aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-06-16 01:01:54 -0400
committerMark H Weaver <mhw@netris.org>2015-06-16 01:01:54 -0400
commit7d02724b7bddb4d5e1cc93db99f737baa26840ca (patch)
treebae1377073af72dd17b7c786fd6991f234d3732b /gnu
parent4c10c6cbc61d703b18b92c651a92300cf51d1eab (diff)
parentfef3cfaaab972b1f514724f90050aeb38516519b (diff)
downloadguix-7d02724b7bddb4d5e1cc93db99f737baa26840ca.tar.gz
guix-7d02724b7bddb4d5e1cc93db99f737baa26840ca.zip
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/audio.scm6
-rw-r--r--gnu/packages/bioinformatics.scm4
-rw-r--r--gnu/packages/emacs.scm64
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4037.patch53
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4103.patch135
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4104.patch189
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4105.patch85
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt1.patch72
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt2.patch81
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt3.patch33
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt4.patch260
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch33
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch89
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt7.patch72
-rw-r--r--gnu/packages/patches/qemu-CVE-2015-4106-pt8.patch132
-rw-r--r--gnu/packages/python.scm94
-rw-r--r--gnu/packages/qemu.scm14
-rw-r--r--gnu/packages/ruby.scm300
-rw-r--r--gnu/packages/screen.scm4
-rw-r--r--gnu/packages/suckless.scm (renamed from gnu/packages/dwm.scm)62
-rw-r--r--gnu/packages/version-control.scm6
-rw-r--r--gnu/packages/video.scm5
-rw-r--r--gnu/services/desktop.scm2
23 files changed, 1729 insertions, 66 deletions
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 3b2d4e1022..1d6277c125 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -836,7 +836,7 @@ significantly faster and have minimal dependencies.")
(define-public lv2
(package
(name "lv2")
- (version "1.10.0")
+ (version "1.12.0")
(source (origin
(method url-fetch)
(uri (string-append "http://lv2plug.in/spec/lv2-"
@@ -844,11 +844,11 @@ significantly faster and have minimal dependencies.")
".tar.bz2"))
(sha256
(base32
- "1md41x9snrp4mcfyli7lyfpvcfa78nfy6xkdy84kppnl8m5qw378"))))
+ "1saq0vwqy5zjdkgc5ahs8kcabxfmff2mmg68fiqrkv8hiw9m6jks"))))
(build-system waf-build-system)
(arguments
`(#:tests? #f ; no check target
- #:configure-flags '("--lv2-system")))
+ #:configure-flags '("--no-plugins")))
(inputs
;; Leaving off cairo and gtk+-2.0 which are needed for example plugins
`(("libsndfile" ,libsndfile)))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 7175ecf41d..0d8a6d518c 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -1104,7 +1104,7 @@ that a read originated from a particular isoform.")
(define-public orfm
(package
(name "orfm")
- (version "0.3.2")
+ (version "0.4.1")
(source (origin
(method url-fetch)
(uri (string-append
@@ -1112,7 +1112,7 @@ that a read originated from a particular isoform.")
version "/orfm-" version ".tar.gz"))
(sha256
(base32
- "00jqvlspj9662ni9r4n1snxfnwkzc02i46g5nk1kwjshi6v3vgg3"))))
+ "05fmw145snk646ly076zby0fjav0k7ysbclck5d4s9pmgcfpijc2"))))
(build-system gnu-build-system)
(inputs `(("zlib" ,zlib)))
(synopsis "Simple and not slow open reading frame (ORF) caller")
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 0f71c77bf2..2502f2935d 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -428,6 +428,70 @@ operations.")
support for Git-SVN.")
(license license:gpl3+)))
+(define-public haskell-mode
+ (package
+ (name "haskell-mode")
+ (version "13.14.2")
+ (source (origin
+ (method url-fetch)
+ (file-name (string-append name "-" version ".tar.gz"))
+ (uri (string-append
+ "https://github.com/haskell/haskell-mode/archive/v"
+ version ".tar.gz"))
+ (sha256
+ (base32 "1kxc2yj8vb122dv91r68h7c5ladcryx963fr16plfhg71fv7f9av"))))
+ (inputs `(("emacs" ,emacs-no-x)))
+ (native-inputs
+ `(("texinfo" ,texinfo)))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags (list (string-append "EMACS="
+ (assoc-ref %build-inputs "emacs")
+ "/bin/emacs"))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (add-before
+ 'build 'pre-build
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let ((sh (string-append (assoc-ref inputs "bash") "/bin/sh")))
+ (setenv "SHELL" "sh")
+ (substitute* (find-files "." "\\.el") (("/bin/sh") sh))
+ #t)))
+ (replace
+ 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (el-dir (string-append out "/share/emacs/site-lisp"))
+ (doc (string-append
+ out "/share/doc/haskell-mode-" ,version))
+ (info (string-append out "/share/info")))
+ (define (copy-to-dir dir files)
+ (mkdir-p dir)
+ (for-each
+ (lambda (f)
+ (copy-file f (string-append dir "/" (basename f))))
+ files))
+
+ (with-directory-excursion "doc"
+ (unless (zero? (system* "makeinfo" "haskell-mode.texi"))
+ (error "makeinfo failed"))
+ (mkdir-p info)
+ (copy-file "haskell-mode.info"
+ (string-append info "/haskell-mode.info")))
+ (copy-to-dir doc '("CONTRIBUTING.md" "NEWS" "README.md"))
+ (copy-to-dir el-dir (find-files "." "\\.elc?"))
+ ;; these are now distributed with emacs
+ (with-directory-excursion el-dir
+ (for-each delete-file '("cl-lib.el" "ert.el")))
+ #t))))))
+ (home-page "https://github.com/haskell/haskell-mode")
+ (synopsis "Haskell mode for Emacs")
+ (description
+ "This is an Emacs mode for editing, debugging and developing Haskell
+programs.")
+ (license license:gpl3+)))
+
;;;
;;; Web browsing.
diff --git a/gnu/packages/patches/qemu-CVE-2015-4037.patch b/gnu/packages/patches/qemu-CVE-2015-4037.patch
new file mode 100644
index 0000000000..305036b9f2
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4037.patch
@@ -0,0 +1,53 @@
+From 8b8f1c7e9ddb2e88a144638f6527bf70e32343e3 Mon Sep 17 00:00:00 2001
+From: Michael Tokarev <mjt@tls.msk.ru>
+Date: Thu, 28 May 2015 14:12:26 +0300
+Subject: [PATCH] slirp: use less predictable directory name in /tmp for smb
+ config (CVE-2015-4037)
+
+In this version I used mkdtemp(3) which is:
+
+ _BSD_SOURCE
+ || /* Since glibc 2.10: */
+ (_POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700)
+
+(POSIX.1-2008), so should be available on systems we care about.
+
+While at it, reset the resulting directory name within smb structure
+on error so cleanup function wont try to remove directory which we
+failed to create.
+
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+Reviewed-by: Markus Armbruster <armbru@redhat.com>
+---
+ net/slirp.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/net/slirp.c b/net/slirp.c
+index 0e15cf6..3533837 100644
+--- a/net/slirp.c
++++ b/net/slirp.c
+@@ -481,7 +481,6 @@ static void slirp_smb_cleanup(SlirpState *s)
+ static int slirp_smb(SlirpState* s, const char *exported_dir,
+ struct in_addr vserver_addr)
+ {
+- static int instance;
+ char smb_conf[128];
+ char smb_cmdline[128];
+ struct passwd *passwd;
+@@ -505,10 +504,10 @@ static int slirp_smb(SlirpState* s, const char *exported_dir,
+ return -1;
+ }
+
+- snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.%ld-%d",
+- (long)getpid(), instance++);
+- if (mkdir(s->smb_dir, 0700) < 0) {
++ snprintf(s->smb_dir, sizeof(s->smb_dir), "/tmp/qemu-smb.XXXXXX");
++ if (!mkdtemp(s->smb_dir)) {
+ error_report("could not create samba server dir '%s'", s->smb_dir);
++ s->smb_dir[0] = 0;
+ return -1;
+ }
+ snprintf(smb_conf, sizeof(smb_conf), "%s/%s", s->smb_dir, "smb.conf");
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4103.patch b/gnu/packages/patches/qemu-CVE-2015-4103.patch
new file mode 100644
index 0000000000..74333fd672
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4103.patch
@@ -0,0 +1,135 @@
+From 5c83b2f5b4b956e91dd6e5711f14df7ab800aefb Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:00 +0000
+Subject: [PATCH] xen: properly gate host writes of modified PCI CFG contents
+
+The old logic didn't work as intended when an access spanned multiple
+fields (for example a 32-bit access to the location of the MSI Message
+Data field with the high 16 bits not being covered by any known field).
+Remove it and derive which fields not to write to from the accessed
+fields' emulation masks: When they're all ones, there's no point in
+doing any host write.
+
+This fixes a secondary issue at once: We obviously shouldn't make any
+host write attempt when already the host read failed.
+
+This is XSA-128.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+---
+ hw/xen/xen_pt.c | 25 +++++++++++++++++++++----
+ hw/xen/xen_pt.h | 2 --
+ hw/xen/xen_pt_config_init.c | 4 ----
+ 3 files changed, 21 insertions(+), 10 deletions(-)
+
+diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
+index d095c08..8923582 100644
+--- a/hw/xen/xen_pt.c
++++ b/hw/xen/xen_pt.c
+@@ -234,7 +234,7 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+ int index = 0;
+ XenPTRegGroup *reg_grp_entry = NULL;
+ int rc = 0;
+- uint32_t read_val = 0;
++ uint32_t read_val = 0, wb_mask;
+ int emul_len = 0;
+ XenPTReg *reg_entry = NULL;
+ uint32_t find_addr = addr;
+@@ -271,6 +271,9 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+ if (rc < 0) {
+ XEN_PT_ERR(d, "pci_read_block failed. return value: %d.\n", rc);
+ memset(&read_val, 0xff, len);
++ wb_mask = 0;
++ } else {
++ wb_mask = 0xFFFFFFFF >> ((4 - len) << 3);
+ }
+
+ /* pass directly to the real device for passthrough type register group */
+@@ -298,6 +301,11 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+
+ valid_mask <<= (find_addr - real_offset) << 3;
+ ptr_val = (uint8_t *)&val + (real_offset & 3);
++ if (reg->emu_mask == (0xFFFFFFFF >> ((4 - reg->size) << 3))) {
++ wb_mask &= ~((reg->emu_mask
++ >> ((find_addr - real_offset) << 3))
++ << ((len - emul_len) << 3));
++ }
+
+ /* do emulation based on register size */
+ switch (reg->size) {
+@@ -350,10 +358,19 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+ memory_region_transaction_commit();
+
+ out:
+- if (!(reg && reg->no_wb)) {
++ for (index = 0; wb_mask; index += len) {
+ /* unknown regs are passed through */
+- rc = xen_host_pci_set_block(&s->real_device, addr,
+- (uint8_t *)&val, len);
++ while (!(wb_mask & 0xff)) {
++ index++;
++ wb_mask >>= 8;
++ }
++ len = 0;
++ do {
++ len++;
++ wb_mask >>= 8;
++ } while (wb_mask & 0xff);
++ rc = xen_host_pci_set_block(&s->real_device, addr + index,
++ (uint8_t *)&val + index, len);
+
+ if (rc < 0) {
+ XEN_PT_ERR(d, "pci_write_block failed. return value: %d.\n", rc);
+diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
+index 942dc60..52ceb85 100644
+--- a/hw/xen/xen_pt.h
++++ b/hw/xen/xen_pt.h
+@@ -105,8 +105,6 @@ struct XenPTRegInfo {
+ uint32_t ro_mask;
+ /* reg emulate field mask (ON:emu, OFF:passthrough) */
+ uint32_t emu_mask;
+- /* no write back allowed */
+- uint32_t no_wb;
+ xen_pt_conf_reg_init init;
+ /* read/write function pointer
+ * for double_word/word/byte size */
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 95a51db..dae0519 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -1279,7 +1279,6 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ .init_val = 0x00000000,
+ .ro_mask = 0x00000003,
+ .emu_mask = 0xFFFFFFFF,
+- .no_wb = 1,
+ .init = xen_pt_common_reg_init,
+ .u.dw.read = xen_pt_long_reg_read,
+ .u.dw.write = xen_pt_msgaddr32_reg_write,
+@@ -1291,7 +1290,6 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ .init_val = 0x00000000,
+ .ro_mask = 0x00000000,
+ .emu_mask = 0xFFFFFFFF,
+- .no_wb = 1,
+ .init = xen_pt_msgaddr64_reg_init,
+ .u.dw.read = xen_pt_long_reg_read,
+ .u.dw.write = xen_pt_msgaddr64_reg_write,
+@@ -1303,7 +1301,6 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ .init_val = 0x0000,
+ .ro_mask = 0x0000,
+ .emu_mask = 0xFFFF,
+- .no_wb = 1,
+ .init = xen_pt_msgdata_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msgdata_reg_write,
+@@ -1315,7 +1312,6 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ .init_val = 0x0000,
+ .ro_mask = 0x0000,
+ .emu_mask = 0xFFFF,
+- .no_wb = 1,
+ .init = xen_pt_msgdata_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msgdata_reg_write,
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4104.patch b/gnu/packages/patches/qemu-CVE-2015-4104.patch
new file mode 100644
index 0000000000..811b0419a9
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4104.patch
@@ -0,0 +1,189 @@
+From 7611dae8a69f0f1775ba1a9a942961c2aa10d88e Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:00 +0000
+Subject: [PATCH] xen: don't allow guest to control MSI mask register
+
+It's being used by the hypervisor. For now simply mimic a device not
+capable of masking, and fully emulate any accesses a guest may issue
+nevertheless as simple reads/writes without side effects.
+
+This is XSA-129.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+---
+ hw/pci/msi.c | 4 --
+ hw/xen/xen_pt_config_init.c | 98 ++++++++++++++++++++++++++++++++++++++++-----
+ include/hw/pci/pci_regs.h | 2 +
+ 3 files changed, 90 insertions(+), 14 deletions(-)
+
+diff --git a/hw/pci/msi.c b/hw/pci/msi.c
+index c111dba..f9c0484 100644
+--- a/hw/pci/msi.c
++++ b/hw/pci/msi.c
+@@ -21,10 +21,6 @@
+ #include "hw/pci/msi.h"
+ #include "qemu/range.h"
+
+-/* Eventually those constants should go to Linux pci_regs.h */
+-#define PCI_MSI_PENDING_32 0x10
+-#define PCI_MSI_PENDING_64 0x14
+-
+ /* PCI_MSI_ADDRESS_LO */
+ #define PCI_MSI_ADDRESS_LO_MASK (~0x3)
+
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index dae0519..68b8f22 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -1016,13 +1016,9 @@ static XenPTRegInfo xen_pt_emu_reg_pm[] = {
+ */
+
+ /* Helper */
+-static bool xen_pt_msgdata_check_type(uint32_t offset, uint16_t flags)
+-{
+- /* check the offset whether matches the type or not */
+- bool is_32 = (offset == PCI_MSI_DATA_32) && !(flags & PCI_MSI_FLAGS_64BIT);
+- bool is_64 = (offset == PCI_MSI_DATA_64) && (flags & PCI_MSI_FLAGS_64BIT);
+- return is_32 || is_64;
+-}
++#define xen_pt_msi_check_type(offset, flags, what) \
++ ((offset) == ((flags) & PCI_MSI_FLAGS_64BIT ? \
++ PCI_MSI_##what##_64 : PCI_MSI_##what##_32))
+
+ /* Message Control register */
+ static int xen_pt_msgctrl_reg_init(XenPCIPassthroughState *s,
+@@ -1134,7 +1130,45 @@ static int xen_pt_msgdata_reg_init(XenPCIPassthroughState *s,
+ uint32_t offset = reg->offset;
+
+ /* check the offset whether matches the type or not */
+- if (xen_pt_msgdata_check_type(offset, flags)) {
++ if (xen_pt_msi_check_type(offset, flags, DATA)) {
++ *data = reg->init_val;
++ } else {
++ *data = XEN_PT_INVALID_REG;
++ }
++ return 0;
++}
++
++/* this function will be called twice (for 32 bit and 64 bit type) */
++/* initialize Mask register */
++static int xen_pt_mask_reg_init(XenPCIPassthroughState *s,
++ XenPTRegInfo *reg, uint32_t real_offset,
++ uint32_t *data)
++{
++ uint32_t flags = s->msi->flags;
++
++ /* check the offset whether matches the type or not */
++ if (!(flags & PCI_MSI_FLAGS_MASKBIT)) {
++ *data = XEN_PT_INVALID_REG;
++ } else if (xen_pt_msi_check_type(reg->offset, flags, MASK)) {
++ *data = reg->init_val;
++ } else {
++ *data = XEN_PT_INVALID_REG;
++ }
++ return 0;
++}
++
++/* this function will be called twice (for 32 bit and 64 bit type) */
++/* initialize Pending register */
++static int xen_pt_pending_reg_init(XenPCIPassthroughState *s,
++ XenPTRegInfo *reg, uint32_t real_offset,
++ uint32_t *data)
++{
++ uint32_t flags = s->msi->flags;
++
++ /* check the offset whether matches the type or not */
++ if (!(flags & PCI_MSI_FLAGS_MASKBIT)) {
++ *data = XEN_PT_INVALID_REG;
++ } else if (xen_pt_msi_check_type(reg->offset, flags, PENDING)) {
+ *data = reg->init_val;
+ } else {
+ *data = XEN_PT_INVALID_REG;
+@@ -1222,7 +1256,7 @@ static int xen_pt_msgdata_reg_write(XenPCIPassthroughState *s,
+ uint32_t offset = reg->offset;
+
+ /* check the offset whether matches the type or not */
+- if (!xen_pt_msgdata_check_type(offset, msi->flags)) {
++ if (!xen_pt_msi_check_type(offset, msi->flags, DATA)) {
+ /* exit I/O emulator */
+ XEN_PT_ERR(&s->dev, "the offset does not match the 32/64 bit type!\n");
+ return -1;
+@@ -1267,7 +1301,7 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xFF8E,
+- .emu_mask = 0x007F,
++ .emu_mask = 0x017F,
+ .init = xen_pt_msgctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msgctrl_reg_write,
+@@ -1316,6 +1350,50 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msgdata_reg_write,
+ },
++ /* Mask reg (if PCI_MSI_FLAGS_MASKBIT set, for 32-bit devices) */
++ {
++ .offset = PCI_MSI_MASK_32,
++ .size = 4,
++ .init_val = 0x00000000,
++ .ro_mask = 0xFFFFFFFF,
++ .emu_mask = 0xFFFFFFFF,
++ .init = xen_pt_mask_reg_init,
++ .u.dw.read = xen_pt_long_reg_read,
++ .u.dw.write = xen_pt_long_reg_write,
++ },
++ /* Mask reg (if PCI_MSI_FLAGS_MASKBIT set, for 64-bit devices) */
++ {
++ .offset = PCI_MSI_MASK_64,
++ .size = 4,
++ .init_val = 0x00000000,
++ .ro_mask = 0xFFFFFFFF,
++ .emu_mask = 0xFFFFFFFF,
++ .init = xen_pt_mask_reg_init,
++ .u.dw.read = xen_pt_long_reg_read,
++ .u.dw.write = xen_pt_long_reg_write,
++ },
++ /* Pending reg (if PCI_MSI_FLAGS_MASKBIT set, for 32-bit devices) */
++ {
++ .offset = PCI_MSI_MASK_32 + 4,
++ .size = 4,
++ .init_val = 0x00000000,
++ .ro_mask = 0xFFFFFFFF,
++ .emu_mask = 0x00000000,
++ .init = xen_pt_pending_reg_init,
++ .u.dw.read = xen_pt_long_reg_read,
++ .u.dw.write = xen_pt_long_reg_write,
++ },
++ /* Pending reg (if PCI_MSI_FLAGS_MASKBIT set, for 64-bit devices) */
++ {
++ .offset = PCI_MSI_MASK_64 + 4,
++ .size = 4,
++ .init_val = 0x00000000,
++ .ro_mask = 0xFFFFFFFF,
++ .emu_mask = 0x00000000,
++ .init = xen_pt_pending_reg_init,
++ .u.dw.read = xen_pt_long_reg_read,
++ .u.dw.write = xen_pt_long_reg_write,
++ },
+ {
+ .size = 0,
+ },
+diff --git a/include/hw/pci/pci_regs.h b/include/hw/pci/pci_regs.h
+index 56a404b..57e8c80 100644
+--- a/include/hw/pci/pci_regs.h
++++ b/include/hw/pci/pci_regs.h
+@@ -298,8 +298,10 @@
+ #define PCI_MSI_ADDRESS_HI 8 /* Upper 32 bits (if PCI_MSI_FLAGS_64BIT set) */
+ #define PCI_MSI_DATA_32 8 /* 16 bits of data for 32-bit devices */
+ #define PCI_MSI_MASK_32 12 /* Mask bits register for 32-bit devices */
++#define PCI_MSI_PENDING_32 16 /* Pending bits register for 32-bit devices */
+ #define PCI_MSI_DATA_64 12 /* 16 bits of data for 64-bit devices */
+ #define PCI_MSI_MASK_64 16 /* Mask bits register for 64-bit devices */
++#define PCI_MSI_PENDING_64 20 /* Pending bits register for 32-bit devices */
+
+ /* MSI-X registers */
+ #define PCI_MSIX_FLAGS 2
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4105.patch b/gnu/packages/patches/qemu-CVE-2015-4105.patch
new file mode 100644
index 0000000000..f1b349f1e5
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4105.patch
@@ -0,0 +1,85 @@
+From b38ec5ee7a581776bbce0bdaecb397632c3c4791 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:00 +0000
+Subject: [PATCH] xen/MSI-X: limit error messages
+
+Limit error messages resulting from bad guest behavior to avoid allowing
+the guest to cause the control domain's disk to fill.
+
+The first message in pci_msix_write() can simply be deleted, as this
+is indeed bad guest behavior, but such out of bounds writes don't
+really need to be logged.
+
+The second one is more problematic, as there guest behavior may only
+appear to be wrong: For one, the old logic didn't take the mask-all bit
+into account. And then this shouldn't depend on host device state (i.e.
+the host may have masked the entry without the guest having done so).
+Plus these writes shouldn't be dropped even when an entry is unmasked.
+Instead, if they can't be made take effect right away, they should take
+effect on the next unmasking or enabling operation - the specification
+explicitly describes such caching behavior. Until we can validly drop
+the message (implementing such caching/latching behavior), issue the
+message just once per MSI-X table entry.
+
+Note that the log message in pci_msix_read() similar to the one being
+removed here is not an issue: "addr" being of unsigned type, and the
+maximum size of the MSI-X table being 32k, entry_nr simply can't be
+negative and hence the conditonal guarding issuing of the message will
+never be true.
+
+This is XSA-130.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+---
+ hw/xen/xen_pt.h | 1 +
+ hw/xen/xen_pt_msi.c | 12 +++++++-----
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
+index 52ceb85..8c9b6c2 100644
+--- a/hw/xen/xen_pt.h
++++ b/hw/xen/xen_pt.h
+@@ -175,6 +175,7 @@ typedef struct XenPTMSIXEntry {
+ uint32_t data;
+ uint32_t vector_ctrl;
+ bool updated; /* indicate whether MSI ADDR or DATA is updated */
++ bool warned; /* avoid issuing (bogus) warning more than once */
+ } XenPTMSIXEntry;
+ typedef struct XenPTMSIX {
+ uint32_t ctrl_offset;
+diff --git a/hw/xen/xen_pt_msi.c b/hw/xen/xen_pt_msi.c
+index 9ed9321..68db623 100644
+--- a/hw/xen/xen_pt_msi.c
++++ b/hw/xen/xen_pt_msi.c
+@@ -434,11 +434,10 @@ static void pci_msix_write(void *opaque, hwaddr addr,
+ XenPCIPassthroughState *s = opaque;
+ XenPTMSIX *msix = s->msix;
+ XenPTMSIXEntry *entry;
+- int entry_nr, offset;
++ unsigned int entry_nr, offset;
+
+ entry_nr = addr / PCI_MSIX_ENTRY_SIZE;
+- if (entry_nr < 0 || entry_nr >= msix->total_entries) {
+- XEN_PT_ERR(&s->dev, "asked MSI-X entry '%i' invalid!\n", entry_nr);
++ if (entry_nr >= msix->total_entries) {
+ return;
+ }
+ entry = &msix->msix_entry[entry_nr];
+@@ -460,8 +459,11 @@ static void pci_msix_write(void *opaque, hwaddr addr,
+ + PCI_MSIX_ENTRY_VECTOR_CTRL;
+
+ if (msix->enabled && !(*vec_ctrl & PCI_MSIX_ENTRY_CTRL_MASKBIT)) {
+- XEN_PT_ERR(&s->dev, "Can't update msix entry %d since MSI-X is"
+- " already enabled.\n", entry_nr);
++ if (!entry->warned) {
++ entry->warned = true;
++ XEN_PT_ERR(&s->dev, "Can't update msix entry %d since MSI-X is"
++ " already enabled.\n", entry_nr);
++ }
+ return;
+ }
+
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt1.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt1.patch
new file mode 100644
index 0000000000..1a2db950da
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt1.patch
@@ -0,0 +1,72 @@
+From d1d35cf4ffb6a60a356193397919e83306d0bb74 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/MSI: don't open-code pass-through of enable bit
+ modifications
+
+Without this the actual XSA-131 fix would cause the enable bit to not
+get set anymore (due to the write back getting suppressed there based
+on the OR of emu_mask, ro_mask, and res_mask).
+
+Note that the fiddling with the enable bit shouldn't really be done by
+qemu, but making this work right (via libxc and the hypervisor) will
+require more extensive changes, which can be postponed until after the
+security issue got addressed.
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+---
+ hw/xen/xen_pt_config_init.c | 10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 68b8f22..436d0fd 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -1053,7 +1053,6 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
+ XenPTMSI *msi = s->msi;
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+- uint16_t raw_val;
+
+ /* Currently no support for multi-vector */
+ if (*val & PCI_MSI_FLAGS_QSIZE) {
+@@ -1066,12 +1065,11 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
+ msi->flags |= cfg_entry->data & ~PCI_MSI_FLAGS_ENABLE;
+
+ /* create value for writing to I/O device register */
+- raw_val = *val;
+ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ /* update MSI */
+- if (raw_val & PCI_MSI_FLAGS_ENABLE) {
++ if (*val & PCI_MSI_FLAGS_ENABLE) {
+ /* setup MSI pirq for the first time */
+ if (!msi->initialized) {
+ /* Init physical one */
+@@ -1099,10 +1097,6 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
+ xen_pt_msi_disable(s);
+ }
+
+- /* pass through MSI_ENABLE bit */
+- *val &= ~PCI_MSI_FLAGS_ENABLE;
+- *val |= raw_val & PCI_MSI_FLAGS_ENABLE;
+-
+ return 0;
+ }
+
+@@ -1301,7 +1295,7 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ .size = 2,
+ .init_val = 0x0000,
+ .ro_mask = 0xFF8E,
+- .emu_mask = 0x017F,
++ .emu_mask = 0x017E,
+ .init = xen_pt_msgctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_msgctrl_reg_write,
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt2.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt2.patch
new file mode 100644
index 0000000000..2eeb7ef0af
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt2.patch
@@ -0,0 +1,81 @@
+From d61bb2482dc0c7426f451f23ba7e2748ae2cc06d Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: consolidate PM capability emu_mask
+
+There's no point in xen_pt_pmcsr_reg_{read,write}() each ORing
+PCI_PM_CTRL_STATE_MASK and PCI_PM_CTRL_NO_SOFT_RESET into a local
+emu_mask variable - we can have the same effect by setting the field
+descriptor's emu_mask member suitably right away. Note that
+xen_pt_pmcsr_reg_write() is being retained in order to allow later
+patches to be less intrusive.
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Acked-by: Ian Campbell <ian.campbell@citrix.com>
+---
+ hw/xen/xen_pt_config_init.c | 25 ++++---------------------
+ 1 file changed, 4 insertions(+), 21 deletions(-)
+
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 436d0fd..516236a 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -933,38 +933,21 @@ static XenPTRegInfo xen_pt_emu_reg_pcie[] = {
+ * Power Management Capability
+ */
+
+-/* read Power Management Control/Status register */
+-static int xen_pt_pmcsr_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+- uint16_t *value, uint16_t valid_mask)
+-{
+- XenPTRegInfo *reg = cfg_entry->reg;
+- uint16_t valid_emu_mask = reg->emu_mask;
+-
+- valid_emu_mask |= PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET;
+-
+- valid_emu_mask = valid_emu_mask & valid_mask;
+- *value = XEN_PT_MERGE_VALUE(*value, cfg_entry->data, ~valid_emu_mask);
+-
+- return 0;
+-}
+ /* write Power Management Control/Status register */
+ static int xen_pt_pmcsr_reg_write(XenPCIPassthroughState *s,
+ XenPTReg *cfg_entry, uint16_t *val,
+ uint16_t dev_value, uint16_t valid_mask)
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+- uint16_t emu_mask = reg->emu_mask;
+ uint16_t writable_mask = 0;
+ uint16_t throughable_mask = 0;
+
+- emu_mask |= PCI_PM_CTRL_STATE_MASK | PCI_PM_CTRL_NO_SOFT_RESET;
+-
+ /* modify emulate register */
+- writable_mask = emu_mask & ~reg->ro_mask & valid_mask;
++ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~emu_mask & valid_mask;
++ throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+@@ -1000,9 +983,9 @@ static XenPTRegInfo xen_pt_emu_reg_pm[] = {
+ .size = 2,
+ .init_val = 0x0008,
+ .ro_mask = 0xE1FC,
+- .emu_mask = 0x8100,
++ .emu_mask = 0x810B,
+ .init = xen_pt_common_reg_init,
+- .u.w.read = xen_pt_pmcsr_reg_read,
++ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_pmcsr_reg_write,
+ },
+ {
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt3.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt3.patch
new file mode 100644
index 0000000000..8d12d7ac5b
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt3.patch
@@ -0,0 +1,33 @@
+From c4ff1e68c621928abc680266cad0a451686c403b Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: correctly handle PM status bit
+
+xen_pt_pmcsr_reg_write() needs an adjustment to deal with the RW1C
+nature of the not passed through bit 15 (PCI_PM_CTRL_PME_STATUS).
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+---
+ hw/xen/xen_pt_config_init.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 516236a..027ac32 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -948,7 +948,8 @@ static int xen_pt_pmcsr_reg_write(XenPCIPassthroughState *s,
+
+ /* create value for writing to I/O device register */
+ throughable_mask = ~reg->emu_mask & valid_mask;
+- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
++ *val = XEN_PT_MERGE_VALUE(*val, dev_value & ~PCI_PM_CTRL_PME_STATUS,
++ throughable_mask);
+
+ return 0;
+ }
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt4.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt4.patch
new file mode 100644
index 0000000000..068f560e35
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt4.patch
@@ -0,0 +1,260 @@
+From 0e7ef22136955169a0fd03c4e41af95662352733 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: split out calculation of throughable mask in PCI
+ config space handling
+
+This is just to avoid having to adjust that calculation later in
+multiple places.
+
+Note that including ->ro_mask in get_throughable_mask()'s calculation
+is only an apparent (i.e. benign) behavioral change: For r/o fields it
+doesn't matter > whether they get passed through - either the same flag
+is also set in emu_mask (then there's no change at all) or the field is
+r/o in hardware (and hence a write won't change it anyway).
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
+---
+ hw/xen/xen_pt_config_init.c | 51 ++++++++++++++++++---------------------------
+ 1 file changed, 20 insertions(+), 31 deletions(-)
+
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 027ac32..3833b9e 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -95,6 +95,14 @@ XenPTReg *xen_pt_find_reg(XenPTRegGroup *reg_grp, uint32_t address)
+ return NULL;
+ }
+
++static uint32_t get_throughable_mask(const XenPCIPassthroughState *s,
++ const XenPTRegInfo *reg,
++ uint32_t valid_mask)
++{
++ uint32_t throughable_mask = ~(reg->emu_mask | reg->ro_mask);
++
++ return throughable_mask & valid_mask;
++}
+
+ /****************
+ * general register functions
+@@ -157,14 +165,13 @@ static int xen_pt_byte_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint8_t writable_mask = 0;
+- uint8_t throughable_mask = 0;
++ uint8_t throughable_mask = get_throughable_mask(s, reg, valid_mask);
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+@@ -175,14 +182,13 @@ static int xen_pt_word_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t writable_mask = 0;
+- uint16_t throughable_mask = 0;
++ uint16_t throughable_mask = get_throughable_mask(s, reg, valid_mask);
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+@@ -193,14 +199,13 @@ static int xen_pt_long_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint32_t writable_mask = 0;
+- uint32_t throughable_mask = 0;
++ uint32_t throughable_mask = get_throughable_mask(s, reg, valid_mask);
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+@@ -292,15 +297,13 @@ static int xen_pt_cmd_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t writable_mask = 0;
+- uint16_t throughable_mask = 0;
++ uint16_t throughable_mask = get_throughable_mask(s, reg, valid_mask);
+
+ /* modify emulate register */
+ writable_mask = ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+-
+ if (*val & PCI_COMMAND_INTX_DISABLE) {
+ throughable_mask |= PCI_COMMAND_INTX_DISABLE;
+ } else {
+@@ -454,7 +457,6 @@ static int xen_pt_bar_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ PCIDevice *d = &s->dev;
+ const PCIIORegion *r;
+ uint32_t writable_mask = 0;
+- uint32_t throughable_mask = 0;
+ uint32_t bar_emu_mask = 0;
+ uint32_t bar_ro_mask = 0;
+ uint32_t r_size = 0;
+@@ -511,8 +513,7 @@ static int xen_pt_bar_reg_write(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
+ }
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~bar_emu_mask & valid_mask;
+- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
++ *val = XEN_PT_MERGE_VALUE(*val, dev_value, 0);
+
+ return 0;
+ }
+@@ -526,9 +527,8 @@ static int xen_pt_exp_rom_bar_reg_write(XenPCIPassthroughState *s,
+ XenPTRegion *base = NULL;
+ PCIDevice *d = (PCIDevice *)&s->dev;
+ uint32_t writable_mask = 0;
+- uint32_t throughable_mask = 0;
++ uint32_t throughable_mask = get_throughable_mask(s, reg, valid_mask);
+ pcibus_t r_size = 0;
+- uint32_t bar_emu_mask = 0;
+ uint32_t bar_ro_mask = 0;
+
+ r_size = d->io_regions[PCI_ROM_SLOT].size;
+@@ -537,7 +537,6 @@ static int xen_pt_exp_rom_bar_reg_write(XenPCIPassthroughState *s,
+ r_size = xen_pt_get_emul_size(base->bar_flag, r_size);
+
+ /* set emulate mask and read-only mask */
+- bar_emu_mask = reg->emu_mask;
+ bar_ro_mask = (reg->ro_mask | (r_size - 1)) & ~PCI_ROM_ADDRESS_ENABLE;
+
+ /* modify emulate register */
+@@ -545,7 +544,6 @@ static int xen_pt_exp_rom_bar_reg_write(XenPCIPassthroughState *s,
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~bar_emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ return 0;
+@@ -940,14 +938,13 @@ static int xen_pt_pmcsr_reg_write(XenPCIPassthroughState *s,
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t writable_mask = 0;
+- uint16_t throughable_mask = 0;
++ uint16_t throughable_mask = get_throughable_mask(s, reg, valid_mask);
+
+ /* modify emulate register */
+ writable_mask = reg->emu_mask & ~reg->ro_mask & valid_mask;
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value & ~PCI_PM_CTRL_PME_STATUS,
+ throughable_mask);
+
+@@ -1036,7 +1033,7 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg = cfg_entry->reg;
+ XenPTMSI *msi = s->msi;
+ uint16_t writable_mask = 0;
+- uint16_t throughable_mask = 0;
++ uint16_t throughable_mask = get_throughable_mask(s, reg, valid_mask);
+
+ /* Currently no support for multi-vector */
+ if (*val & PCI_MSI_FLAGS_QSIZE) {
+@@ -1049,7 +1046,6 @@ static int xen_pt_msgctrl_reg_write(XenPCIPassthroughState *s,
+ msi->flags |= cfg_entry->data & ~PCI_MSI_FLAGS_ENABLE;
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ /* update MSI */
+@@ -1161,7 +1157,6 @@ static int xen_pt_msgaddr32_reg_write(XenPCIPassthroughState *s,
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint32_t writable_mask = 0;
+- uint32_t throughable_mask = 0;
+ uint32_t old_addr = cfg_entry->data;
+
+ /* modify emulate register */
+@@ -1170,8 +1165,7 @@ static int xen_pt_msgaddr32_reg_write(XenPCIPassthroughState *s,
+ s->msi->addr_lo = cfg_entry->data;
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
++ *val = XEN_PT_MERGE_VALUE(*val, dev_value, 0);
+
+ /* update MSI */
+ if (cfg_entry->data != old_addr) {
+@@ -1189,7 +1183,6 @@ static int xen_pt_msgaddr64_reg_write(XenPCIPassthroughState *s,
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint32_t writable_mask = 0;
+- uint32_t throughable_mask = 0;
+ uint32_t old_addr = cfg_entry->data;
+
+ /* check whether the type is 64 bit or not */
+@@ -1206,8 +1199,7 @@ static int xen_pt_msgaddr64_reg_write(XenPCIPassthroughState *s,
+ s->msi->addr_hi = cfg_entry->data;
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
++ *val = XEN_PT_MERGE_VALUE(*val, dev_value, 0);
+
+ /* update MSI */
+ if (cfg_entry->data != old_addr) {
+@@ -1229,7 +1221,6 @@ static int xen_pt_msgdata_reg_write(XenPCIPassthroughState *s,
+ XenPTRegInfo *reg = cfg_entry->reg;
+ XenPTMSI *msi = s->msi;
+ uint16_t writable_mask = 0;
+- uint16_t throughable_mask = 0;
+ uint16_t old_data = cfg_entry->data;
+ uint32_t offset = reg->offset;
+
+@@ -1247,8 +1238,7 @@ static int xen_pt_msgdata_reg_write(XenPCIPassthroughState *s,
+ msi->data = cfg_entry->data;
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+- *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
++ *val = XEN_PT_MERGE_VALUE(*val, dev_value, 0);
+
+ /* update MSI */
+ if (cfg_entry->data != old_data) {
+@@ -1410,7 +1400,7 @@ static int xen_pt_msixctrl_reg_write(XenPCIPassthroughState *s,
+ {
+ XenPTRegInfo *reg = cfg_entry->reg;
+ uint16_t writable_mask = 0;
+- uint16_t throughable_mask = 0;
++ uint16_t throughable_mask = get_throughable_mask(s, reg, valid_mask);
+ int debug_msix_enabled_old;
+
+ /* modify emulate register */
+@@ -1418,7 +1408,6 @@ static int xen_pt_msixctrl_reg_write(XenPCIPassthroughState *s,
+ cfg_entry->data = XEN_PT_MERGE_VALUE(*val, cfg_entry->data, writable_mask);
+
+ /* create value for writing to I/O device register */
+- throughable_mask = ~reg->emu_mask & valid_mask;
+ *val = XEN_PT_MERGE_VALUE(*val, dev_value, throughable_mask);
+
+ /* update MSI-X */
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch
new file mode 100644
index 0000000000..e28a491689
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt5.patch
@@ -0,0 +1,33 @@
+From 45ebe3916ab16f859ed930e92fbd52d84d5dcdaf Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: mark all PCIe capability bits read-only
+
+xen_pt_emu_reg_pcie[]'s PCI_EXP_DEVCAP needs to cover all bits as read-
+only to avoid unintended write-back (just a precaution, the field ought
+to be read-only in hardware).
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+---
+ hw/xen/xen_pt_config_init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 3833b9e..9f6c00e 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -871,7 +871,7 @@ static XenPTRegInfo xen_pt_emu_reg_pcie[] = {
+ .offset = PCI_EXP_DEVCAP,
+ .size = 4,
+ .init_val = 0x00000000,
+- .ro_mask = 0x1FFCFFFF,
++ .ro_mask = 0xFFFFFFFF,
+ .emu_mask = 0x10000000,
+ .init = xen_pt_common_reg_init,
+ .u.dw.read = xen_pt_long_reg_read,
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch
new file mode 100644
index 0000000000..8fff71e1c3
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt6.patch
@@ -0,0 +1,89 @@
+From 0ad3393ad032f76e88b4dbd04d36ad84dff75dd6 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: mark reserved bits in PCI config space fields
+
+The adjustments are solely to make the subsequent patches work right
+(and hence make the patch set consistent), namely if permissive mode
+(introduced by the last patch) gets used (as both reserved registers
+and reserved fields must be similarly protected from guest access in
+default mode, but the guest should be allowed access to them in
+permissive mode).
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+---
+ hw/xen/xen_pt.h | 2 ++
+ hw/xen/xen_pt_config_init.c | 14 +++++++++-----
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
+index 8c9b6c2..f9795eb 100644
+--- a/hw/xen/xen_pt.h
++++ b/hw/xen/xen_pt.h
+@@ -101,6 +101,8 @@ struct XenPTRegInfo {
+ uint32_t offset;
+ uint32_t size;
+ uint32_t init_val;
++ /* reg reserved field mask (ON:reserved, OFF:defined) */
++ uint32_t res_mask;
+ /* reg read only field mask (ON:RO/ROS, OFF:other) */
+ uint32_t ro_mask;
+ /* reg emulate field mask (ON:emu, OFF:passthrough) */
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 9f6c00e..efd8bac 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -578,7 +578,7 @@ static XenPTRegInfo xen_pt_emu_reg_header0[] = {
+ .offset = PCI_COMMAND,
+ .size = 2,
+ .init_val = 0x0000,
+- .ro_mask = 0xF880,
++ .res_mask = 0xF880,
+ .emu_mask = 0x0743,
+ .init = xen_pt_common_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+@@ -603,7 +603,8 @@ static XenPTRegInfo xen_pt_emu_reg_header0[] = {
+ .offset = PCI_STATUS,
+ .size = 2,
+ .init_val = 0x0000,
+- .ro_mask = 0x06FF,
++ .res_mask = 0x0007,
++ .ro_mask = 0x06F8,
+ .emu_mask = 0x0010,
+ .init = xen_pt_status_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+@@ -980,7 +981,8 @@ static XenPTRegInfo xen_pt_emu_reg_pm[] = {
+ .offset = PCI_PM_CTRL,
+ .size = 2,
+ .init_val = 0x0008,
+- .ro_mask = 0xE1FC,
++ .res_mask = 0x00F0,
++ .ro_mask = 0xE10C,
+ .emu_mask = 0x810B,
+ .init = xen_pt_common_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+@@ -1268,7 +1270,8 @@ static XenPTRegInfo xen_pt_emu_reg_msi[] = {
+ .offset = PCI_MSI_FLAGS,
+ .size = 2,
+ .init_val = 0x0000,
+- .ro_mask = 0xFF8E,
++ .res_mask = 0xFE00,
++ .ro_mask = 0x018E,
+ .emu_mask = 0x017E,
+ .init = xen_pt_msgctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+@@ -1446,7 +1449,8 @@ static XenPTRegInfo xen_pt_emu_reg_msix[] = {
+ .offset = PCI_MSI_FLAGS,
+ .size = 2,
+ .init_val = 0x0000,
+- .ro_mask = 0x3FFF,
++ .res_mask = 0x3800,
++ .ro_mask = 0x07FF,
+ .emu_mask = 0x0000,
+ .init = xen_pt_msixctrl_reg_init,
+ .u.w.read = xen_pt_word_reg_read,
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt7.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt7.patch
new file mode 100644
index 0000000000..a51a438f0d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt7.patch
@@ -0,0 +1,72 @@
+From a88a3f887181605f4487a22bdfb7d87ffafde5d9 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: add a few PCI config space field descriptions
+
+Since the next patch will turn all not explicitly described fields
+read-only by default, those fields that have guest writable bits need
+to be given explicit descriptors.
+
+This is a preparatory patch for XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+---
+ hw/xen/xen_pt_config_init.c | 28 ++++++++++++++++++++++++++++
+ 1 file changed, 28 insertions(+)
+
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index efd8bac..19f926b 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -754,6 +754,15 @@ static XenPTRegInfo xen_pt_emu_reg_vpd[] = {
+ .u.b.write = xen_pt_byte_reg_write,
+ },
+ {
++ .offset = PCI_VPD_ADDR,
++ .size = 2,
++ .ro_mask = 0x0003,
++ .emu_mask = 0x0003,
++ .init = xen_pt_common_reg_init,
++ .u.w.read = xen_pt_word_reg_read,
++ .u.w.write = xen_pt_word_reg_write,
++ },
++ {
+ .size = 0,
+ },
+ };
+@@ -889,6 +898,16 @@ static XenPTRegInfo xen_pt_emu_reg_pcie[] = {
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
++ /* Device Status reg */
++ {
++ .offset = PCI_EXP_DEVSTA,
++ .size = 2,
++ .res_mask = 0xFFC0,
++ .ro_mask = 0x0030,
++ .init = xen_pt_common_reg_init,
++ .u.w.read = xen_pt_word_reg_read,
++ .u.w.write = xen_pt_word_reg_write,
++ },
+ /* Link Control reg */
+ {
+ .offset = PCI_EXP_LNKCTL,
+@@ -900,6 +919,15 @@ static XenPTRegInfo xen_pt_emu_reg_pcie[] = {
+ .u.w.read = xen_pt_word_reg_read,
+ .u.w.write = xen_pt_word_reg_write,
+ },
++ /* Link Status reg */
++ {
++ .offset = PCI_EXP_LNKSTA,
++ .size = 2,
++ .ro_mask = 0x3FFF,
++ .init = xen_pt_common_reg_init,
++ .u.w.read = xen_pt_word_reg_read,
++ .u.w.write = xen_pt_word_reg_write,
++ },
+ /* Device Control 2 reg */
+ {
+ .offset = 0x28,
+--
+2.2.1
+
diff --git a/gnu/packages/patches/qemu-CVE-2015-4106-pt8.patch b/gnu/packages/patches/qemu-CVE-2015-4106-pt8.patch
new file mode 100644
index 0000000000..bc3e03217f
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2015-4106-pt8.patch
@@ -0,0 +1,132 @@
+From c25bbf1545a53ac051f9e51d4140e397660c10ae Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 2 Jun 2015 15:07:01 +0000
+Subject: [PATCH] xen/pt: unknown PCI config space fields should be read-only
+
+... by default. Add a per-device "permissive" mode similar to pciback's
+to allow restoring previous behavior (and hence break security again,
+i.e. should be used only for trusted guests).
+
+This is part of XSA-131.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>)
+---
+ hw/xen/xen_pt.c | 32 +++++++++++++++++++++++++++++---
+ hw/xen/xen_pt.h | 2 ++
+ hw/xen/xen_pt_config_init.c | 4 ++++
+ 3 files changed, 35 insertions(+), 3 deletions(-)
+
+diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c
+index 8923582..9afcda8 100644
+--- a/hw/xen/xen_pt.c
++++ b/hw/xen/xen_pt.c
+@@ -239,6 +239,7 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+ XenPTReg *reg_entry = NULL;
+ uint32_t find_addr = addr;
+ XenPTRegInfo *reg = NULL;
++ bool wp_flag = false;
+
+ if (xen_pt_pci_config_access_check(d, addr, len)) {
+ return;
+@@ -278,6 +279,10 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+
+ /* pass directly to the real device for passthrough type register group */
+ if (reg_grp_entry == NULL) {
++ if (!s->permissive) {
++ wb_mask = 0;
++ wp_flag = true;
++ }
+ goto out;
+ }
+
+@@ -298,12 +303,15 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+ uint32_t real_offset = reg_grp_entry->base_offset + reg->offset;
+ uint32_t valid_mask = 0xFFFFFFFF >> ((4 - emul_len) << 3);
+ uint8_t *ptr_val = NULL;
++ uint32_t wp_mask = reg->emu_mask | reg->ro_mask;
+
+ valid_mask <<= (find_addr - real_offset) << 3;
+ ptr_val = (uint8_t *)&val + (real_offset & 3);
+- if (reg->emu_mask == (0xFFFFFFFF >> ((4 - reg->size) << 3))) {
+- wb_mask &= ~((reg->emu_mask
+- >> ((find_addr - real_offset) << 3))
++ if (!s->permissive) {
++ wp_mask |= reg->res_mask;
++ }
++ if (wp_mask == (0xFFFFFFFF >> ((4 - reg->size) << 3))) {
++ wb_mask &= ~((wp_mask >> ((find_addr - real_offset) << 3))
+ << ((len - emul_len) << 3));
+ }
+
+@@ -347,6 +355,16 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+ } else {
+ /* nothing to do with passthrough type register,
+ * continue to find next byte */
++ if (!s->permissive) {
++ wb_mask &= ~(0xff << ((len - emul_len) << 3));
++ /* Unused BARs will make it here, but we don't want to issue
++ * warnings for writes to them (bogus writes get dealt with
++ * above).
++ */
++ if (index < 0) {
++ wp_flag = true;
++ }
++ }
+ emul_len--;
+ find_addr++;
+ }
+@@ -358,6 +376,13 @@ static void xen_pt_pci_write_config(PCIDevice *d, uint32_t addr,
+ memory_region_transaction_commit();
+
+ out:
++ if (wp_flag && !s->permissive_warned) {
++ s->permissive_warned = true;
++ xen_pt_log(d, "Write-back to unknown field 0x%02x (partially) inhibited (0x%0*x)\n",
++ addr, len * 2, wb_mask);
++ xen_pt_log(d, "If the device doesn't work, try enabling permissive mode\n");
++ xen_pt_log(d, "(unsafe) and if it helps report the problem to xen-devel\n");
++ }
+ for (index = 0; wb_mask; index += len) {
+ /* unknown regs are passed through */
+ while (!(wb_mask & 0xff)) {
+@@ -824,6 +849,7 @@ static void xen_pt_unregister_device(PCIDevice *d)
+
+ static Property xen_pci_passthrough_properties[] = {
+ DEFINE_PROP_PCI_HOST_DEVADDR("hostaddr", XenPCIPassthroughState, hostaddr),
++ DEFINE_PROP_BOOL("permissive", XenPCIPassthroughState, permissive, false),
+ DEFINE_PROP_END_OF_LIST(),
+ };
+
+diff --git a/hw/xen/xen_pt.h b/hw/xen/xen_pt.h
+index f9795eb..4bba559 100644
+--- a/hw/xen/xen_pt.h
++++ b/hw/xen/xen_pt.h
+@@ -197,6 +197,8 @@ struct XenPCIPassthroughState {
+
+ PCIHostDeviceAddress hostaddr;
+ bool is_virtfn;
++ bool permissive;
++ bool permissive_warned;
+ XenHostPCIDevice real_device;
+ XenPTRegion bases[PCI_NUM_REGIONS]; /* Access regions */
+ QLIST_HEAD(, XenPTRegGroup) reg_grps;
+diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
+index 19f926b..f3cf069 100644
+--- a/hw/xen/xen_pt_config_init.c
++++ b/hw/xen/xen_pt_config_init.c
+@@ -101,6 +101,10 @@ static uint32_t get_throughable_mask(const XenPCIPassthroughState *s,
+ {
+ uint32_t throughable_mask = ~(reg->emu_mask | reg->ro_mask);
+
++ if (!s->permissive) {
++ throughable_mask &= ~reg->res_mask;
++ }
++
+ return throughable_mask & valid_mask;
+ }
+
+--
+2.2.1
+
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 232a785778..d503c787b1 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -2068,7 +2068,7 @@ sources.")
(define-public python-scikit-learn
(package
(name "python-scikit-learn")
- (version "0.15.2")
+ (version "0.16.1")
(source
(origin
(method url-fetch)
@@ -2077,40 +2077,27 @@ sources.")
version ".tar.gz"))
(sha256
(base32
- "1rb93h2q15f219sz60sczjb65rg70xjmnp0q4pkkaairx5s05q55"))))
+ "140skabifgc7lvvj873pnzlwx0ni6q8qkrsyad2ccjb3h8rxzkih"))))
(build-system python-build-system)
(arguments
`(#:phases
(alist-cons-before
- 'build 'set-environment-variables
- (lambda* (#:key inputs #:allow-other-keys)
- (let* ((atlas-threaded
- (string-append (assoc-ref inputs "atlas")
- "/lib/libtatlas.so"))
- ;; On single core CPUs only the serial library is created.
- (atlas-lib
- (if (file-exists? atlas-threaded)
- atlas-threaded
- (string-append (assoc-ref inputs "atlas")
- "/lib/libsatlas.so"))))
- (setenv "ATLAS" atlas-lib)))
- (alist-cons-before
- 'check 'set-HOME
- ;; some tests require access to "$HOME"
- (lambda _ (setenv "HOME" "/tmp"))
- ;; Tests can only be run after the library has been installed and not
- ;; within the source directory.
- (alist-cons-after
- 'install 'check
- (lambda _
- (with-directory-excursion "/tmp"
- ;; With Python 3 one test of 3334 fails
- ;; (sklearn.tests.test_common.test_transformers); see
- ;; https://github.com/scikit-learn/scikit-learn/issues/3693
- (system* "nosetests" "-v" "sklearn")))
- (alist-delete 'check %standard-phases))))))
+ 'check 'set-HOME
+ ;; some tests require access to "$HOME"
+ (lambda _ (setenv "HOME" "/tmp"))
+ ;; Tests can only be run after the library has been installed and not
+ ;; within the source directory.
+ (alist-cons-after
+ 'install 'check
+ (lambda _
+ (with-directory-excursion "/tmp"
+ ;; With Python 3 one test of 3334 fails
+ ;; (sklearn.tests.test_common.test_transformers); see
+ ;; https://github.com/scikit-learn/scikit-learn/issues/3693
+ (system* "nosetests" "-v" "sklearn")))
+ (alist-delete 'check %standard-phases)))))
(inputs
- `(("atlas" ,atlas)
+ `(("openblas" ,openblas)
("python-nose" ,python-nose)))
(propagated-inputs
`(("python-numpy" ,python-numpy)
@@ -2285,7 +2272,8 @@ writing C extensions for Python as easy as Python itself.")
(build-system python-build-system)
(inputs
`(("python-nose" ,python-nose)
- ("openblas" ,openblas)))
+ ("openblas" ,openblas)
+ ("lapack" ,lapack)))
(native-inputs
`(("gfortran" ,gfortran-4.8)))
(arguments
@@ -2295,11 +2283,21 @@ writing C extensions for Python as easy as Python itself.")
(lambda* (#:key inputs #:allow-other-keys)
(call-with-output-file "site.cfg"
(lambda (port)
- (format port "[openblas]
+ (format port
+ "[openblas]
libraries = openblas
library_dirs = ~a/lib
include_dirs = ~a/include
-" (assoc-ref inputs "openblas") (assoc-ref inputs "openblas"))))
+
+[lapack]
+lapack_libs = lapack
+library_dirs = ~a/lib
+include_dirs = ~a/include
+"
+ (assoc-ref inputs "openblas")
+ (assoc-ref inputs "openblas")
+ (assoc-ref inputs "lapack")
+ (assoc-ref inputs "lapack"))))
;; Use "gcc" executable, not "cc".
(substitute* "numpy/distutils/system_info.py"
(("c = distutils\\.ccompiler\\.new_compiler\\(\\)")
@@ -2619,7 +2617,8 @@ toolkits.")
("python-pyparsing" ,python-pyparsing)
("python-nose" ,python-nose)
("python-sphinx" ,python-sphinx)
- ("atlas" ,atlas)))
+ ("lapack" ,lapack)
+ ("openblas" ,openblas)))
(native-inputs
`(("gfortran" ,gfortran-4.8)
("texlive" ,texlive)
@@ -2628,18 +2627,23 @@ toolkits.")
(arguments
`(#:phases
(alist-cons-before
- 'build 'set-environment-variables
+ 'build 'configure-openblas
(lambda* (#:key inputs #:allow-other-keys)
- (let* ((atlas-threaded
- (string-append (assoc-ref inputs "atlas")
- "/lib/libtatlas.so"))
- ;; On single core CPUs only the serial library is created.
- (atlas-lib
- (if (file-exists? atlas-threaded)
- atlas-threaded
- (string-append (assoc-ref inputs "atlas")
- "/lib/libsatlas.so"))))
- (setenv "ATLAS" atlas-lib)))
+ (call-with-output-file "site.cfg"
+ (lambda (port)
+ (format port
+ "[blas]
+libraries = openblas
+library_dirs = ~a/lib
+include_dirs = ~a/include
+[atlas]
+library_dirs = ~a/lib
+atlas_libs = openblas
+"
+ (assoc-ref inputs "openblas")
+ (assoc-ref inputs "openblas")
+ (assoc-ref inputs "openblas"))))
+ #t)
(alist-cons-after
'install 'install-doc
(lambda* (#:key outputs #:allow-other-keys)
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 27a2d2e8ba..9213007452 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -53,7 +53,19 @@
(base32
"120m53c3p28qxmfzllicjzr8syjv6v4d9rsyrgkp7gnmcgvvgfmn"))
(patches (map search-patch '("qemu-CVE-2015-3209.patch"
- "qemu-CVE-2015-3456.patch")))))
+ "qemu-CVE-2015-3456.patch"
+ "qemu-CVE-2015-4037.patch"
+ "qemu-CVE-2015-4103.patch"
+ "qemu-CVE-2015-4104.patch"
+ "qemu-CVE-2015-4105.patch"
+ "qemu-CVE-2015-4106-pt1.patch"
+ "qemu-CVE-2015-4106-pt2.patch"
+ "qemu-CVE-2015-4106-pt3.patch"
+ "qemu-CVE-2015-4106-pt4.patch"
+ "qemu-CVE-2015-4106-pt5.patch"
+ "qemu-CVE-2015-4106-pt6.patch"
+ "qemu-CVE-2015-4106-pt7.patch"
+ "qemu-CVE-2015-4106-pt8.patch")))))
(build-system gnu-build-system)
(arguments
'(#:phases (alist-replace
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 9943de7e0b..ff30c4988a 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -28,6 +28,7 @@
#:use-module (gnu packages autotools)
#:use-module (gnu packages libffi)
#:use-module (gnu packages gdbm)
+ #:use-module (gnu packages version-control)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
@@ -364,3 +365,302 @@ specified in a \"Gemfile\", as well as their dependencies.")
User Agents.")
(home-page "https://github.com/gshutler/useragent")
(license license:expat)))
+
+(define-public ruby-bacon
+ (package
+ (name "ruby-bacon")
+ (version "1.2")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/chneukirchen/bacon/archive/"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0g03fxilrrx17dijww68n1lq5d8s69hrxgpga8c1i2k35bzcw5jc"))))
+ (build-system ruby-build-system)
+ (arguments
+ `(#:phases (modify-phases %standard-phases
+ (add-before 'build 'generate-docs
+ (lambda _
+ ;; This rake task also tries to generate a ChangeLog
+ ;; file from the Git log, which we don't have. It fails
+ ;; but creates an empty file, allowing the rest of the
+ ;; build to succeed.
+ (zero? (system* "rake" "predist")))))))
+ (synopsis "Small RSpec clone")
+ (description "Bacon is a small RSpec clone providing all essential
+features.")
+ (home-page "https://github.com/chneukirchen/bacon")
+ (license license:expat)))
+
+(define-public ruby-arel
+ (package
+ (name "ruby-arel")
+ (version "6.0.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/rails/arel/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0fldwp2hmrmddx22xf7hdmybngzv97qnv5rvz3qw61m94ddd6w4n"))))
+ (build-system ruby-build-system)
+ (native-inputs
+ `(("bundler" ,bundler)))
+ (synopsis "SQL AST manager for Ruby")
+ (description "Arel is a SQL AST manager for Ruby. It simplifies the
+generation of complex SQL queries and adapts to various relational database
+implementations.")
+ (home-page "https://github.com/rails/arel")
+ (license license:expat)))
+
+(define-public ruby-connection-pool
+ (package
+ (name "ruby-connection-pool")
+ (version "2.2.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/mperham/connection_pool/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "02s5rwhmgy8qqns7a5y1daa0yaw38x6lzpwyvmy46h1yrj9mc6zf"))))
+ (build-system ruby-build-system)
+ (native-inputs
+ `(("bundler" ,bundler)))
+ (synopsis "Generic connection pool for Ruby")
+ (description "Connection_pool provides a generic connection pooling
+interface for Ruby programs.")
+ (home-page "https://github.com/mperham/connection_pool")
+ (license license:expat)))
+
+(define-public ruby-net-http-persistent
+ (package
+ (name "ruby-net-http-persistent")
+ (version "2.9.4")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/drbrain/net-http-persistent/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1q18vji31w8gfr6ajziqkqs8n5lzkw0bl00dm2a8s05zhavzw9j9"))))
+ (build-system ruby-build-system)
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (replace 'build ; no gemspec
+ (lambda _ (zero? (system* "rake" "gem")))))))
+ (native-inputs
+ `(("ruby-connection-pool" ,ruby-connection-pool)
+ ("ruby-hoe" ,ruby-hoe)))
+ (synopsis "Persistent HTTP connection manager")
+ (description "Net::HTTP::Persistent manages persistent HTTP connections
+using Net::HTTP, supporting reconnection and retry according to RFC 2616.")
+ (home-page "https://github.com/drbrain/net-http-persistent")
+ (license license:expat)))
+
+(define-public ruby-minitest
+ (package
+ (name "ruby-minitest")
+ (version "5.7.0")
+ (source (origin
+ (method git-fetch)
+ ;; No release tarballs nor git tags. This is the commit
+ ;; corresponding to the addition of the release notes to
+ ;; History.rdoc.
+ (uri (git-reference
+ (url "https://github.com/seattlerb/minitest.git")
+ (commit "e975248")))
+ (sha256
+ (base32
+ "09xjiahk7q8hid1i39ahrmghaslpj9n36zna72i3ah7kf1bh2l01"))))
+ (build-system ruby-build-system)
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (replace 'build ; no gemspec
+ (lambda _ (zero? (system* "rake" "gem")))))))
+ (native-inputs
+ `(("ruby-hoe" ,ruby-hoe)))
+ (synopsis "Small test suite library for Ruby")
+ (description "Minitest provides a complete suite of Ruby testing
+facilities supporting TDD, BDD, mocking, and benchmarking.")
+ (home-page "https://github.com/seattlerb/minitest")
+ (license license:expat)))
+
+(define-public ruby-minitest-sprint
+ (package
+ (name "ruby-minitest-sprint")
+ (version "1.1.0")
+ (source (origin
+ (method git-fetch)
+ ;; Same story as ruby-minitest.
+ (uri (git-reference
+ (url "https://github.com/seattlerb/minitest-sprint.git")
+ (commit "49c02bc")))
+ (sha256
+ (base32
+ "0rbmxz94lqg5vjz60p8v2bzq8adwvmx501amvk0l124sfwmw94ms"))))
+ (build-system ruby-build-system)
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (replace 'build ; no gemspec
+ (lambda _ (zero? (system* "rake" "gem")))))))
+ (native-inputs
+ `(("ruby-hoe" ,ruby-hoe)
+ ("ruby-minitest" ,ruby-minitest)))
+ (synopsis "Fast test suite runner for minitest")
+ (description "Minitest-sprint is a test runner for minitest that makes it
+easier to re-run individual failing tests.")
+ (home-page "https://github.com/seattlerb/minitest-sprint")
+ (license license:expat)))
+
+(define-public ruby-minitest-bacon
+ (package
+ (name "ruby-minitest-bacon")
+ (version "1.0.2")
+ (source (origin
+ (method git-fetch)
+ ;; Same story as ruby-minitest.
+ (uri (git-reference
+ (url "https://github.com/seattlerb/minitest-bacon.git")
+ (commit "38551d5")))
+ (sha256
+ (base32
+ "19r9fm41i0mm1xncqls8frbj1i9nr3sq1cx2mh878r6kdl02d70h"))))
+ (build-system ruby-build-system)
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (replace 'build ; no gemspec
+ (lambda _ (zero? (system* "rake" "gem")))))))
+ (native-inputs
+ `(("ruby-hoe" ,ruby-hoe)))
+ (inputs
+ `(("ruby-minitest" ,ruby-minitest)))
+ (synopsis "Bacon compatibility library for minitest")
+ (description "Minitest-bacon extends minitest with bacon-like
+functionality, making it easier to migrate test suites from bacon to minitest.")
+ (home-page "https://github.com/seattlerb/minitest-bacon")
+ (license license:expat)))
+
+(define-public ruby-daemons
+ (package
+ (name "ruby-daemons")
+ (version "1.2.2")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/thuehlinger/daemons/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1v5bpdvpvhk240pc7fkn44vfclppl44pp6wd42ipi5sd5lkk7zfd"))))
+ (build-system ruby-build-system)
+ (arguments
+ `(#:tests? #f)) ; no test suite
+ (synopsis "Daemonize Ruby programs")
+ (description "Daemons provides a way to wrap existing Ruby scripts to be
+run as a daemon and to be controlled by simple start/stop/restart commands.")
+ (home-page "https://github.com/thuehlinger/daemons")
+ (license license:expat)))
+
+(define-public ruby-git
+ (package
+ (name "ruby-git")
+ (version "1.2.9.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/schacon/ruby-git/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "08zg20zc7f7yy34ix2qdd8jbiz7xhjc8alk370869sq3h75hs9jc"))))
+ (build-system ruby-build-system)
+ (arguments
+ '(#:phases (modify-phases %standard-phases
+ (add-before 'build 'patch-git-binary
+ (lambda* (#:key inputs #:allow-other-keys)
+ ;; Make the default git binary an absolute path to the
+ ;; store.
+ (let ((git (string-append (assoc-ref inputs "git")
+ "/bin/git")))
+ (substitute* '("lib/git/config.rb")
+ (("'git'")
+ (string-append "'" git "'")))
+ ;; Fix a test that expects the binary to be simply
+ ;; 'git'.
+ (substitute* '("tests/units/test_logger.rb")
+ (("def test_logger")
+ (string-append
+ "def test_logger\n"
+ "Git::Base.config.binary_path = 'git'")))
+ #t)))
+ (add-before 'check 'create-fake-home
+ (lambda _
+ ;; The test suite runs 'git config --global' commands,
+ ;; so a fake home directory is needed for them to
+ ;; succeed.
+ (let ((fake-home (string-append (getcwd) "/fake-home")))
+ (mkdir fake-home)
+ (setenv "HOME" fake-home)))))))
+ (inputs
+ `(("git" ,git)))
+ (synopsis "Ruby wrappers for Git")
+ (description "Ruby/Git is a Ruby library that can be used to create, read
+and manipulate Git repositories by wrapping system calls to the git binary.")
+ (home-page "https://github.com/schacon/ruby-git")
+ (license license:expat)))
+
+(define-public ruby-slop
+ (package
+ (name "ruby-slop")
+ (version "4.1.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/leejarvis/slop/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0cqs50a0b99kjd19xpln8jpnki07cjyp3l7wxbfr44ycasr6nznh"))))
+ (build-system ruby-build-system)
+ (native-inputs
+ `(("ruby-minitest" ,ruby-minitest)))
+ (synopsis "Ruby command line option parser")
+ (description "Slop provides a Ruby domain specific language for gathering
+options and parsing command line flags.")
+ (home-page "https://github.com/leejarvis/slop")
+ (license license:expat)))
+
+(define-public ruby-multipart-post
+ (package
+ (name "ruby-multipart-post")
+ (version "2.0.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/nicksieger/multipart-post/archive/v"
+ version ".tar.gz"))
+ (file-name (string-append name "-" version ".tar.gz"))
+ (sha256
+ (base32
+ "03n271i3knfx4j9aingxzz2bajd379dw9nswsllviqc177lq1anm"))))
+ (build-system ruby-build-system)
+ (native-inputs
+ `(("bundler" ,bundler)))
+ (synopsis "Multipart POST library for Ruby")
+ (description "Multipart-Post Adds multipart POST capability to Ruby's
+net/http library.")
+ (home-page "https://github.com/nicksieger/multipart-post")
+ (license license:expat)))
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index 8fc17e18b0..2de355a519 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -29,13 +29,13 @@
(define-public screen
(package
(name "screen")
- (version "4.2.1")
+ (version "4.3.0")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/screen/screen-"
version ".tar.gz"))
(sha256
- (base32 "105hp6qdd8rl71p81klmxiz4mlb60kh9r7czayrx40g38x858s2l"))))
+ (base32 "0ilccnwszaxr9wbrx0swh4fisha2rj2jiq76fwqikmv0rjdyhr2i"))))
(build-system gnu-build-system)
(inputs
`(("ncurses", ncurses)
diff --git a/gnu/packages/dwm.scm b/gnu/packages/suckless.scm
index 98fa122850..c921f8e767 100644
--- a/gnu/packages/dwm.scm
+++ b/gnu/packages/suckless.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
+;;; Copyright © 2015 Amirouche Boubekki <amirouche@hypermove.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -16,13 +17,16 @@
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
-(define-module (gnu packages dwm)
- #:use-module (guix licenses)
+(define-module (gnu packages suckless)
+ #:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
- #:use-module (gnu packages xorg))
+ #:use-module (gnu packages xorg)
+ #:use-module (gnu packages fonts)
+ #:use-module (gnu packages pkg-config)
+ #:use-module (gnu packages fontutils))
(define-public dwm
(package
@@ -83,7 +87,7 @@ left corner.
dwm draws a small customizable border around windows to indicate the focus
state.")
- (license x11)))
+ (license license:x11)))
(define-public dmenu
(package
@@ -111,7 +115,7 @@ state.")
(description
"A dynamic menu for X, originally designed for dwm. It manages large
numbers of user-defined menu items efficiently.")
- (license x11)))
+ (license license:x11)))
(define-public slock
(package
@@ -138,4 +142,50 @@ numbers of user-defined menu items efficiently.")
(synopsis "Simple X session lock")
(description
"Simple X session lock with trivial feedback on password entry.")
- (license x11)))
+ (license license:x11)))
+
+(define-public st
+ (package
+ (name "st")
+ (version "0.5")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "http://dl.suckless.org/st/st-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "0knxpzaa86pprng6hak8hx8bw22yw22rpz1ffxjpcvqlz3xdv05f"))))
+ (build-system gnu-build-system)
+ (arguments
+ '(#:tests? #f ; no tests
+ #:make-flags (list "CC=gcc"
+ (string-append "PREFIX=" %output))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)
+ (add-after 'unpack 'inhibit-terminfo-install
+ (lambda _
+ (substitute* "Makefile"
+ (("\t@tic -s st.info") ""))
+ #t)))))
+ (inputs
+ `(("libx11" ,libx11)
+ ("libxft" ,libxft)
+ ("libxcomposite" ,libxcomposite)
+ ("compositeproto" ,compositeproto)
+ ("libxext" ,libxext)
+ ("xextproto" ,xextproto)
+ ("libxrender" ,libxrender)
+ ("fontconfig" ,fontconfig)
+ ("freetype" ,freetype)
+ ("font-liberation" ,font-liberation)))
+ (native-inputs `(("pkg-config" ,pkg-config)))
+ (home-page "http://st.suckless.org/")
+ (synopsis "Simple terminal emulator")
+ (description
+ "St implements a simple and lightweight terminal emulator. It
+implements 256 colors, most VT10X escape sequences, utf8, X11 copy/paste,
+antialiased fonts (using fontconfig), fallback fonts, resizing, and line
+drawing.")
+ (license license:x11)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 0d153fa92d..71171e6931 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -101,14 +101,14 @@ as well as the classic centralized workflow.")
;; Keep in sync with 'git-manpages'!
(package
(name "git")
- (version "2.2.1")
+ (version "2.4.3")
(source (origin
(method url-fetch)
(uri (string-append "mirror://kernel.org/software/scm/git/git-"
version ".tar.xz"))
(sha256
(base32
- "0l7l9rv1ww474rm4whj7dhjjacgdw5qlqqxqsnyzdpdxl34jshh9"))))
+ "056qh112f2afnbc4sjzkf8idzhi9bp7ggpci83cc6a7gs6lhfl7h"))))
(build-system gnu-build-system)
(native-inputs
`(("native-perl" ,perl)
@@ -250,7 +250,7 @@ everything from small to very large projects with speed and efficiency.")
version ".tar.xz"))
(sha256
(base32
- "0f75n5yfrzb55qbg5wq4bmv43lay806v51yhglwkp7mbv1zkby00"))))
+ "1k24p33v9hvmpkx4l818x1vbdv090kfgwqshhyyl3h9m9b5skqci"))))
(build-system trivial-build-system)
(arguments
'(#:modules ((guix build utils))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 3955c383d7..b923e47444 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -296,14 +296,14 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
(define-public ffmpeg
(package
(name "ffmpeg")
- (version "2.6.2")
+ (version "2.7")
(source (origin
(method url-fetch)
(uri (string-append "http://www.ffmpeg.org/releases/ffmpeg-"
version ".tar.bz2"))
(sha256
(base32
- "1fi93zy98wmls7x3jpr2yvckk2ia6a1yyygwrfaxq95pd6h3m7l8"))))
+ "0jl43b63b20db3yia5xxp0hh8zwdbirk5k9p1d7416nq1b5ckfx8"))))
(build-system gnu-build-system)
(inputs
`(("fontconfig" ,fontconfig)
@@ -331,6 +331,7 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
("bzip2" ,bzip2)
("perl" ,perl)
("pkg-config" ,pkg-config)
+ ("texinfo" ,texinfo)
("python" ,python-2) ; scripts use interpreter python2
("speex" ,speex)
("yasm" ,yasm)))
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index 910dc1f9e0..7ed62d07b5 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -23,7 +23,6 @@
#:use-module (gnu services avahi)
#:use-module (gnu services xorg)
#:use-module (gnu services networking)
- #:use-module (gnu services ssh)
#:use-module (gnu system shadow)
#:use-module (gnu packages glib)
#:use-module (gnu packages admin)
@@ -286,7 +285,6 @@ site} for more information."
(dbus-service (list avahi wicd upower colord))
(ntp-service)
- (lsh-service)
(map (lambda (mservice)
;; Provide an nscd ready to use nss-mdns.