnerabilities)) ;gdb
(list (fifth %expected-vulnerabilities))
(list (fourth %expected-vulnerabilities)) ;nix
'()
(list (second %expected-vulnerabilities))
(list (third %expected-vulnerabilities)))
(let* ((vulns (call-with-input-file %sample xml->vulnerabilities))
(list (sixth %expected-vulnerabilities)) ;binutils
'()
(list (sixth %expected-vulnerabilities))
'())
(let* ((vulns (call-with-input-file %sample json->vulnerabilities))
(lookup (vulnerabilities->lookup-proc vulns)))
(list (lookup "phpvid")
(lookup "jasper" "2.0")
(lookup "foobar")
(lookup "jasper" "1.900.1")
(lookup "openoffice.org" "2.3.0"))))
(list (lookup "ghostscript")
(lookup "ghostscript" "9.27")
(lookup "ghostscript" "9.28")
(lookup "gdb")
(lookup "gdb" "42.0")
(lookup "nix")
(lookup "nix" "2.4")
(lookup "binutils" "2.31.1")
(lookup "binutils" "2.10")
(lookup "binutils_gold" "1.11")
(lookup "binutils" "2.32"))))
(test-end "cve")