From 4d1a35fabcb59ebd745a478b0dc54fc2c6ad5ae1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 9 Mar 2016 15:17:12 +0100 Subject: [PATCH 1/5] gnu: perl: Incorporate patch for CVE-2016-2381. * gnu/packages/perl.scm (perl)[source]: Add "perl-CVE-2016-2381.patch". [replacement]: Remove. (perl-fixed): Remove. --- gnu/packages/perl.scm | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index d67870f462..b2d96ab398 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -37,7 +37,6 @@ (define-module (gnu packages perl) (define-public perl ;; Yeah, Perl... It is required early in the bootstrap process by Linux. (package - (replacement perl-fixed) (name "perl") (version "5.22.1") (source (origin @@ -53,7 +52,8 @@ (define-public perl "perl-source-date-epoch.patch" "perl-deterministic-ordering.patch" "perl-no-build-time.patch" - "perl-CVE-2015-8607.patch"))))) + "perl-CVE-2015-8607.patch" + "perl-CVE-2016-2381.patch"))))) (build-system gnu-build-system) (arguments '(#:tests? #f @@ -115,28 +115,6 @@ (define-public perl (home-page "http://www.perl.org/") (license gpl1+))) ; or "Artistic" -(define perl-fixed - (package - (inherit perl) - (replacement #f) - (source - (let ((name "perl") (version "5.22.1")) - (origin - (method url-fetch) - (uri (string-append "http://www.cpan.org/src/5.0/perl-" - version ".tar.gz")) - (sha256 - (base32 - "09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb")) - (patches (map search-patch - '("perl-no-sys-dirs.patch" - "perl-autosplit-default-time.patch" - "perl-source-date-epoch.patch" - "perl-deterministic-ordering.patch" - "perl-no-build-time.patch" - "perl-CVE-2015-8607.patch" - "perl-CVE-2016-2381.patch")))))))) - (define-public perl-algorithm-c3 (package (name "perl-algorithm-c3") From 4cff124bbf13bbfefdf7a5844f171b282ac0d9b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 9 Mar 2016 15:20:34 +0100 Subject: [PATCH 2/5] gnu: openssl: Update to 1.0.2g. * gnu/packages/tls.scm (openssl)[replacement]: Remove. [version, source]: Bump to 1.0.2g. Use "openssl-c-rehash-in.patch" instead of "openssl-c-rehash.patch". (openssl-1.0.2g): Remove. * gnu-system.am (dist_patch_DATA): Remove "openssl-c-rehash.patch". --- gnu-system.am | 1 - gnu/packages/patches/openssl-c-rehash.patch | 17 ----- gnu/packages/tls.scm | 81 ++++----------------- 3 files changed, 13 insertions(+), 86 deletions(-) delete mode 100644 gnu/packages/patches/openssl-c-rehash.patch diff --git a/gnu-system.am b/gnu-system.am index 4566ecac7d..dc1d038b96 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -636,7 +636,6 @@ dist_patch_DATA = \ gnu/packages/patches/openjpeg-CVE-2015-6581.patch \ gnu/packages/patches/openjpeg-use-after-free-fix.patch \ gnu/packages/patches/openssl-runpath.patch \ - gnu/packages/patches/openssl-c-rehash.patch \ gnu/packages/patches/openssl-c-rehash-in.patch \ gnu/packages/patches/orpheus-cast-errors-and-includes.patch \ gnu/packages/patches/ots-no-include-missing-file.patch \ diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch deleted file mode 100644 index f873a9af23..0000000000 --- a/gnu/packages/patches/openssl-c-rehash.patch +++ /dev/null @@ -1,17 +0,0 @@ -This patch removes the explicit reference to the 'perl' binary, -such that OpenSSL does not retain a reference to Perl. - -The 'c_rehash' program is seldom used, but it is used nonetheless -to create symbolic links to certificates, for instance in the 'nss-certs' -package. - ---- openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:07.313316482 +0200 -+++ openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:28.965458458 +0200 -@@ -1,4 +1,6 @@ --#!/usr/bin/perl -+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}' -+ & eval 'exec perl -wS "$0" $argv:q' -+ if 0; - - # Perl c_rehash script, scan all files in a directory - # and add symbolic links to their hash values. diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index b6bf2578ea..d6225f7592 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -179,22 +179,21 @@ (define-public gnutls (define-public openssl (package - (replacement openssl-1.0.2g) (name "openssl") - (version "1.0.2f") + (version "1.0.2g") (source (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "171fkdg9v6j29d962nh6kb79kfm8kkhy7n9makw39d7jvvj4wawk")) - (patches (map search-patch - '("openssl-runpath.patch" - "openssl-c-rehash.patch"))))) + (method url-fetch) + (uri (list (string-append "ftp://ftp.openssl.org/source/" + name "-" version ".tar.gz") + (string-append "ftp://ftp.openssl.org/source/old/" + (string-trim-right version char-set:letter) + "/" name "-" version ".tar.gz"))) + (sha256 + (base32 + "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) + (patches (map search-patch + '("openssl-runpath.patch" + "openssl-c-rehash-in.patch"))))) (build-system gnu-build-system) (native-inputs `(("perl" ,perl))) (arguments @@ -283,60 +282,6 @@ (define-public openssl (license license:openssl) (home-page "http://www.openssl.org/"))) -(define openssl-1.0.2g - (package - (inherit openssl) - (replacement #f) - (source - (let ((name "openssl") (version "1.0.2g")) - (origin - (method url-fetch) - (uri (list (string-append "ftp://ftp.openssl.org/source/" - name "-" version ".tar.gz") - (string-append "ftp://ftp.openssl.org/source/old/" - (string-trim-right version char-set:letter) - "/" name "-" version ".tar.gz"))) - (sha256 - (base32 - "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p")) - (patches (map search-patch - '("openssl-runpath.patch" - "openssl-c-rehash-in.patch")))))) - (arguments - (substitute-keyword-arguments (package-arguments openssl) - ((#:phases phases) - `(modify-phases ,phases - (replace 'configure - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (zero? - (system* - "./config" - - ;; XXX TEMPORARY, FOR GRAFTING ONLY - ;; Enable ssl2 code to preserve - ;; ABI compatibility with 1.0.2f - "enable-ssl2" - - "shared" ;build shared libraries - "--libdir=lib" - - ;; The default for this catch-all directory is - ;; PREFIX/ssl. Change that to something more - ;; conventional. - (string-append "--openssldir=" out - "/share/openssl-" ,(package-version openssl)) - - (string-append "--prefix=" out) - - ;; XXX FIXME: Work around a code generation bug in GCC - ;; 4.9.3 on ARM when compiled with -mfpu=neon. See: - ;; - ,@(if (and (not (%current-target-system)) - (string-prefix? "armhf" (%current-system))) - '("-mfpu=vfpv3") - '())))))))))))) - (define-public libressl (package (name "libressl") From 297a36abfc2b177915206f5d1a49e008d96add3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 9 Mar 2016 15:23:12 +0100 Subject: [PATCH 3/5] gnu: graphite2: Update to 1.3.6. * gnu/packages/fontutils.scm (graphite2)[replacement]: Remove. [version, source]: Update to 1.3.6. (graphite2-1.3.6): Remove. --- gnu/packages/fontutils.scm | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index 9bc3878e8a..4c7deb7638 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -203,9 +203,8 @@ (define-public teckit (define-public graphite2 (package - (replacement graphite2-1.3.6) (name "graphite2") - (version "1.3.5") + (version "1.3.6") (source (origin (method url-fetch) @@ -213,8 +212,8 @@ (define-public graphite2 version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 - (base32 - "0jrjb56zim57xg2pckfdyrw46c624mqz9zywgwza0g1bxg26940w")))) + (base32 + "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s")))) (build-system cmake-build-system) (native-inputs `(("python" ,python-2) ; because of "import imap" in tests @@ -230,21 +229,6 @@ (define-public graphite2 (license license:lgpl2.1+) (home-page "https://github.com/silnrsi/graphite"))) -(define graphite2-1.3.6 - (package - (inherit graphite2) - (replacement #f) - (source - (let ((name "graphite2") (version "1.3.6")) - (origin - (method url-fetch) - (uri (string-append "https://github.com/silnrsi/graphite/archive/" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (sha256 - (base32 - "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s"))))))) - (define-public potrace (package (name "potrace") From 255f730879ec6b3b655a54b44374a3b0a905145c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 9 Mar 2016 15:26:09 +0100 Subject: [PATCH 4/5] gnu: eudev: Add dependency on blkid. * gnu/packages/linux.scm (eudev)[inputs]: Add UTIL-LINUX. (eudev-with-blkid): Remove. * gnu/services/base.scm (udev-service): Use EUDEV instead of EUDEV-WITH-BLKID. * gnu/system.scm (%base-packages): Likewise. --- gnu/packages/linux.scm | 19 +++++-------------- gnu/services/base.scm | 4 ++-- gnu/system.scm | 2 +- 3 files changed, 8 insertions(+), 17 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 37f161451e..688e1d43b5 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -1562,7 +1562,6 @@ (define-public kmod (define-public eudev ;; The post-systemd fork, maintained by Gentoo. - ;; TODO: Merge with 'eudev-with-blkid' below at an opportune time. (package (name "eudev") (version "3.1.5") @@ -1581,7 +1580,11 @@ (define-public eudev ("perl" ,perl) ("gperf" ,gperf))) (inputs - `(("kmod" ,kmod))) + ;; When linked against libblkid, eudev can populate /dev/disk/by-label + ;; and similar; it also installs the '60-persistent-storage.rules' file, + ;; which contains the rules to do that. + `(("util-linux" ,util-linux) ;for blkid + ("kmod" ,kmod))) (home-page "https://wiki.gentoo.org/wiki/Project:Eudev") (synopsis "Userspace device management") (description "Udev is a daemon which dynamically creates and removes @@ -1589,18 +1592,6 @@ (define-public eudev time.") (license license:gpl2+))) -(define-public eudev-with-blkid - ;; TODO: Merge with 'eudev' above at an opportune time. - (package - (inherit eudev) - (name "eudev-with-blkid") - (inputs - ;; When linked against libblkid, eudev can populate /dev/disk/by-label - ;; and similar; it also installs the '60-persistent-storage.rules' file, - ;; which contains the rules to do that. - `(("util-linux" ,util-linux) ;for blkid - ,@(package-inputs eudev))))) - (define-public lvm2 (package (name "lvm2") diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 9b3dc73831..545fe60b1a 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -29,7 +29,7 @@ (define-module (gnu services base) #:use-module (gnu system file-systems) ; 'file-system', etc. #:use-module (gnu packages admin) #:use-module ((gnu packages linux) - #:select (eudev-with-blkid kbd e2fsprogs lvm2 fuse alsa-utils crda gpm)) + #:select (eudev kbd e2fsprogs lvm2 fuse alsa-utils crda gpm)) #:use-module ((gnu packages base) #:select (canonical-package glibc)) #:use-module (gnu packages package-management) @@ -1170,7 +1170,7 @@ (define udev-service-type (udev udev) (rules (append initial-rules rules))))))))) -(define* (udev-service #:key (udev eudev-with-blkid) (rules '())) +(define* (udev-service #:key (udev eudev) (rules '())) "Run @var{udev}, which populates the @file{/dev} directory dynamically. Get extra rules from the packages listed in @var{rules}." (service udev-service-type diff --git a/gnu/system.scm b/gnu/system.scm index 5be24ba586..9b16011d1d 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -374,7 +374,7 @@ (define %base-packages ;; Get 'insmod' & co. from kmod, not module-init-tools, since udev ;; already depends on it anyway. - kmod eudev-with-blkid + kmod eudev e2fsprogs kbd From f5a9103991531d17bd1d5a944dcec1c49fb9f395 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 9 Mar 2016 15:31:23 +0100 Subject: [PATCH 5/5] gnu: dbus: Incorporate "dbus-helper-search-path.patch". * gnu/packages/glib.scm (dbus)[source]: Apply "dbus-helper-search-path.patch". (dbus/activation): Remove. * gnu/services/dbus.scm ()[dbus]: Default to DBUS. (dbus-service): Likewise. --- gnu/packages/glib.scm | 16 +++------------- gnu/services/dbus.scm | 8 ++++---- 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm index bc69af5a9e..16a1a6162d 100644 --- a/gnu/packages/glib.scm +++ b/gnu/packages/glib.scm @@ -61,14 +61,15 @@ (define dbus (name "dbus") (version "1.10.0") (source (origin - ;; TODO: Apply patch from DBUS/ACTIVATION below. (method url-fetch) (uri (string-append "https://dbus.freedesktop.org/releases/dbus/dbus-" version ".tar.gz")) (sha256 (base32 - "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx")))) + "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx")) + (patches + (list (search-patch "dbus-helper-search-path.patch"))))) (build-system gnu-build-system) (arguments '(#:configure-flags @@ -126,17 +127,6 @@ (define dbus shared NFS home directories.") (license license:gpl2+))) ; or Academic Free License 2.1 -(define-public dbus/activation - ;; D-Bus with a patch to fix service activation. - ;; TODO: Merge with DBUS above. - (package - (inherit dbus) - (version (string-append (package-version dbus) ".a")) - (source (origin - (inherit (package-source dbus)) - (patches - (list (search-patch "dbus-helper-search-path.patch"))))))) - (define glib (package (name "glib") diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm index 88a840a4b5..9a4a13d41d 100644 --- a/gnu/services/dbus.scm +++ b/gnu/services/dbus.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès ;;; Copyright © 2015 Sou Bunnbu ;;; ;;; This file is part of GNU Guix. @@ -21,7 +21,7 @@ (define-module (gnu services dbus) #:use-module (gnu services) #:use-module (gnu services shepherd) #:use-module (gnu system shadow) - #:use-module ((gnu packages glib) #:select (dbus/activation)) + #:use-module ((gnu packages glib) #:select (dbus)) #:use-module (gnu packages admin) #:use-module (guix gexp) #:use-module (guix records) @@ -38,7 +38,7 @@ (define-record-type* dbus-configuration make-dbus-configuration dbus-configuration? (dbus dbus-configuration-dbus ; - (default dbus/activation)) + (default dbus)) (services dbus-configuration-services ;list of (default '()))) @@ -198,7 +198,7 @@ (define dbus-root-service-type (append (dbus-configuration-services config) services))))))) -(define* (dbus-service #:key (dbus dbus/activation) (services '())) +(define* (dbus-service #:key (dbus dbus) (services '())) "Return a service that runs the \"system bus\", using @var{dbus}, with support for @var{services}.