core-updates!

[Ludovic Courtès]

Hello!

Here’s a kind invitation for you to look at ‘core-updates’ and make sure
your favorite packages build there.  :-)

  https://hydra.gnu.org/jobset/gnu/core-updates

It seems that the bigger issues have been fixed, so now it will be
mostly leaf packages and/or mips64el/arm needing love.

Ludo’.

Re: [PATCH] guix: Support authentication when fetching from SVN.

[Alex Kost]

Ludovic Courtès (2016-07-01 00:09 +0300) wrote:

> Ricardo Wurmus  skribis:
>
>> * guix/svn-download.scm (): Add fields for optional
>> credentials.
>> (svn-fetch): Pass credentials to build-side "svn-fetch".
>> * guix/build/svn.scm (svn-fetch): Pass optional credentials to svn
>> command.
>
> [...]
>
>> --- a/guix/svn-download.scm
>> +++ b/guix/svn-download.scm
>> @@ -42,7 +42,9 @@
>>svn-reference make-svn-reference
>>svn-reference?
>>(url  svn-reference-url); string
>> -  (revision svn-reference-revision))  ; number
>> +  (revision svn-reference-revision)   ; number
>> +  (username svn-reference-username (default #f))
>
> I think I’m old-school, but I would prefer ‘user-name’.

I also prefer "user-name".

-- 
Alex

Re: Software Heritage

[Alex Kost]

Ludovic Courtès (2016-07-01 00:03 +0300) wrote:

> Hello!
>
> The Software Heritage project has just been publicly announced:
>
>   https://www.softwareheritage.org/
>   https://www.inria.fr/en/news/news-from-inria/launching-of-software-heritage
>
> Very roughly it’s a big source code archive.  What this means for us is
> that we’ll hopefully be able to use it as a content-addressed mirror¹.
> Unfortunately, it’s not yet possible to download from the archive;
> I guess it will be coming soon.
>
> Anyway, in light of the various problems with disappearing and/or
> compromised commercial software hosting sites (Gitorious…), as well as
> problems with sites that do not preserve old archives and/or modify them
> in place, just to name a few, I think this is a great initiative.

Woohoo!!!  This is really great!

-- 
Alex

[PATCH 0/3] Generate "/share/fonts/truetype/fonts.dir" file

[Alex Kost]

Currently, when you install TrueType fonts,
"/share/fonts/truetype" directory does not contain "fonts.dir"
file.  This makes impossible to refer to these fonts using a full XLFD
name which is required by some old programs.  This patchset adds a
profile hook to generate this "fonts.dir" file.

[PATCH 1/3] gnu: mkfontdir: Do not propagate 'mkfontscale'.
[PATCH 2/3] profiles: Add fonts-dir-file hook.
[PATCH 3/3] doc: Describe how to make X server find TrueType fonts.

[PATCH 1/3] gnu: mkfontdir: Do not propagate 'mkfontscale'.

[Alex Kost]

* gnu/packages/xorg.scm (mkfontdir)[propagated-inputs]: Move
'mkfontscale' to ...
[inputs]: ... here.
[arguments]: Add 'wrap-mkfontdir' phase.
---
 gnu/packages/xorg.scm | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 431c591..090f661 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4631,7 +4631,17 @@ protocol and arbitrary X extension protocol.")
   (base32
 "0c3563kw9fg15dpgx4dwvl12qz6sdqdns1pxa574hc7i5m42mman"
 (build-system gnu-build-system)
-(propagated-inputs
+(arguments
+ '(#:phases
+   (modify-phases %standard-phases
+ (add-after 'install 'wrap-mkfontdir
+   (lambda* (#:key inputs outputs #:allow-other-keys)
+ (wrap-program (string-append (assoc-ref outputs "out")
+  "/bin/mkfontdir")
+   `("PATH" ":" prefix
+ (,(string-append (assoc-ref inputs "mkfontscale")
+  "/bin")
+(inputs
   `(("mkfontscale" ,mkfontscale)))
 (native-inputs
   `(("pkg-config" ,pkg-config)))
-- 
2.8.3

[PATCH 2/3] profiles: Add fonts-dir-file hook.

[Alex Kost]

* guix/profiles.scm (fonts-dir-file): New procedure.
(%default-profile-hooks): Add it.
---
 guix/profiles.scm | 43 ++-
 1 file changed, 42 insertions(+), 1 deletion(-)

diff --git a/guix/profiles.scm b/guix/profiles.scm
index 90c4332..945da62 100644
--- a/guix/profiles.scm
+++ b/guix/profiles.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès 
 ;;; Copyright © 2013 Nikita Karetnikov 
-;;; Copyright © 2014 Alex Kost 
+;;; Copyright © 2014, 2016 Alex Kost 
 ;;; Copyright © 2015 Mark H Weaver 
 ;;; Copyright © 2015 Sou Bunnbu 
 ;;;
@@ -756,10 +756,51 @@ entries.  It's used to query the MIME type of a given 
file."
   #:substitutable? #f)
 (return #f
 
+(define (fonts-dir-file manifest)
+  "Return a derivation that builds the @file{fonts.dir} and @file{fonts.scale}
+files for the truetype fonts of the @var{manifest} entries."
+  (define mkfontscale
+(module-ref (resolve-interface '(gnu packages xorg)) 'mkfontscale))
+
+  (define mkfontdir
+(module-ref (resolve-interface '(gnu packages xorg)) 'mkfontdir))
+
+  (define build
+#~(begin
+(use-modules (srfi srfi-26)
+ (guix build utils)
+ (guix build union))
+(let ((ttf-dirs (filter file-exists?
+(map (cut string-append <>
+  "/share/fonts/truetype")
+ '#$(manifest-inputs manifest)
+  (mkdir #$output)
+  (if (null? ttf-dirs)
+  (exit #t)
+  (let* ((fonts-dir   (string-append #$output "/share/fonts"))
+ (ttf-dir (string-append fonts-dir "/truetype"))
+ (mkfontscale (string-append #+mkfontscale
+ "/bin/mkfontscale"))
+ (mkfontdir   (string-append #+mkfontdir
+ "/bin/mkfontdir")))
+(mkdir-p fonts-dir)
+(union-build ttf-dir ttf-dirs
+ #:log-port (%make-void-port "w"))
+(with-directory-excursion ttf-dir
+  (exit (and (zero? (system* mkfontscale))
+ (zero? (system* mkfontdir))
+
+  (gexp->derivation "fonts-dir-file" build
+#:modules '((guix build utils)
+(guix build union))
+#:local-build? #t
+#:substitutable? #f))
+
 (define %default-profile-hooks
   ;; This is the list of derivation-returning procedures that are called by
   ;; default when making a non-empty profile.
   (list info-dir-file
+fonts-dir-file
 ghc-package-cache-file
 ca-certificate-bundle
 gtk-icon-themes
-- 
2.8.3

[PATCH 3/3] doc: Describe how to make X server find TrueType fonts.

[Alex Kost]

* doc/guix.texi (Application Setup): Document how to add TrueType fonts
installed in a Guix profile to the X server font path.
---
 doc/guix.texi | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 62c0d34..0e7b698 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -13,6 +13,7 @@
 Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@*
 Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@*
 Copyright @copyright{} 2013 Nikita Karetnikov@*
+Copyright @copyright{} 2014, 2015, 2016 Alex Kost@*
 Copyright @copyright{} 2015, 2016 Mathieu Lirzin@*
 Copyright @copyright{} 2014 Pierre-Antoine Rault@*
 Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@*
@@ -1192,6 +1193,24 @@ to display fonts, you have to install fonts with Guix as 
well.
 Essential font packages include @code{gs-fonts}, @code{font-dejavu}, and
 @code{font-gnu-freefont-ttf}.
 
+However, some programs do not support Fontconfig and rely on the X
+server to recognize a font.  Such programs require to specify a full
+name of a font using XLFD (X Logical Font Description), like this:
+
+@example
+-*-dejavu sans-medium-r-normal-*-*-100-*-*-*-*-*-1
+@end example
+
+To be able to use such full names for the TrueType fonts installed in
+your Guix profile, you need to extend the font path of the X server:
+
+@example
+xset +fp ~/.guix-profile/share/fonts/truetype
+@end example
+
+After that, you can run @code{xlsfonts} (from @code{xlsfonts} package)
+to make sure your TrueType fonts are listed there.
+
 To display text written in Chinese languages, Japanese, or Korean in
 graphical applications, consider installing
 @code{font-adobe-source-han-sans} or @code{font-wqy-zenhei}.  The former
-- 
2.8.3

gnunet-fs integration

[ng0]

Hi,

While I'm still new to guile and guix, one of my main motivations
since I started contributing to guix was an item on the end of
the roadmap, using a decentralized system to distribute updates.

I have started to read through the scripts and underlying parts
of guix, and also our guix/gnunet.git repository where some
work already happened in GsoC 2015.

Because this is very likely short, not very explanatory in
detail, incomprehendable, you can view this email as a short
introduction of the task, longer emails will follow once I
have worked out texts and completed phase 0.

At the moment I assume that the following items and steps are
what's left to get closer to this system:

1. an up to date GNUnet
   a. 0.10.1 of gnunet-fs is not compatible to 0.9,
  gnunet-svn of gnunet-fs is not compatible to 0.10.1
  https://gnunet.org/bot/log/gnunet/2016-06-23#T1067897

2. GNUnet system service for shepherd
   a. it needs a basic service to start with, ideally we
  provide what gnunet-setup does through an extended
  system-service later on

3. stitching together the guile GNUnet bindings
   with additions to mechanisms which are
   at least guix {publish,pull,package}.

4. taking in consideration the current incompabilities of
   gnunet-fs versions.

5. -optional-
   construct `gnunetfs-download', similiar to git-download
   and others, for origins (of software) which are available
   in gnunet.

I have concrete ideas for solutions, interactions and
users consent and more, but those will end up in an
dedicated document which can be viewed online and/or
appended to an email later.


I will split the work into different phases:

Phase 0:
- learning about system services
- write the shepherd gnunet-service
- finish packaging gnunet-svn pinned to a functional svn position
- learn more guile (continously)
- a first theoretic design

Phase 1:
- learn more about the current guix publish, guix pull,
  guix package functionality
- solve design questions

Phase 2:
- writing a proto-type which can be used in a test setup

Phase 3:
- have a functional test setup which can (guix) publish, pull,
  and package from gnunet-fs in addition to the current
  methods


I will publish Phase 1 and later in a checkout of guix
with a branch `guix-gnunet', accessible once they are
created on both of these git urls:
git://git.far37qbrwiredyo5.onion:/guix.git
git://s.n0.is:/guix.git
optionally even a .gnu address when I had time to set it
up on the server


The current goal for Phase 3 is summer 2017, but I can't
predict how much time I can invest in the future or how
fast I will progress with learning.

--
♥Ⓐ  ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion

python-pycairo in core-updates (Re: core-updates!)

[宋文武]

Hi, python-wrapper has a broken `python3-config', which
output cflags to the wrapper instead of the origin python3,
leading the build failure of python-pycairo.


It was introduced in commit 478e75b53.  Does it really needed?

Re: Bioconductor: Use SVN/git by default?

[Ludovic Courtès]

Hello!

Ricardo Wurmus  skribis:

> Ludovic Courtès  writes:
>
>> Hi!
>>
>> Ricardo Wurmus  skribis:
>>
>>> The lack of an archive is also a problem for reproducibility.  You
>>> simply cannot download an archive for an obsolete package version.
>>
>> [...]
>>
>>> What do you think?  I see no way around using the sources from the
>>> central Bioconductor SVN repository as tarballs simply don’t give us
>>> what we need in terms of reproducibility.
>>
>> Would it help if we had access to a universal content-addressed archive
>> that would include everything Bioconductor has ever published?
>>
>> That could be another solution (with a big “if”, granted ;-)).
>
> I guess this would work too, but it would have to be comprehensive to be
> useful.

For the record:

  https://sympa.inria.fr/sympa/arc/swh-devel/2016-06/msg7.html

> The advantage of using SVN is that a user could quite easily create
> variants of a set of Bioconductor R packages for a particular version of
> the Bioconductor SVN repository.  This gives them additional granularity
> which makes the fluidity of the Bioconductor releases more manageable.
>
> Another advantage is that SVN exists right now.  It already behaves like
> a full-blown archive of all Bioconductor packages, even *between*
> Bioconductor releases.  It is just a little more cumbersome to access.
>
> In any case, I think this would be an improvement over what we have
> now.  Right now Bioconductor packages in Guix simply are not
> reproducible over time.  As this invalidates the method of fully
> describing a software environment symbolically (using a git hash of the
> Guix repository and a manifest), I think we should build Bioconductor
> packages from SVN to fix this.

Yeah, using SVN is a solution that would work right now, so if that
seems workable for you without too much work, go for it.

Thanks,
Ludo’.

[PATCH] Update name for ng0

[ng0]

This trivial patch fixes occurences of my name to
this name and updates .mapmap accordingly.

The files where it looks like I am just removing and
not replacing, I already commited using 'ng0'.

>From ec0e02ab3be763f2b2f0dd81e522ff15b62e4ca9 Mon Sep 17 00:00:00 2001
From: ng0 
Date: Fri, 1 Jul 2016 15:22:50 +
Subject: [PATCH] Update name for ng0

---
 .mailmap   | 5 +++--
 gnu/packages/databases.scm | 2 +-
 gnu/packages/emacs.scm | 1 -
 gnu/packages/fonts.scm | 2 +-
 gnu/packages/games.scm | 2 +-
 gnu/packages/gnunet.scm| 1 -
 gnu/packages/lisp.scm  | 2 +-
 gnu/packages/tls.scm   | 2 +-
 8 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/.mailmap b/.mailmap
index 21841c1..50b6e68 100644
--- a/.mailmap
+++ b/.mailmap
@@ -30,8 +30,9 @@ Ludovic Courtès  
 Mathieu Lirzin  
 Mathieu Lirzin  
 Nikita Karetnikov  
-Nils Gillmann  
-Nils Gillmann  
+ng0  
+ng0  
+ng0  
 Pjotr Prins 
 Pjotr Prins  
 Raimon Grau  
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index e99f1fb..86cf883 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -8,7 +8,7 @@
 ;;; Copyright © 2015 Sou Bunnbu 
 ;;; Copyright © 2015 Leo Famulari 
 ;;; Copyright © 2016 Efraim Flashner 
-;;; Copyright © 2016 Nils Gillmann 
+;;; Copyright © 2016 ng0 
 ;;; Copyright © 2016 Roel Janssen 
 ;;;
 ;;; This file is part of GNU Guix.
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 0c0182d..808a840 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -5,7 +5,6 @@
 ;;; Copyright © 2014, 2015, 2016 Alex Kost 
 ;;; Copyright © 2015 Federico Beffa 
 ;;; Copyright © 2015, 2016 Ricardo Wurmus 
-;;; Copyright © 2016 Nils Gillmann 
 ;;; Copyright © 2016 Chris Marusich 
 ;;; Copyright © 2015, 2016 Christopher Allan Webber 
 ;;; Copyright © 2016 humanitiesNerd 
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index fd3962d..a4ae04a 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 Sou Bunnbu 
 ;;; Copyright © 2015 Eric Dvorsak 
 ;;; Copyright © 2015 Ricardo Wurmus 
-;;; Copyright © 2016 Nils Gillmann 
+;;; Copyright © 2016 ng0 
 ;;; Copyright © 2016 Jookia <166...@gmail.com>
 ;;; Copyright © 2016 Eric Bavier 
 ;;; Copyright © 2016 Dmitry Nikolaev 
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 39fc6f2..1fb8c71 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -16,7 +16,7 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer 
 ;;; Copyright © 2016 Rodger Fox 
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis 
-;;; Copyright © 2016 Nils Gillmann 
+;;; Copyright © 2016 ng0 
 ;;; Copyright © 2016 Albin Söderqvist 
 ;;; Copyright © 2016 Kei Kebreau 
 ;;; Copyright © 2016 Alex Griffin 
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index c4e2a37..bea05db 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -3,7 +3,6 @@
 ;;; Copyright © 2014 Sree Harsha Totakura 
 ;;; Copyright © 2015 Ludovic Courtès 
 ;;; Copyright © 2015 Efraim Flashner 
-;;; Copyright © 2016 Ni* Gillmann 
 ;;; Copyright © 2016 Ricardo Wurmus 
 ;;; Copyright © 2016 Mark H Weaver 
 ;;; Copyright © 2016 ng0 
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index e349907..22f542c 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer 
 ;;; Copyright © 2015 Mark H Weaver 
 ;;; Copyright © 2016 Federico Beffa 
-;;; Copyright © 2016 Nils Gillmann 
+;;; Copyright © 2016 ng0 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 9a8a03b..bdc1d7c 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 David Thompson 
 ;;; Copyright © 2015 Leo Famulari 
 ;;; Copyright © 2016 Efraim Flashner 
-;;; Copyright © 2016 Nils Gillmann 
+;;; Copyright © 2016 ng0 
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
--
2.9.0


--
♥Ⓐ  ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion

Re: python-pycairo in core-updates (Re: core-updates!)

[Andreas Enge]

On Fri, Jul 01, 2016 at 07:33:52PM +0800, 宋文武 wrote:
> Hi, python-wrapper has a broken `python3-config', which
> output cflags to the wrapper instead of the origin python3,
> leading the build failure of python-pycairo.
> 
> It was introduced in commit 478e75b53.  Does it really needed?

Unless someone suggests a different solution very soon, I would suggest
to revert the commit.

Andreas

[PATCH] gnurl: Update to 7.48.0.

[ng0]

This updates libgnurl to 7.48.0.
gnurl included tests all succeded.

>From 0e64b9f5d4d499b8d58321376b69f3ff7f422aa3 Mon Sep 17 00:00:00 2001
From: ng0 
Date: Fri, 1 Jul 2016 18:21:45 +
Subject: [PATCH] gnu: gnurl: Update to 7.48.0.

* gnu/packages/gnunet.scm (gnurl): Update to 7.48.0.
---
 gnu/packages/gnunet.scm | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index bea05db..285d710 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -153,13 +153,14 @@ and support for SSL3 and TLS.")
 (define-public gnurl
   (package
(name "gnurl")
-   (version "7.45.0")
+   (version "7.48.0")
(source (origin
 (method url-fetch)
 (uri (string-append "https://gnunet.org/sites/default/files/gnurl-";
-version ".tar.bz2"))
+"7_48_0.tar.bz2"))
 (sha256
- (base32 "0hd8w4wyjwagd4k6vm6srphqbmysz08rcwf8z7f4b2d6d2yrn3mm"
+ (base32
+  "14gch4rdibrc8qs4mijsczxvl45dsclf234g17dk6c8nc2s4bm0a"
(build-system gnu-build-system)
(inputs `(("gnutls" ,gnutls)
  ("libidn" ,libidn)
--
2.9.0


--
♥Ⓐ  ng0
For non-prism friendly talk find me on
psyced.org / loupsycedyglgamf.onion

GIMP: Fix CVE-2016-4994

[Leo Famulari]

GIMP has a use-after-free bug related to XCF file parsing that allows
arbitrary code execution:
https://security-tracker.debian.org/tracker/CVE-2016-4994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994

This patch cherry-picks the upstream commit from the gimp-2-8 branch:
https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f

Leo Famulari (1):
  gnu: gimp: Fix CVE-2016-4994.

 gnu/local.mk  |  1 + 
 gnu/packages/gimp.scm |  1 + 
 gnu/packages/patches/gimp-CVE-2016-4994.patch | 96 +++
 3 files changed, 98 insertions(+)
 create mode 100644 gnu/packages/patches/gimp-CVE-2016-4994.patch
>From 92df989d76da73963c7d05006ca6fcf535d364b4 Mon Sep 17 00:00:00 2001
From: Leo Famulari 
Date: Fri, 1 Jul 2016 16:05:40 -0400
Subject: [PATCH] gnu: gimp: Fix CVE-2016-4994.

* gnu/packages/patches/gimp-CVE-2016-4994.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gimp.scm (gimp): Use it.
---
 gnu/local.mk  |  1 +
 gnu/packages/gimp.scm |  1 +
 gnu/packages/patches/gimp-CVE-2016-4994.patch | 96 +++
 3 files changed, 98 insertions(+)
 create mode 100644 gnu/packages/patches/gimp-CVE-2016-4994.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 7dfda9b..829693a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -515,6 +515,7 @@ dist_patch_DATA =		\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/ghostscript-CVE-2015-3228.patch		\
   %D%/packages/patches/ghostscript-runpath.patch		\
+  %D%/packages/patches/gimp-CVE-2016-4994.patch			\
   %D%/packages/patches/glib-networking-ssl-cert-file.patch	\
   %D%/packages/patches/glib-tests-timer.patch			\
   %D%/packages/patches/glibc-CVE-2015-7547.patch		\
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index 1cd779a..d5c58e2 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -130,6 +130,7 @@ buffers.")
   (uri (string-append "http://download.gimp.org/pub/gimp/v";
   (version-major+minor version)
   "/gimp-" version ".tar.bz2"))
+  (patches (search-patches "gimp-CVE-2016-4994.patch"))
   (sha256
(base32
 "1dsgazia9hmab8cw3iis7s69dvqyfj5wga7ds7w2q5mms1xqbqwm"
diff --git a/gnu/packages/patches/gimp-CVE-2016-4994.patch b/gnu/packages/patches/gimp-CVE-2016-4994.patch
new file mode 100644
index 000..6c81c63
--- /dev/null
+++ b/gnu/packages/patches/gimp-CVE-2016-4994.patch
@@ -0,0 +1,96 @@
+Fix CVE-2016-4994:
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
+
+Copied from upstream repository:
+https://git.gnome.org/browse/gimp/patch/?id=e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f
+
+From e82aaa4b4ee0703c879e35ea9321fff6be3e9b6f Mon Sep 17 00:00:00 2001
+From: Shmuel H 
+Date: Mon, 20 Jun 2016 17:14:41 +0300
+Subject: Bug 767873 - (CVE-2016-4994) Multiple Use-After-Free when parsing...
+
+...XCF channel and layer properties
+
+The properties PROP_ACTIVE_LAYER, PROP_FLOATING_SELECTION,
+PROP_ACTIVE_CHANNEL saves the current object pointer the @info
+structure. Others like PROP_SELECTION (for channel) and
+PROP_GROUP_ITEM (for layer) will delete the current object and create
+a new object, leaving the pointers in @info invalid (dangling).
+
+Therefore, if a property from the first type will come before the
+second, the result will be an UaF in the last lines of xcf_load_image
+(when it actually using the pointers from @info).
+
+I wasn't able to exploit this bug because that
+g_object_instance->c_class gets cleared by the last g_object_unref and
+GIMP_IS_{LAYER,CHANNEL} detects that and return FALSE.
+
+(cherry picked from commit 6d804bf9ae77bc86a0a97f9b944a129844df9395)
+---
+ app/xcf/xcf-load.c | 29 +
+ 1 file changed, 29 insertions(+)
+
+diff --git a/app/xcf/xcf-load.c b/app/xcf/xcf-load.c
+index b180377..67cc6d4 100644
+--- a/app/xcf/xcf-load.c
 b/app/xcf/xcf-load.c
+@@ -904,6 +904,18 @@ xcf_load_layer_props (XcfInfo*info,
+ case PROP_GROUP_ITEM:
+   {
+ GimpLayer *group;
++gboolean   is_active_layer;
++
++/* We're going to delete *layer, Don't leave its pointers
++ * in @info.  After that, we'll restore them back with the
++ * new pointer. See bug #767873.
++ */
++is_active_layer = (*layer == info->active_layer);
++if (is_active_layer)
++  info->active_layer = NULL;
++
++if (*layer == info->floating_sel)
++  info->floating_sel = NULL;
+ 
+ group = gimp_group_layer_new (image);
+ 
+@@ -916,6 +928,13 @@ xcf_load_layer_props (XcfInfo*info,
+ g_object_ref_sink (*layer);
+ g_object_unref (*layer);
+ *layer = group;
++
++   

Re: [PATCH] Add gctp

[Leo Famulari]

On Mon, Jun 27, 2016 at 09:07:54PM +0200, Thomas Danckaert wrote:
> Indeed, I believe GCTP is not maintained anymore, and each project using it
> makes a few small adjustments. From the changelog, it seems GCTP was last
> changed March 1998.

In this case, I think it's appropriate to use the bundled GCTP. What do
others think?

> If there's not much interest to include HDF-EOS right now, I could also
> maintain the libraries as a custom packages somewhere, for the few people
> who need them. I think one of the great things about Guix is that packages
> defined by users or third parties integrate so easily with the main
> repository.

I do think we should include HDF-EOS! If we choose to use the bundled
GCTP, are your earlier patches easily adaptable?

Re: [PATCH] gnu: Add python2-pbkdf2 and update python2-jsonrpclib

[Leo Famulari]

On Thu, Jun 23, 2016 at 01:07:26PM -0300, Daniel Pimentel wrote:
> * gnu/packages/python.scm: add new package and update variable

The program claims to support Python 3 and Python 2. It also has a test
suite in the 'test/' directory. So, I changed your patch as attached.
But, it fails the test suite.

Can you try to make it work?
>From 9b31ca925ef9da4e9e5299215dc73f866114fee9 Mon Sep 17 00:00:00 2001
From: Daniel Pimentel 
Date: Thu, 23 Jun 2016 13:07:26 -0300
Subject: [PATCH] gnu: Add python-pbkdf2.

* gnu/packages/python.scm (python-pbkdf2, python2-pbkdf2): New variables.

Co-authored-by: Leo Famulari 
---
 gnu/packages/python.scm | 20 
 1 file changed, 20 insertions(+)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 8c34ff2..c4bfe76 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -9291,3 +9291,23 @@ It supports both the original 1.0 specification, as well as the
 new (proposed) 2.0 spec, which includes batch submission, keyword arguments,
 etc.")
 (license asl2.0)))
+
+(define-public python-pbkdf2
+  (package
+(name "python-pbkdf2")
+(version "1.3")
+(source (origin
+  (method url-fetch)
+  (uri (pypi-uri "pbkdf2" version))
+  (sha256
+   (base32
+"0yb99rl2mbsaamj571s1mf6vgniqh23v98k4632150hjkwv9fqxc"
+(build-system python-build-system)
+(home-page "https://www.dlitz.net/software/python-pbkdf2/";)
+(synopsis "A module that implements function PBKDF2.")
+(description "A module that implements the password-based key derivation
+function PBKDF2.")
+(license license:expat)))
+
+(define-public python2-pbkdf2
+  (package-with-python2 python-pbkdf2))
-- 
2.9.0

Re: core-updates!

[Leo Famulari]

On Fri, Jul 01, 2016 at 11:02:13AM +0200, Ludovic Courtès wrote:
> Here’s a kind invitation for you to look at ‘core-updates’ and make sure
> your favorite packages build there.  :-)
> 
>   https://hydra.gnu.org/jobset/gnu/core-updates
> 
> It seems that the bigger issues have been fixed, so now it will be
> mostly leaf packages and/or mips64el/arm needing love.

Mozjs is failing, which breaks GNOME:

Re: python-pycairo in core-updates (Re: core-updates!)

[Leo Famulari]

On Fri, Jul 01, 2016 at 05:33:33PM +0200, Andreas Enge wrote:
> On Fri, Jul 01, 2016 at 07:33:52PM +0800, 宋文武 wrote:
> > Hi, python-wrapper has a broken `python3-config', which
> > output cflags to the wrapper instead of the origin python3,
> > leading the build failure of python-pycairo.
> > 
> > It was introduced in commit 478e75b53.  Does it really needed?
> 
> Unless someone suggests a different solution very soon, I would suggest
> to revert the commit.

Reverted with 187e9094f7

[PATCH] gnu: Add alot and python-urwidtrees

[Troy Sankey]

---
 gnu/packages/mail.scm   | 31 +++
 gnu/packages/python.scm | 24 
 2 files changed, 55 insertions(+)

diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index c3baa72..62ff246 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -397,6 +397,37 @@ messages you need; in addition, it allows you to view 
messages, extract
 attachments, create new maildirs, and so on.")
 (license gpl3+)))
 
+(define-public alot
+  (package
+(name "alot")
+(version "0.3.7")
+(source (origin
+  (method url-fetch)
+  (uri (string-append "https://github.com/pazz/alot/archive/";
+  version ".tar.gz"))
+  (file-name (string-append "alot-" version ".tar.gz"))
+  (sha256
+   (base32
+"09md9llg38r6xby8l0y0zf8nhlh91cr4xs0r15b294hhp8hl2bgx"
+(build-system python-build-system)
+(arguments
+ `(#:tests? #f ; no tests
+   #:python ,python-2))
+(inputs
+ `(("python2-magic" ,python2-magic)
+   ("python2-configobj" ,python2-configobj)
+   ("python2-twisted" ,python2-twisted)
+   ("python2-urwid" ,python2-urwid)
+   ("python2-urwidtrees" ,python2-urwidtrees)
+   ("python2-pygpgme" ,python2-pygpgme)
+   ("python2-notmuch" ,python2-notmuch)))
+(home-page "https://github.com/pazz/alot";)
+(synopsis "Commandline MUA using notmuch and urwid")
+(description
+ "Alot is an experimental terminal MUA based on notmuch mail.  It is
+written in python using the urwid toolkit.")
+(license gpl3+)))
+
 (define-public notmuch
   (package
 (name "notmuch")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 684c372..617732b 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -4488,6 +4488,30 @@ features useful for text console applications.")
 (define-public python2-urwid
   (package-with-python2 python-urwid))
 
+(define-public python-urwidtrees
+  (package
+(name "python-urwidtrees")
+(version "1.0.1.1")
+(source
+ (origin
+   (method url-fetch)
+   (uri (pypi-uri "urwidtrees" version))
+   (sha256
+(base32
+ "1zcvy12s7h3fazf33d6y7b4v19p8hg95xqwhqlmw6jz9fq76v9h8"
+(build-system python-build-system)
+(arguments
+ '(#:tests? #f))
+(native-inputs `(("python-setuptools" ,python-setuptools)))
+(inputs `(("python-urwid" ,python-urwid)))
+(home-page "https://github.com/pazz/urwidtrees";)
+(synopsis "Tree widgets for urwid")
+(description "Tree widgets for urwid.")
+(license gpl3+)))
+
+(define-public python2-urwidtrees
+  (package-with-python2 python-urwidtrees))
+
 (define-public python-dbus
   (package
 (name "python-dbus")
-- 
2.1.4

Re: [PATCH] gnu: Add alot and python-urwidtrees

[Leo Famulari]

Thanks for this patch!

Can you split it into two patches? We prefer to make one change (such as
a package addition) per commit. More comments are below.

On Fri, Jul 01, 2016 at 02:16:01PM -0400, Troy Sankey wrote:
> ---
>  gnu/packages/mail.scm   | 31 +++
>  gnu/packages/python.scm | 24 

Please remember to add your name to the list of authors at the beginning
of the files.

> +(define-public alot

> +  (uri (string-append "https://github.com/pazz/alot/archive/";
> +  version ".tar.gz"))

When possible, we prefer to use PyPi for downloading Python source code.
But in this case, I don't see version 0.3.7 on PyPi, so we'll use
GitHub.

> +   #:python ,python-2))

If Python 3 is unsupported, can you mention it in a brief comment?

> +(synopsis "Commandline MUA using notmuch and urwid")

How about "Command-line mail client using @code{notmuch} and
@code{urwid}"? I'm not sure if the synopses support texinfo markup,
while I know the descriptions do.

> +(description
> + "Alot is an experimental terminal MUA based on notmuch mail.  It is
> +written in python using the urwid toolkit.")

Can you unpack 'MUA' and wrap notmuch and urwid in texinfo as above?

> +(define-public python-urwidtrees

> +(arguments
> + '(#:tests? #f))

If there are no tests, can you say so in a comment as in 'alot'?

> +(native-inputs `(("python-setuptools" ,python-setuptools)))
> +(inputs `(("python-urwid" ,python-urwid)))
> +(home-page "https://github.com/pazz/urwidtrees";)
> +(synopsis "Tree widgets for urwid")
> +(description "Tree widgets for urwid.")

How about adapting the description from the home-page?

> +(license gpl3+)))

[PATCH 2/5] gnu: Add python-alabaster.

[Leo Famulari]

* gnu/packages/python.scm (python-alabaster, python2-alabaster): New variables.
---
 gnu/packages/python.scm | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 469f1fa..4eed92f 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -9719,3 +9719,30 @@ the PNG, JPEG, JPEG 2000, and GIF formats.")
   (native-inputs
`(("python2-setuptools" ,python2-setuptools)
  ,@(package-native-inputs base))
+
+(define-public python-alabaster
+  (package
+(name "python-alabaster")
+(version "0.7.8")
+(source (origin
+  (method url-fetch)
+  (uri (pypi-uri "alabaster" version))
+  (sha256
+   (base32
+"1zqz9hsvnmpjklmir6g7rxlv2fslrgsnwb91r9sgz4n1zja1pjx1"
+(build-system python-build-system)
+(synopsis "Default theme for the Sphinx documentation system")
+(description "Alabaster is a responsive and configurable theme for the
+Sphinx documentation system. It is compatible with Python 2 and 3, and it is 
the
+default Sphinx theme.")
+(home-page "https://github.com/bitprophet/alabaster";)
+(license bsd-3)
+(properties `((python2-variant . ,(delay python2-alabaster))
+
+(define-public python2-alabaster
+  (let ((base (package-with-python2 (strip-python2-variant python-alabaster
+(package
+  (inherit base)
+  (native-inputs
+   `(("python2-setuptools" ,python2-setuptools)
+ ,@(package-native-inputs base))
-- 
2.9.0

[PATCH 0/5] Sphinx reproducibility update

[Leo Famulari]

Since version 1.4.0, Sphinx has respected the SOURCE_DATE_EPOCH
environment variable for the timestamps it puts in generated
documentation [0].

This patch series updates Sphinx to the latest version, 1.4.4, and
provides all the new dependencies. The final commit in the series
requires the new Sphinx.

Why propagate pytz and snowballstemmer? Otherwise, many packages that
use Sphinx started failing due to pytz or snowballstemmer not being
avaiable. Rather than provide pytz and snowballstemmer to all those
packages, I propagated them from Sphinx itself. I can add pytz and
snowballstemmer to the Sphinx users if desired.

With this change, many Python 2 packages will become reproducible, at
least on a single machine; the only thing holding them back was the
manpage timestamps.

These changes will require 142 rebuilds, mostly of Python packages, but
also of libreoffice (libreoffice seems to depend on *everything*) and a
few others. If the patches are good, should they go to master or to
another branch?

[0]
https://github.com/sphinx-doc/sphinx/commit/dea6a4112729c72246b7bdea139c5100c0fcdb7d

Leo Famulari (5):
  gnu: Add python-imagesize.
  gnu: Add python-alabaster.
  gnu: Add python-snowballstemmer.
  gnu: python-sphinx: Update to 1.4.4.
  gnu: python-sphinx-rtd-theme: Update to 0.1.9.

 gnu/packages/python.scm | 106 ++--
 1 file changed, 93 insertions(+), 13 deletions(-)

-- 
2.9.0

[PATCH 5/5] gnu: python-sphinx-rtd-theme: Update to 0.1.9.

[Leo Famulari]

* gnu/packages/python.scm (python-sphinx-rtd-theme, python2-sphinx-rtd-theme):
Update to 0.1.9.
---
 gnu/packages/python.scm | 8 +++-
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index fd4cc3d..10ab3a6 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -2694,16 +2694,14 @@ sources.")
 (define-public python-sphinx-rtd-theme
   (package
 (name "python-sphinx-rtd-theme")
-(version "0.1.6")
+(version "0.1.9")
 (source
  (origin
(method url-fetch)
-   (uri (string-append "https://pypi.python.org/packages/source/s/";
-   "sphinx_rtd_theme/sphinx_rtd_theme-"
-   version ".tar.gz"))
+   (uri (pypi-uri "sphinx_rtd_theme" version))
(sha256
 (base32
- "19nw3rn7awplcdrz63kg1njqwkbymfg9lwn7l2grhdyhyr2gaa8g"
+ "18d0r63w7jpdrk4q5qy26n08vdlmnj9sar93akwjphyambw4cf17"
 (build-system python-build-system)
 (arguments
  `(;; With standard flags, the install phase attempts to create a zip'd
-- 
2.9.0

[PATCH 1/5] gnu: Add python-imagesize.

[Leo Famulari]

* gnu/packages/python.scm (python-imagesize, python2-imagesize): New variables.
---
 gnu/packages/python.scm | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 597ca6a..469f1fa 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -9693,3 +9693,29 @@ characters, mouse support, and auto suggestions.")
   (native-inputs
`(("python2-setuptools" ,python2-setuptools)
  ,@(package-native-inputs base))
+
+(define-public python-imagesize
+  (package
+(name "python-imagesize")
+(version "0.7.1")
+(source (origin
+  (method url-fetch)
+  (uri (pypi-uri "imagesize" version))
+  (sha256
+   (base32
+"0qk07k0z4241lkzzjji7z4da04pcvg7bfc4xz1934zlqhwmwdcha"
+(build-system python-build-system)
+(synopsis "Calculate the size of an image")
+(description "This Python module returns the size of an image. It supports
+the PNG, JPEG, JPEG 2000, and GIF formats.")
+(home-page "https://github.com/shibukawa/imagesize_py";)
+(license license:expat)
+(properties `((python2-variant . ,(delay python2-imagesize))
+
+(define-public python2-imagesize
+  (let ((base (package-with-python2 (strip-python2-variant python-imagesize
+(package
+  (inherit base)
+  (native-inputs
+   `(("python2-setuptools" ,python2-setuptools)
+ ,@(package-native-inputs base))
-- 
2.9.0

[PATCH 4/5] gnu: python-sphinx: Update to 1.4.4.

[Leo Famulari]

* gnu/packages/python.scm (python-sphinx, python2-sphinx): Update to 1.4.4.
[source]: Use pypi-uri.
[inputs]: Add python-alabaster, python-babel, python-imagesize, python-six.
[propagated-inputs]: New field.
---
 gnu/packages/python.scm | 23 +++
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 73312e8..fd4cc3d 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -2658,22 +2658,29 @@ reStructuredText.")
 (define-public python-sphinx
   (package
 (name "python-sphinx")
-(version "1.2.3")
+(version "1.4.4")
 (source
  (origin
(method url-fetch)
-   (uri (string-append
- "https://pypi.python.org/packages/source/S/Sphinx/Sphinx-";
- version ".tar.gz"))
+   (uri (pypi-uri "Sphinx" version))
(sha256
 (base32
- "011xizm3jnmf4cvs5i6kgf6c5nn046h79i8j0vd0f27yw9j3p4wl"
+ "185zklh44fhrwp1dg6251g3w6zmssh5jzvbz8pvmkg9l6wvxdzry"
 (build-system python-build-system)
 (inputs
- `(("python-setuptools" ,python-setuptools)
-   ("python-jinja2" ,python-jinja2)
+ `(
+   ("python-alabaster" ,python-alabaster)
+   ("python-babel" ,python-babel)
("python-docutils" ,python-docutils)
-   ("python-pygments" ,python-pygments)))
+   ("python-imagesize" ,python-imagesize)
+   ("python-jinja2" ,python-jinja2)
+   ("python-pygments" ,python-pygments)
+   ("python-pytz" ,python-pytz)
+   ("python-setuptools" ,python-setuptools)
+   ("python-six" ,python-six)))
+(propagated-inputs
+ `(("python-pytz" ,python-pytz)
+   ("python-snowballstemmer" ,python-snowballstemmer)))
 (home-page "http://sphinx-doc.org/";)
 (synopsis "Python documentation generator")
 (description "Sphinx is a tool that makes it easy to create documentation
-- 
2.9.0

[PATCH 3/5] gnu: Add python-snowballstemmer.

[Leo Famulari]

* gnu/packages/python.scm (python-snowballstemmer, python2-snowballstemmer): New
variables.
---
 gnu/packages/python.scm | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 4eed92f..73312e8 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -9746,3 +9746,25 @@ default Sphinx theme.")
   (native-inputs
`(("python2-setuptools" ,python2-setuptools)
  ,@(package-native-inputs base))
+
+(define-public python-snowballstemmer
+  (package
+(name "python-snowballstemmer")
+(version "1.2.1")
+(source (origin
+  (method url-fetch)
+  (uri (pypi-uri "snowballstemmer" version))
+  (sha256
+   (base32
+"0a0idq4y5frv7qsg2x62jd7rd272749xk4x99misf5rcifk2d7wi"
+(build-system python-build-system)
+(arguments
+ `(#:tests? #f)) ; no test suite
+(synopsis "Snowball stemming library collection for Python")
+(description "This package provides 16 stemmer algorithms generated from
+Snowball algorithms")
+(home-page "https://github.com/shibukawa/snowball_py";)
+(license bsd-2)))
+
+(define-public python2-snowballstemmer
+  (package-with-python2 python-snowballstemmer))
-- 
2.9.0

[PATCH] midicsv: new package

[John J Foerch]

Hello,

Here is my first attempt at a package, midicsv.  Please let me know what
changes may need to be made.

>From 15e6c06398fa8d340b70da391f90e6c69e613f70 Mon Sep 17 00:00:00 2001
From: "John J. Foerch" 
Date: Fri, 1 Jul 2016 21:26:55 -0400
Subject: [PATCH] gnu: midicsv: new package

---
 gnu/packages/music.scm | 28 
 1 file changed, 28 insertions(+)

diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index dfc21cc..0013819 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1594,3 +1594,31 @@ for improved Amiga ProTracker 2/3 compatibility.")
 formats, including most audio formats recognized by FFMpeg.")
 (home-page "http://moc.daper.net";)
 (license license:gpl2+)))
+
+(define-public midicsv
+  (package
+(name "midicsv")
+(version "1.1")
+(source (origin
+  (method url-fetch)
+  (uri (string-append "http://www.fourmilab.ch/webtools/midicsv/";
+  name "-" version ".tar.gz"))
+  (sha256
+   (base32
+"1vvhk2nf9ilfw0wchmxy8l13hbw9cnpz079nsx5srsy4nnd78nkw"
+(build-system gnu-build-system)
+(arguments
+ `(#:phases (modify-phases %standard-phases (delete 'configure))
+   #:make-flags (list "CC=gcc" (string-append "INSTALL_DEST=" %output
+(synopsis "convert MIDI files to and from CSV")
+(description
+ "midicsv reads a standard MIDI file and decodes it into a CSV
+(Comma-Separated Value) file which preserves all the information in
+the MIDI file.  The ASCII CSV file may be loaded into a spreadsheet
+or database application, or processed by a program to transform the
+MIDI data (for example, to key transpose a composition or extract a
+track from a multi-track sequence).  A CSV file in the format
+created by midicsv may be converted back into a standard MIDI file
+with the csvmidi program.")
+(home-page "http://www.fourmilab.ch/webtools/midicsv/";)
+(license license:public-domain)))
-- 
2.9.0