diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2016-03-22 00:14:03 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2016-03-22 00:14:03 +0100 |
| commit | cd6cc144e0822482a8ca2b033b7bd6d33f0fd331 (patch) | |
| tree | 28b7c39d314eb54845de71f20fdb144e348c0fe5 | |
| parent | ffc13e753b37adb694de1d26f3ea51cf0796a8a2 (diff) | |
| parent | a3b84f70d8bc992a0fc38cabdf12d48ff5e10e15 (diff) | |
Merge branch 'security-updates'
| -rw-r--r-- | gnu-system.am | 1 | ||||
| -rw-r--r-- | gnu/packages/fontutils.scm | 22 | ||||
| -rw-r--r-- | gnu/packages/glib.scm | 16 | ||||
| -rw-r--r-- | gnu/packages/linux.scm | 19 | ||||
| -rw-r--r-- | gnu/packages/patches/openssl-c-rehash.patch | 17 | ||||
| -rw-r--r-- | gnu/packages/perl.scm | 26 | ||||
| -rw-r--r-- | gnu/packages/tls.scm | 81 | ||||
| -rw-r--r-- | gnu/services/base.scm | 4 | ||||
| -rw-r--r-- | gnu/services/dbus.scm | 8 | ||||
| -rw-r--r-- | gnu/system.scm | 2 |
10 files changed, 33 insertions, 163 deletions
diff --git a/gnu-system.am b/gnu-system.am index f13a55de12..c819b5ab97 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -652,7 +652,6 @@ dist_patch_DATA = \ gnu/packages/patches/openjpeg-CVE-2015-6581.patch \ gnu/packages/patches/openjpeg-use-after-free-fix.patch \ gnu/packages/patches/openssl-runpath.patch \ - gnu/packages/patches/openssl-c-rehash.patch \ gnu/packages/patches/openssl-c-rehash-in.patch \ gnu/packages/patches/orpheus-cast-errors-and-includes.patch \ gnu/packages/patches/ots-no-include-missing-file.patch \ diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 7e3f293817..34f391e5fa 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -208,9 +208,8 @@ applications should be.") (define-public graphite2 (package - (replacement graphite2-1.3.6) (name "graphite2") - (version "1.3.5") + (version "1.3.6") (source (origin (method url-fetch) @@ -218,8 +217,8 @@ applications should be.") version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 - "0jrjb56zim57xg2pckfdyrw46c624mqz9zywgwza0g1bxg26940w")))) + (base32 + "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s")))) (build-system cmake-build-system) (native-inputs `(("python" ,python-2) ; because of "import imap" in tests @@ -235,21 +234,6 @@ and returns a sequence of positioned glyphids from the font.") (license license:lgpl2.1+) (home-page "https://github.com/silnrsi/graphite"))) -(define graphite2-1.3.6 - (package - (inherit graphite2) - (replacement #f) - (source - (let ((name "graphite2") (version "1.3.6")) - (origin - (method url-fetch) - (uri (string-append "https://github.com/silnrsi/graphite/archive/" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (sha256 - (base32 - "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s"))))))) - (define-public potrace (package (name "potrace") diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index bc69af5a9e..16a1a6162d 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -61,14 +61,15 @@ (name "dbus") (version "1.10.0") (source (origin - ;; TODO: Apply patch from DBUS/ACTIVATION below. (method url-fetch) (uri (string-append "https://dbus.freedesktop.org/releases/dbus/dbus-" version ".tar.gz")) (sha256 (base32 - "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx")))) + "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx")) + (patches + (list (search-patch "dbus-helper-search-path.patch"))))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -126,17 +127,6 @@ or through unencrypted TCP/IP suitable for use behind a firewall with shared NFS home directories.") (license license:gpl2+))) ; or Academic Free License 2.1 -(define-public dbus/activation - ;; D-Bus with a patch to fix service activation. - ;; TODO: Merge with DBUS above. - (package - (inherit dbus) - (version (string-append (package-version dbus) ".a")) - (source (origin - (inherit (package-source dbus)) - (patches - (list (search-patch "dbus-helper-search-path.patch"))))))) - (define glib (package (name "glib") diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index f62c254447..d3865fbe66 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -1581,7 +1581,6 @@ from the module-init-tools project.") (define-public eudev ;; The post-systemd fork, maintained by Gentoo. - ;; TODO: Merge with 'eudev-with-blkid' below at an opportune time. (package (name "eudev") (version "3.1.5") @@ -1600,7 +1599,11 @@ from the module-init-tools project.") ("perl" ,perl) ("gperf" ,gperf))) (inputs - `(("kmod" ,kmod))) + ;; When linked against libblkid, eudev can populate /dev/disk/by-label + ;; and similar; it also installs the '60-persistent-storage.rules' file, + ;; which contains the rules to do that. + `(("util-linux" ,util-linux) ;for blkid + ("kmod" ,kmod))) (home-page "https://wiki.gentoo.org/wiki/Project:Eudev") (synopsis "Userspace device management") (description "Udev is a daemon which dynamically creates and removes @@ -1608,18 +1611,6 @@ device nodes from /dev/, handles hotplug events and loads drivers at boot time.") (license license:gpl2+))) -(define-public eudev-with-blkid - ;; TODO: Merge with 'eudev' above at an opportune time. - (package - (inherit eudev) - (name "eudev-with-blkid") - (inputs - ;; When linked against libblkid, eudev can populate /dev/disk/by-label - ;; and similar; it also installs the '60-persistent-storage.rules' file, - ;; which contains the rules to do that. - `(("util-linux" ,util-linux) ;for blkid - ,@(package-inputs eudev))))) - (define-public lvm2 (package (name "lvm2") diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch deleted file mode 100644 index f873a9af23..0000000000 --- a/gnu/packages/patches/openssl-c-rehash.patch +++ /dev/null @@ -1,17 +0,0 @@ -This patch removes the explicit reference to the 'perl' binary, -such that OpenSSL does not retain a reference to Perl. - -The 'c_rehash' program is seldom used, but it is used nonetheless -to create symbolic links to certificates, for instance in the 'nss-certs' -package. - ---- openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:07.313316482 +0200 -+++ openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:28.965458458 +0200 -@@ -1,4 +1,6 @@ --#!/usr/bin/perl -+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' -+ & eval 'exec perl -wS "$0" $argv:q' -+ if 0; - - # Perl c_rehash script, scan all files in a directory - # and add symbolic links to their hash values. diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index fb42735495..9bbcc8ffa4 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -38,7 +38,6 @@ (define-public perl ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package - (replacement perl-fixed) (name "perl") (version "5.22.1") (source (origin @@ -54,7 +53,8 @@ "perl-source-date-epoch.patch" "perl-deterministic-ordering.patch" "perl-no-build-time.patch" - "perl-CVE-2015-8607.patch"))))) + "perl-CVE-2015-8607.patch" + "perl-CVE-2016-2381.patch"))))) (build-system gnu-build-system) (arguments '(#:tests? #f @@ -116,28 +116,6 @@ (home-page "http://www.perl.org/") (license gpl1+))) ; or "Artistic" -(define perl-fixed - (package - (inherit perl) - (replacement #f) - (source - (let ((name "perl") (version "5.22.1")) - (origin - (method url-fetch) - (uri (string-append "http://www.cpan.org/src/5.0/perl-" - version ".tar.gz")) - (sha256 - (base32 - "09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb")) - (patches (map search-patch - '("perl-no-sys-dirs.patch" - "perl-autosplit-default-time.patch" - "perl-source-date-epoch.patch" - "perl-deterministic-ordering.patch" - "perl-no-build-time.patch" - "perl-CVE-2015-8607.patch" - "perl-CVE-2016-2381.patch")))))))) - (define-public perl-algorithm-c3 (package (name "perl-algorithm-c3") diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b6bf2578ea..d6225f7592 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -179,22 +179,21 @@ required structures.") (define-public openssl (package - (replacement openssl-1.0.2g) (name "openssl") - (version "1.0.2f") + (version "1.0.2g") (source (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "171fkdg9v6j29d962nh6kb79kfm8kkhy7n9makw39d7jvvj4wawk")) - (patches (map search-patch - '("openssl-runpath.patch" - "openssl-c-rehash.patch"))))) + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) + (patches (map search-patch + '("openssl-runpath.patch" + "openssl-c-rehash-in.patch"))))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -283,60 +282,6 @@ required structures.") (license license:openssl) (home-page "http://www.openssl.org/"))) -(define openssl-1.0.2g - (package - (inherit openssl) - (replacement #f) - (source - (let ((name "openssl") (version "1.0.2g")) - (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) - (patches (map search-patch - '("openssl-runpath.patch" - "openssl-c-rehash-in.patch")))))) - (arguments - (substitute-keyword-arguments (package-arguments openssl) - ((#:phases phases) - `(modify-phases ,phases - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (zero? - (system* - "./config" - - ;; XXX TEMPORARY, FOR GRAFTING ONLY - ;; Enable ssl2 code to preserve - ;; ABI compatibility with 1.0.2f - "enable-ssl2" - - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,(package-version openssl)) - - (string-append "--prefix=" out) - - ;; XXX FIXME: Work around a code generation bug in GCC - ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: - ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917> - ,@(if (and (not (%current-target-system)) - (string-prefix? "armhf" (%current-system))) - '("-mfpu=vfpv3") - '())))))))))))) - (define-public libressl (package (name "libressl") diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 9b3dc73831..545fe60b1a 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -29,7 +29,7 @@ #:use-module (gnu system file-systems) ; 'file-system', etc. #:use-module (gnu packages admin) #:use-module ((gnu packages linux) - #:select (eudev-with-blkid kbd e2fsprogs lvm2 fuse alsa-utils crda gpm)) + #:select (eudev kbd e2fsprogs lvm2 fuse alsa-utils crda gpm)) #:use-module ((gnu packages base) #:select (canonical-package glibc)) #:use-module (gnu packages package-management) @@ -1170,7 +1170,7 @@ item of @var{packages}." (udev udev) (rules (append initial-rules rules))))))))) -(define* (udev-service #:key (udev eudev-with-blkid) (rules '())) +(define* (udev-service #:key (udev eudev) (rules '())) "Run @var{udev}, which populates the @file{/dev} directory dynamically. Get extra rules from the packages listed in @var{rules}." (service udev-service-type diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm index 88a840a4b5..9a4a13d41d 100644 --- a/gnu/services/dbus.scm +++ b/gnu/services/dbus.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; ;;; This file is part of GNU Guix. @@ -21,7 +21,7 @@ #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system shadow) - #:use-module ((gnu packages glib) #:select (dbus/activation)) + #:use-module ((gnu packages glib) #:select (dbus)) #:use-module (gnu packages admin) #:use-module (guix gexp) #:use-module (guix records) @@ -38,7 +38,7 @@ dbus-configuration make-dbus-configuration dbus-configuration? (dbus dbus-configuration-dbus ;<package> - (default dbus/activation)) + (default dbus)) (services dbus-configuration-services ;list of <package> (default '()))) @@ -198,7 +198,7 @@ includes the @code{etc/dbus-1/system.d} directories of each package listed in (append (dbus-configuration-services config) services))))))) -(define* (dbus-service #:key (dbus dbus/activation) (services '())) +(define* (dbus-service #:key (dbus dbus) (services '())) "Return a service that runs the \"system bus\", using @var{dbus}, with support for @var{services}. diff --git a/gnu/system.scm b/gnu/system.scm index 5be24ba586..9b16011d1d 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -374,7 +374,7 @@ explicitly appear in OS." ;; Get 'insmod' & co. from kmod, not module-init-tools, since udev ;; already depends on it anyway. - kmod eudev-with-blkid + kmod eudev e2fsprogs kbd |