From 217b8c2e061a5b637e198f1ed9960d4abe2b0a46 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 15 Apr 2018 16:48:25 +0200 Subject: gnu: perl: Replace with 5.26.2 [fixes CVE-2018-{6797,6798,6913}]. * gnu/packages/perl.scm (perl-5.26.2): New public variable. (perl)[replacement]: New field. --- gnu/packages/perl.scm | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'gnu/packages/perl.scm') diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 50273d31e4..34eef565b1 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -13,7 +13,7 @@ ;;; Copyright © 2016 Ben Woodcroft ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2017 Raoul J.P. Bonnal -;;; Copyright © 2017 Marius Bakke +;;; Copyright © 2017, 2018 Marius Bakke ;;; Copyright © 2017 Adriano Peluso ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice ;;; Copyright © 2017 Leo Famulari @@ -59,6 +59,7 @@ (package (name "perl") (version "5.26.1") + (replacement perl-5.26.2) (source (origin (method url-fetch) (uri (string-append "mirror://cpan/src/5.0/perl-" @@ -155,6 +156,19 @@ (home-page "http://www.perl.org/") (license gpl1+))) ; or "Artistic" +;; Fixes CVE-2018-6797, CVE-2018-6798, and CVE-2018-6913. +;; See . +(define-public perl-5.26.2 + (package/inherit perl + (version "5.26.2") + (source (origin + (inherit (package-source perl)) + (uri (string-append "mirror://cpan/src/5.0/perl-" + version ".tar.gz")) + (sha256 + (base32 + "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp")))))) + (define-public perl-algorithm-c3 (package (name "perl-algorithm-c3") -- cgit v1.2.3 From 7234fbcb25f7d14354a5f6a91283c00dee31aaa5 Mon Sep 17 00:00:00 2001 From: Pierre Neidhardt Date: Tue, 10 Apr 2018 21:00:08 +0530 Subject: gnu: Add perl-file-readbackwards. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/perl.scm (perl-file-readbackwards): New variable. Signed-off-by: Ludovic Courtès --- gnu/packages/perl.scm | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'gnu/packages/perl.scm') diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 34eef565b1..0d81a58e26 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -19,6 +19,7 @@ ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2017 Christopher Allan Webber ;;; Copyright © 2018 Oleg Pykhalov +;;; Copyright © 2018 Pierre Neidhardt ;;; ;;; This file is part of GNU Guix. ;;; @@ -3515,6 +3516,33 @@ provided base directory and can return files (and/or directories if desired) matching a regular expression.") (home-page "http://search.cpan.org/~dopacki/File-List//"))) +(define-public perl-file-readbackwards + (package + (name "perl-file-readbackwards") + (version "1.05") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://cpan/authors/id/U/UR/URI/File-ReadBackwards-" + version + ".tar.gz")) + (sha256 + (base32 + "0vldy5q0zyf1cwzwb1gv14f8vg2f21bw96b8wvkw6z2hhypn3cl2")))) + (build-system perl-build-system) + (home-page "http://search.cpan.org/dist/File-ReadBackwards/") + (synopsis "Read a file backwards by lines") + (description "This module reads a file backwards line by line. It is +simple to use, memory efficient and fast. It supports both an object and a +tied handle interface. + +It is intended for processing log and other similar text files which typically +have their newest entries appended to them. By default files are assumed to +be plain text and have a line ending appropriate to the OS. But you can set +the input record separator string on a per file basis.") + (license perl-license))) + (define-public perl-file-remove (package (name "perl-file-remove") -- cgit v1.2.3 From e118a013c8949c592df187b84216fda8cbab9d4f Mon Sep 17 00:00:00 2001 From: Pierre Neidhardt Date: Tue, 10 Apr 2018 21:01:09 +0530 Subject: gnu: Add perl-io-all. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/perl.scm (perl-io-all): New variable. Signed-off-by: Ludovic Courtès --- gnu/packages/perl.scm | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'gnu/packages/perl.scm') diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 0d81a58e26..aaf3e2e825 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -46,6 +46,7 @@ #:use-module (guix build-system perl) #:use-module (gnu packages base) #:use-module (gnu packages compression) + #:use-module (gnu packages freedesktop) #:use-module (gnu packages perl-check) #:use-module (gnu packages perl-web) #:use-module (gnu packages pkg-config)) @@ -4098,6 +4099,32 @@ This document describes how to use Inline with the C programming language. It also goes a bit into Perl C internals.") (license (package-license perl)))) +(define-public perl-io-all + (package + (name "perl-io-all") + (version "0.87") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://cpan/authors/id/F/FR/FREW/IO-All-" + version + ".tar.gz")) + (sha256 + (base32 + "0nsd9knlbd7if2v6zwj4q978axq0w5hk8ymp61z14a821hjivqjl")))) + (build-system perl-build-system) + (propagated-inputs + `(("perl-file-mimeinfo" ,perl-file-mimeinfo) + ("perl-file-readbackwards" ,perl-file-readbackwards))) + (home-page "http://search.cpan.org/dist/IO-All/") + (synopsis "@code{IO::All} to Larry Wall!") + (description "@code{IO::All} combines all of the best Perl IO modules into +a single nifty object oriented interface to greatly simplify your everyday +Perl IO idioms. It exports a single function called io, which returns a new +@code{IO::All} object. And that object can do it all!") + (license perl-license))) + (define-public perl-io-captureoutput (package (name "perl-io-captureoutput") -- cgit v1.2.3 From 44b98b00026e62766620dbc4330a305282d61069 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Wed, 18 Apr 2018 16:41:39 -0400 Subject: gnu: Perl: Fix a grafting failure due to a path that includes the package version. Fixes . * gnu/packages/perl.scm (perl-5.26.2): Don't use package/inherit. [arguments]: Add a 'workaround-grafting-version-bug' phase. --- gnu/packages/perl.scm | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'gnu/packages/perl.scm') diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index aaf3e2e825..33601f3f55 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -44,6 +44,7 @@ #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (guix build-system perl) + #:use-module (guix utils) ;substitute-keyword-arguments for perl-5.26.2 #:use-module (gnu packages base) #:use-module (gnu packages compression) #:use-module (gnu packages freedesktop) @@ -161,7 +162,8 @@ ;; Fixes CVE-2018-6797, CVE-2018-6798, and CVE-2018-6913. ;; See . (define-public perl-5.26.2 - (package/inherit perl + (package + (inherit perl) (version "5.26.2") (source (origin (inherit (package-source perl)) @@ -169,7 +171,22 @@ version ".tar.gz")) (sha256 (base32 - "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp")))))) + "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp")))) + (arguments + (substitute-keyword-arguments (package-arguments perl) + ((#:phases phases) + `(modify-phases ,phases + ;; The path to libperl.so includes the Perl version number, and this + ;; is not handled by grafting. See . + (add-after 'install 'workaround-grafting-version-bug + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (dir (string-append out "/lib/perl5")) + (new "5.26.2") + (old "5.26.1")) + (with-directory-excursion dir + (symlink new old)) + #t))))))))) (define-public perl-algorithm-c3 (package -- cgit v1.2.3 From 5618193694b08855488b29fae1db42f05ca6deaf Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Fri, 20 Apr 2018 23:24:37 -0400 Subject: gnu: perl: Add more compatibility symlinks to the replacement perl. Fixes . Reported by Julien Lepiller . * gnu/packages/perl.scm (perl-5.26.2)[arguments]: Rename the 'workaround-grafting-version-bug' phase to 'install-compatibility-symlinks'. Install symlinks in $out/lib/perl5/site_perl/5.26.1 and $out/bin/perl5.26.1, in addition to $out/lib/perl5/5.26.1. Simplify the code a bit. --- gnu/packages/perl.scm | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'gnu/packages/perl.scm') diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 33601f3f55..5b52ec071a 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -176,16 +176,16 @@ (substitute-keyword-arguments (package-arguments perl) ((#:phases phases) `(modify-phases ,phases - ;; The path to libperl.so includes the Perl version number, and this - ;; is not handled by grafting. See . - (add-after 'install 'workaround-grafting-version-bug + ;; The path to several installed components include the Perl + ;; version number, and these is not rewritten by grafting. See + ;; and . + (add-after 'install 'install-compatibility-symlinks (lambda* (#:key outputs #:allow-other-keys) - (let* ((out (assoc-ref outputs "out")) - (dir (string-append out "/lib/perl5")) - (new "5.26.2") - (old "5.26.1")) - (with-directory-excursion dir - (symlink new old)) + (let ((out (assoc-ref outputs "out"))) + (symlink "perl5.26.2" (string-append out "/bin/perl5.26.1")) + (symlink "5.26.2" (string-append out "/lib/perl5/5.26.1")) + (symlink "5.26.2" + (string-append out "/lib/perl5/site_perl/5.26.1")) #t))))))))) (define-public perl-algorithm-c3 -- cgit v1.2.3 From b5178b325409b1eaf953f8f3007a180cbd27b167 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 21 Apr 2018 01:08:56 -0400 Subject: gnu: perl: Hack the replacement perl to think it is version 5.26.1. Fixes . This is a followup to commits 217b8c2e061a5b637e198f1ed9960d4abe2b0a46, 44b98b00026e62766620dbc4330a305282d61069, and 35fbe194c3da264859a5addc661b9fbc2dc8ecc7. Complications arise when grafting perl unless the version of the replacement perl matches that of the original. So, here we add 'perl/fixed', which is built from the perl-5.26.2 source but hacked to believe it is version 5.26.1. * gnu/packages/perl.scm (perl)[replacement]: Use perl/fixed, not perl-5.26.2. (perl-5.26.2): Remove compatibility symlinks. (perl/fixed): New variable. --- gnu/packages/perl.scm | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) (limited to 'gnu/packages/perl.scm') diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 5b52ec071a..9de8c3fdf7 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -62,7 +62,7 @@ (package (name "perl") (version "5.26.1") - (replacement perl-5.26.2) + (replacement perl/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://cpan/src/5.0/perl-" @@ -171,22 +171,26 @@ version ".tar.gz")) (sha256 (base32 - "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp")))) + "03gpnxx1g6hvlh0v4aqx00580h787sfywp1vlvw64q2xcbm9qbsp")))))) + +;; When grafting perl, complications arise when the replacement perl has a +;; different version number than the original. So, here we create a version +;; of perl-5.26.2 that thinks it is version 5.26.1. See +;; and . +(define perl/fixed + (package + (inherit perl-5.26.2) + (version "5.26.1") (arguments - (substitute-keyword-arguments (package-arguments perl) + (substitute-keyword-arguments (package-arguments perl-5.26.2) ((#:phases phases) `(modify-phases ,phases - ;; The path to several installed components include the Perl - ;; version number, and these is not rewritten by grafting. See - ;; and . - (add-after 'install 'install-compatibility-symlinks - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (symlink "perl5.26.2" (string-append out "/bin/perl5.26.1")) - (symlink "5.26.2" (string-append out "/lib/perl5/5.26.1")) - (symlink "5.26.2" - (string-append out "/lib/perl5/site_perl/5.26.1")) - #t))))))))) + (add-after 'unpack 'revert-perl-subversion + (lambda _ + (substitute* "patchlevel.h" + (("^#define PERL_SUBVERSION 2") + "#define PERL_SUBVERSION 1")) + #t)))))))) (define-public perl-algorithm-c3 (package -- cgit v1.2.3