diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-03-22 00:14:03 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-03-22 00:14:03 +0100 |
commit | cd6cc144e0822482a8ca2b033b7bd6d33f0fd331 (patch) | |
tree | 28b7c39d314eb54845de71f20fdb144e348c0fe5 /gnu/packages | |
parent | ffc13e753b37adb694de1d26f3ea51cf0796a8a2 (diff) | |
parent | a3b84f70d8bc992a0fc38cabdf12d48ff5e10e15 (diff) | |
download | guix-cd6cc144e0822482a8ca2b033b7bd6d33f0fd331.tar guix-cd6cc144e0822482a8ca2b033b7bd6d33f0fd331.tar.gz |
Merge branch 'security-updates'
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/fontutils.scm | 22 | ||||
-rw-r--r-- | gnu/packages/glib.scm | 16 | ||||
-rw-r--r-- | gnu/packages/linux.scm | 19 | ||||
-rw-r--r-- | gnu/packages/patches/openssl-c-rehash.patch | 17 | ||||
-rw-r--r-- | gnu/packages/perl.scm | 26 | ||||
-rw-r--r-- | gnu/packages/tls.scm | 81 |
6 files changed, 26 insertions, 155 deletions
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 7e3f293817..34f391e5fa 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -208,9 +208,8 @@ applications should be.") (define-public graphite2 (package - (replacement graphite2-1.3.6) (name "graphite2") - (version "1.3.5") + (version "1.3.6") (source (origin (method url-fetch) @@ -218,8 +217,8 @@ applications should be.") version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 - "0jrjb56zim57xg2pckfdyrw46c624mqz9zywgwza0g1bxg26940w")))) + (base32 + "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s")))) (build-system cmake-build-system) (native-inputs `(("python" ,python-2) ; because of "import imap" in tests @@ -235,21 +234,6 @@ and returns a sequence of positioned glyphids from the font.") (license license:lgpl2.1+) (home-page "https://github.com/silnrsi/graphite"))) -(define graphite2-1.3.6 - (package - (inherit graphite2) - (replacement #f) - (source - (let ((name "graphite2") (version "1.3.6")) - (origin - (method url-fetch) - (uri (string-append "https://github.com/silnrsi/graphite/archive/" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (sha256 - (base32 - "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s"))))))) - (define-public potrace (package (name "potrace") diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index bc69af5a9e..16a1a6162d 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -61,14 +61,15 @@ (name "dbus") (version "1.10.0") (source (origin - ;; TODO: Apply patch from DBUS/ACTIVATION below. (method url-fetch) (uri (string-append "https://dbus.freedesktop.org/releases/dbus/dbus-" version ".tar.gz")) (sha256 (base32 - "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx")))) + "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx")) + (patches + (list (search-patch "dbus-helper-search-path.patch"))))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -126,17 +127,6 @@ or through unencrypted TCP/IP suitable for use behind a firewall with shared NFS home directories.") (license license:gpl2+))) ; or Academic Free License 2.1 -(define-public dbus/activation - ;; D-Bus with a patch to fix service activation. - ;; TODO: Merge with DBUS above. - (package - (inherit dbus) - (version (string-append (package-version dbus) ".a")) - (source (origin - (inherit (package-source dbus)) - (patches - (list (search-patch "dbus-helper-search-path.patch"))))))) - (define glib (package (name "glib") diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index f62c254447..d3865fbe66 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -1581,7 +1581,6 @@ from the module-init-tools project.") (define-public eudev ;; The post-systemd fork, maintained by Gentoo. - ;; TODO: Merge with 'eudev-with-blkid' below at an opportune time. (package (name "eudev") (version "3.1.5") @@ -1600,7 +1599,11 @@ from the module-init-tools project.") ("perl" ,perl) ("gperf" ,gperf))) (inputs - `(("kmod" ,kmod))) + ;; When linked against libblkid, eudev can populate /dev/disk/by-label + ;; and similar; it also installs the '60-persistent-storage.rules' file, + ;; which contains the rules to do that. + `(("util-linux" ,util-linux) ;for blkid + ("kmod" ,kmod))) (home-page "https://wiki.gentoo.org/wiki/Project:Eudev") (synopsis "Userspace device management") (description "Udev is a daemon which dynamically creates and removes @@ -1608,18 +1611,6 @@ device nodes from /dev/, handles hotplug events and loads drivers at boot time.") (license license:gpl2+))) -(define-public eudev-with-blkid - ;; TODO: Merge with 'eudev' above at an opportune time. - (package - (inherit eudev) - (name "eudev-with-blkid") - (inputs - ;; When linked against libblkid, eudev can populate /dev/disk/by-label - ;; and similar; it also installs the '60-persistent-storage.rules' file, - ;; which contains the rules to do that. - `(("util-linux" ,util-linux) ;for blkid - ,@(package-inputs eudev))))) - (define-public lvm2 (package (name "lvm2") diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch deleted file mode 100644 index f873a9af23..0000000000 --- a/gnu/packages/patches/openssl-c-rehash.patch +++ /dev/null @@ -1,17 +0,0 @@ -This patch removes the explicit reference to the 'perl' binary, -such that OpenSSL does not retain a reference to Perl. - -The 'c_rehash' program is seldom used, but it is used nonetheless -to create symbolic links to certificates, for instance in the 'nss-certs' -package. - ---- openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:07.313316482 +0200 -+++ openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:28.965458458 +0200 -@@ -1,4 +1,6 @@ --#!/usr/bin/perl -+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' -+ & eval 'exec perl -wS "$0" $argv:q' -+ if 0; - - # Perl c_rehash script, scan all files in a directory - # and add symbolic links to their hash values. diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index fb42735495..9bbcc8ffa4 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -38,7 +38,6 @@ (define-public perl ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package - (replacement perl-fixed) (name "perl") (version "5.22.1") (source (origin @@ -54,7 +53,8 @@ "perl-source-date-epoch.patch" "perl-deterministic-ordering.patch" "perl-no-build-time.patch" - "perl-CVE-2015-8607.patch"))))) + "perl-CVE-2015-8607.patch" + "perl-CVE-2016-2381.patch"))))) (build-system gnu-build-system) (arguments '(#:tests? #f @@ -116,28 +116,6 @@ (home-page "http://www.perl.org/") (license gpl1+))) ; or "Artistic" -(define perl-fixed - (package - (inherit perl) - (replacement #f) - (source - (let ((name "perl") (version "5.22.1")) - (origin - (method url-fetch) - (uri (string-append "http://www.cpan.org/src/5.0/perl-" - version ".tar.gz")) - (sha256 - (base32 - "09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb")) - (patches (map search-patch - '("perl-no-sys-dirs.patch" - "perl-autosplit-default-time.patch" - "perl-source-date-epoch.patch" - "perl-deterministic-ordering.patch" - "perl-no-build-time.patch" - "perl-CVE-2015-8607.patch" - "perl-CVE-2016-2381.patch")))))))) - (define-public perl-algorithm-c3 (package (name "perl-algorithm-c3") diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b6bf2578ea..d6225f7592 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -179,22 +179,21 @@ required structures.") (define-public openssl (package - (replacement openssl-1.0.2g) (name "openssl") - (version "1.0.2f") + (version "1.0.2g") (source (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "171fkdg9v6j29d962nh6kb79kfm8kkhy7n9makw39d7jvvj4wawk")) - (patches (map search-patch - '("openssl-runpath.patch" - "openssl-c-rehash.patch"))))) + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) + (patches (map search-patch + '("openssl-runpath.patch" + "openssl-c-rehash-in.patch"))))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -283,60 +282,6 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -(define openssl-1.0.2g - (package - (inherit openssl) - (replacement #f) - (source - (let ((name "openssl") (version "1.0.2g")) - (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) - (patches (map search-patch - '("openssl-runpath.patch" - "openssl-c-rehash-in.patch")))))) - (arguments - (substitute-keyword-arguments (package-arguments openssl) - ((#:phases phases) - `(modify-phases ,phases - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (zero? - (system* - "./config" - - ;; XXX TEMPORARY, FOR GRAFTING ONLY - ;; Enable ssl2 code to preserve - ;; ABI compatibility with 1.0.2f - "enable-ssl2" - - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,(package-version openssl)) - - (string-append "--prefix=" out) - - ;; XXX FIXME: Work around a code generation bug in GCC - ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: - ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> - ,@(if (and (not (%current-target-system)) - (string-prefix? "armhf" (%current-system))) - '("-mfpu=vfpv3") - '())))))))))))) - (define-public libressl (package (name "libressl") |