diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm index c18703fde0..43c2099968 100644 --- a/gnu/packages/cyrus-sasl.scm +++ b/gnu/packages/cyrus-sasl.scm @@ -44,8 +44,8 @@ (define-public cyrus-sasl version ".tar.gz"))) (sha256 (base32 "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6")) - (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch")))) - (replacement cyrus-sasl/fixed) + (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch" + "cyrus-sasl-CVE-2019-19906.patch")))) (build-system gnu-build-system) (native-inputs `(("autoconf" ,autoconf) @@ -81,20 +81,3 @@ (define-public cyrus-sasl (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")) (home-page "https://cyrusimap.org/sasl/"))) - -(define cyrus-sasl/fixed - (package - (inherit cyrus-sasl) - (version "2.1.27") - (source (origin - (method url-fetch) - (uri (list (string-append - "https://cyrusimap.org/releases/cyrus-sasl-" - version ".tar.gz") - (string-append - "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-" - version ".tar.gz"))) - (sha256 (base32 - "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6")) - (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch" - "cyrus-sasl-CVE-2019-19906.patch")))))) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 34f5078581..78a473b348 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -3221,10 +3221,10 @@ (define-public libcroco (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) + (patches (search-patches "libcroco-CVE-2020-12825.patch")) (sha256 (base32 "1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn")))) - (replacement libcroco/fixed) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) @@ -3243,21 +3243,6 @@ (define-public libcroco ;; LGPLv2.1-only. (license license:lgpl2.1))) -(define libcroco/fixed - (package - (inherit libcroco) - (name "libcroco") - (version "0.6.13") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnome/sources/" name "/" - (version-major+minor version) "/" - name "-" version ".tar.xz")) - (sha256 - (base32 - "1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn")) - (patches (search-patches "libcroco-CVE-2020-12825.patch")))))) - (define-public libgsf (package (name "libgsf") diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index bffc9e0298..24fd48d971 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -125,11 +125,12 @@ (define-public cairo (package (name "cairo") (version "1.16.0") - (replacement cairo/fixed) (source (origin (method url-fetch) (uri (string-append "https://cairographics.org/releases/cairo-" version ".tar.xz")) + (patches (search-patches "cairo-CVE-2018-19876.patch" + "cairo-CVE-2020-35492.patch")) (sha256 (base32 "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy")))) @@ -176,15 +177,6 @@ (define-public cairo (license license:lgpl2.1) ; or Mozilla Public License 1.1 (home-page "https://cairographics.org/"))) -(define cairo/fixed - (package - (inherit cairo) - (source (origin - (inherit (package-source cairo)) - (patches (append (search-patches "cairo-CVE-2018-19876.patch" - "cairo-CVE-2020-35492.patch") - (origin-patches (package-source cairo)))))))) - (define-public cairo-sans-poppler ;; Variant used to break the dependency cycle between Poppler and Cairo. (package/inherit cairo @@ -567,12 +559,12 @@ (define-public gdk-pixbuf (package (name "gdk-pixbuf") (version "2.40.0") - (replacement gdk-pixbuf/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" (version-major+minor version) "/" name "-" version ".tar.xz")) + (patches (search-patches "gdk-pixbuf-CVE-2020-29385.patch")) (sha256 (base32 "1rnlx9yfw970maxi2x6niaxmih5la11q1ilr7gzshz2kk585k0hm")))) @@ -624,15 +616,6 @@ (define-public gdk-pixbuf (license license:lgpl2.0+) (home-page "https://developer.gnome.org/gdk-pixbuf/"))) -(define gdk-pixbuf/fixed - (package - (inherit gdk-pixbuf) - (source (origin - (inherit (package-source gdk-pixbuf)) - (patches - (append (search-patches "gdk-pixbuf-CVE-2020-29385.patch") - (origin-patches (package-source gdk-pixbuf)))))))) - ;; To build gdk-pixbuf with SVG support, we need librsvg, and librsvg depends ;; on gdk-pixbuf, so this new varibale. Also, librsvg adds 90MiB to the ;; closure size. diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 5d8fa1185b..ce424bdeb0 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -107,7 +107,6 @@ (define-module (gnu packages python) (define-public python-2.7 (package (name "python2") - (replacement python-2.7/fixed) (version "2.7.17") (source (origin @@ -122,7 +121,8 @@ (define-public python-2.7 "python-2.7-site-prefixes.patch" "python-2.7-source-date-epoch.patch" "python-2.7-adjust-tests.patch" - "python-cross-compile.patch")) + "python-cross-compile.patch" + "python-2.7-CVE-2021-3177.patch")) (modules '((guix build utils))) (snippet '(begin @@ -351,14 +351,6 @@ (define-public python-2.7 (properties '((cpe-name . "python"))) (license license:psfl))) -(define python-2.7/fixed - (package - (inherit python-2.7) - (source (origin - (inherit (package-source python-2.7)) - (patches (append (search-patches "python-2.7-CVE-2021-3177.patch") - (origin-patches (package-source python-2.7)))))))) - ;; Current 2.x version. (define-public python-2 python-2.7) @@ -373,7 +365,6 @@ (define-public python2-called-python (define-public python-3.8 (package (inherit python-2) (name "python") - (replacement python-3.8/fixed) (version "3.8.2") (source (origin (method url-fetch) @@ -381,6 +372,7 @@ (define-public python-3.8 version "/Python-" version ".tar.xz")) (patches (search-patches "python-CVE-2020-26116.patch" + "python-3.8-CVE-2021-3177.patch" "python-3-fix-tests.patch" "python-3.8-fix-tests.patch" "python-3-deterministic-build-info.patch" @@ -531,14 +523,6 @@ (define-public python-3.8 (version-major+minor version) "/site-packages")))))))) -(define python-3.8/fixed - (package - (inherit python-3.8) - (source (origin - (inherit (package-source python-3.8)) - (patches (append (search-patches "python-3.8-CVE-2021-3177.patch") - (origin-patches (package-source python-3.8)))))))) - (define-public python-3.9 (package (inherit python-3.8) (name "python-next") diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 25493cc7ca..fee6276674 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -165,7 +165,6 @@ (define-public gnutls (package (name "gnutls") (version "3.6.15") - (replacement gnutls/fixed) (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -174,7 +173,9 @@ (define-public gnutls (version-major+minor version) "/gnutls-" version ".tar.xz")) (patches (search-patches "gnutls-skip-trust-store-test.patch" - "gnutls-cross.patch")) + "gnutls-cross.patch" + "gnutls-CVE-2021-20231.patch" + "gnutls-CVE-2021-20232.patch")) (sha256 (base32 "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f")))) @@ -257,15 +258,6 @@ (define-public gnutls (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) -(define gnutls/fixed - (package - (inherit gnutls) - (source (origin - (inherit (package-source gnutls)) - (patches (append (search-patches "gnutls-CVE-2021-20231.patch" - "gnutls-CVE-2021-20232.patch") - (origin-patches (package-source gnutls)))))))) - (define-public gnutls/guile-2.0 ;; GnuTLS for Guile 2.0. (package/inherit gnutls @@ -296,8 +288,7 @@ (define-public guile3.0-gnutls (define-public openssl (package (name "openssl") - (replacement openssl/fixed) - (version "1.1.1i") + (version "1.1.1j") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -310,7 +301,7 @@ (define-public openssl (patches (search-patches "openssl-1.1-c-rehash-in.patch")) (sha256 (base32 - "0hjj1phcwkz69lx1lrvr9grhpl4y529mwqycqc1hdla1zqsnmgp8")))) + "1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma")))) (build-system gnu-build-system) (outputs '("out" "doc" ;6.8 MiB of man3 pages and full HTML documentation @@ -431,24 +422,6 @@ (define-public openssl (license license:openssl) (home-page "https://www.openssl.org/"))) -(define-public openssl/fixed - (package - (inherit openssl) - (version "1.1.1k") - (source (origin - (method url-fetch) - (uri (list (string-append "https://www.openssl.org/source/openssl-" - version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/" - "openssl-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/openssl-" version ".tar.gz"))) - (patches (search-patches "openssl-1.1-c-rehash-in.patch")) - (sha256 - (base32 - "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9")))))) - (define-public openssl-1.0 (package (inherit openssl)