aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-03-22 00:14:03 +0100
committerLudovic Courtès <ludo@gnu.org>2016-03-22 00:14:03 +0100
commitcd6cc144e0822482a8ca2b033b7bd6d33f0fd331 (patch)
tree28b7c39d314eb54845de71f20fdb144e348c0fe5
parentffc13e753b37adb694de1d26f3ea51cf0796a8a2 (diff)
parenta3b84f70d8bc992a0fc38cabdf12d48ff5e10e15 (diff)
downloadguix-cd6cc144e0822482a8ca2b033b7bd6d33f0fd331.tar.gz
guix-cd6cc144e0822482a8ca2b033b7bd6d33f0fd331.zip
Merge branch 'security-updates'
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/fontutils.scm22
-rw-r--r--gnu/packages/glib.scm16
-rw-r--r--gnu/packages/linux.scm19
-rw-r--r--gnu/packages/patches/openssl-c-rehash.patch17
-rw-r--r--gnu/packages/perl.scm26
-rw-r--r--gnu/packages/tls.scm81
-rw-r--r--gnu/services/base.scm4
-rw-r--r--gnu/services/dbus.scm8
-rw-r--r--gnu/system.scm2
10 files changed, 33 insertions, 163 deletions
diff --git a/gnu-system.am b/gnu-system.am
index f13a55de12..c819b5ab97 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -652,7 +652,6 @@ dist_patch_DATA = \
gnu/packages/patches/openjpeg-CVE-2015-6581.patch \
gnu/packages/patches/openjpeg-use-after-free-fix.patch \
gnu/packages/patches/openssl-runpath.patch \
- gnu/packages/patches/openssl-c-rehash.patch \
gnu/packages/patches/openssl-c-rehash-in.patch \
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
gnu/packages/patches/ots-no-include-missing-file.patch \
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 7e3f293817..34f391e5fa 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -208,9 +208,8 @@ applications should be.")
(define-public graphite2
(package
- (replacement graphite2-1.3.6)
(name "graphite2")
- (version "1.3.5")
+ (version "1.3.6")
(source
(origin
(method url-fetch)
@@ -218,8 +217,8 @@ applications should be.")
version ".tar.gz"))
(file-name (string-append name "-" version ".tar.gz"))
(sha256
- (base32
- "0jrjb56zim57xg2pckfdyrw46c624mqz9zywgwza0g1bxg26940w"))))
+ (base32
+ "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s"))))
(build-system cmake-build-system)
(native-inputs
`(("python" ,python-2) ; because of "import imap" in tests
@@ -235,21 +234,6 @@ and returns a sequence of positioned glyphids from the font.")
(license license:lgpl2.1+)
(home-page "https://github.com/silnrsi/graphite")))
-(define graphite2-1.3.6
- (package
- (inherit graphite2)
- (replacement #f)
- (source
- (let ((name "graphite2") (version "1.3.6"))
- (origin
- (method url-fetch)
- (uri (string-append "https://github.com/silnrsi/graphite/archive/"
- version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
- (sha256
- (base32
- "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s")))))))
-
(define-public potrace
(package
(name "potrace")
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index bc69af5a9e..16a1a6162d 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -61,14 +61,15 @@
(name "dbus")
(version "1.10.0")
(source (origin
- ;; TODO: Apply patch from DBUS/ACTIVATION below.
(method url-fetch)
(uri (string-append
"https://dbus.freedesktop.org/releases/dbus/dbus-"
version ".tar.gz"))
(sha256
(base32
- "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx"))))
+ "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx"))
+ (patches
+ (list (search-patch "dbus-helper-search-path.patch")))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
@@ -126,17 +127,6 @@ or through unencrypted TCP/IP suitable for use behind a firewall with
shared NFS home directories.")
(license license:gpl2+))) ; or Academic Free License 2.1
-(define-public dbus/activation
- ;; D-Bus with a patch to fix service activation.
- ;; TODO: Merge with DBUS above.
- (package
- (inherit dbus)
- (version (string-append (package-version dbus) ".a"))
- (source (origin
- (inherit (package-source dbus))
- (patches
- (list (search-patch "dbus-helper-search-path.patch")))))))
-
(define glib
(package
(name "glib")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index f62c254447..d3865fbe66 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1581,7 +1581,6 @@ from the module-init-tools project.")
(define-public eudev
;; The post-systemd fork, maintained by Gentoo.
- ;; TODO: Merge with 'eudev-with-blkid' below at an opportune time.
(package
(name "eudev")
(version "3.1.5")
@@ -1600,7 +1599,11 @@ from the module-init-tools project.")
("perl" ,perl)
("gperf" ,gperf)))
(inputs
- `(("kmod" ,kmod)))
+ ;; When linked against libblkid, eudev can populate /dev/disk/by-label
+ ;; and similar; it also installs the '60-persistent-storage.rules' file,
+ ;; which contains the rules to do that.
+ `(("util-linux" ,util-linux) ;for blkid
+ ("kmod" ,kmod)))
(home-page "https://wiki.gentoo.org/wiki/Project:Eudev")
(synopsis "Userspace device management")
(description "Udev is a daemon which dynamically creates and removes
@@ -1608,18 +1611,6 @@ device nodes from /dev/, handles hotplug events and loads drivers at boot
time.")
(license license:gpl2+)))
-(define-public eudev-with-blkid
- ;; TODO: Merge with 'eudev' above at an opportune time.
- (package
- (inherit eudev)
- (name "eudev-with-blkid")
- (inputs
- ;; When linked against libblkid, eudev can populate /dev/disk/by-label
- ;; and similar; it also installs the '60-persistent-storage.rules' file,
- ;; which contains the rules to do that.
- `(("util-linux" ,util-linux) ;for blkid
- ,@(package-inputs eudev)))))
-
(define-public lvm2
(package
(name "lvm2")
diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch
deleted file mode 100644
index f873a9af23..0000000000
--- a/gnu/packages/patches/openssl-c-rehash.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-This patch removes the explicit reference to the 'perl' binary,
-such that OpenSSL does not retain a reference to Perl.
-
-The 'c_rehash' program is seldom used, but it is used nonetheless
-to create symbolic links to certificates, for instance in the 'nss-certs'
-package.
-
---- openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:07.313316482 +0200
-+++ openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:28.965458458 +0200
-@@ -1,4 +1,6 @@
--#!/usr/bin/perl
-+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
-+ & eval 'exec perl -wS "$0" $argv:q'
-+ if 0;
-
- # Perl c_rehash script, scan all files in a directory
- # and add symbolic links to their hash values.
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index fb42735495..9bbcc8ffa4 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -38,7 +38,6 @@
(define-public perl
;; Yeah, Perl... It is required early in the bootstrap process by Linux.
(package
- (replacement perl-fixed)
(name "perl")
(version "5.22.1")
(source (origin
@@ -54,7 +53,8 @@
"perl-source-date-epoch.patch"
"perl-deterministic-ordering.patch"
"perl-no-build-time.patch"
- "perl-CVE-2015-8607.patch")))))
+ "perl-CVE-2015-8607.patch"
+ "perl-CVE-2016-2381.patch")))))
(build-system gnu-build-system)
(arguments
'(#:tests? #f
@@ -116,28 +116,6 @@
(home-page "http://www.perl.org/")
(license gpl1+))) ; or "Artistic"
-(define perl-fixed
- (package
- (inherit perl)
- (replacement #f)
- (source
- (let ((name "perl") (version "5.22.1"))
- (origin
- (method url-fetch)
- (uri (string-append "http://www.cpan.org/src/5.0/perl-"
- version ".tar.gz"))
- (sha256
- (base32
- "09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb"))
- (patches (map search-patch
- '("perl-no-sys-dirs.patch"
- "perl-autosplit-default-time.patch"
- "perl-source-date-epoch.patch"
- "perl-deterministic-ordering.patch"
- "perl-no-build-time.patch"
- "perl-CVE-2015-8607.patch"
- "perl-CVE-2016-2381.patch"))))))))
-
(define-public perl-algorithm-c3
(package
(name "perl-algorithm-c3")
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b6bf2578ea..d6225f7592 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -179,22 +179,21 @@ required structures.")
(define-public openssl
(package
- (replacement openssl-1.0.2g)
(name "openssl")
- (version "1.0.2f")
+ (version "1.0.2g")
(source (origin
- (method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
- name "-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/" name "-" version ".tar.gz")))
- (sha256
- (base32
- "171fkdg9v6j29d962nh6kb79kfm8kkhy7n9makw39d7jvvj4wawk"))
- (patches (map search-patch
- '("openssl-runpath.patch"
- "openssl-c-rehash.patch")))))
+ (method url-fetch)
+ (uri (list (string-append "ftp://ftp.openssl.org/source/"
+ name "-" version ".tar.gz")
+ (string-append "ftp://ftp.openssl.org/source/old/"
+ (string-trim-right version char-set:letter)
+ "/" name "-" version ".tar.gz")))
+ (sha256
+ (base32
+ "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
+ (patches (map search-patch
+ '("openssl-runpath.patch"
+ "openssl-c-rehash-in.patch")))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)))
(arguments
@@ -283,60 +282,6 @@ required structures.")
(license license:openssl)
(home-page "http://www.openssl.org/")))
-(define openssl-1.0.2g
- (package
- (inherit openssl)
- (replacement #f)
- (source
- (let ((name "openssl") (version "1.0.2g"))
- (origin
- (method url-fetch)
- (uri (list (string-append "ftp://ftp.openssl.org/source/"
- name "-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/" name "-" version ".tar.gz")))
- (sha256
- (base32
- "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
- (patches (map search-patch
- '("openssl-runpath.patch"
- "openssl-c-rehash-in.patch"))))))
- (arguments
- (substitute-keyword-arguments (package-arguments openssl)
- ((#:phases phases)
- `(modify-phases ,phases
- (replace 'configure
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (zero?
- (system*
- "./config"
-
- ;; XXX TEMPORARY, FOR GRAFTING ONLY
- ;; Enable ssl2 code to preserve
- ;; ABI compatibility with 1.0.2f
- "enable-ssl2"
-
- "shared" ;build shared libraries
- "--libdir=lib"
-
- ;; The default for this catch-all directory is
- ;; PREFIX/ssl. Change that to something more
- ;; conventional.
- (string-append "--openssldir=" out
- "/share/openssl-" ,(package-version openssl))
-
- (string-append "--prefix=" out)
-
- ;; XXX FIXME: Work around a code generation bug in GCC
- ;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
- ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
- ,@(if (and (not (%current-target-system))
- (string-prefix? "armhf" (%current-system)))
- '("-mfpu=vfpv3")
- '()))))))))))))
-
(define-public libressl
(package
(name "libressl")
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 9b3dc73831..545fe60b1a 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -29,7 +29,7 @@
#:use-module (gnu system file-systems) ; 'file-system', etc.
#:use-module (gnu packages admin)
#:use-module ((gnu packages linux)
- #:select (eudev-with-blkid kbd e2fsprogs lvm2 fuse alsa-utils crda gpm))
+ #:select (eudev kbd e2fsprogs lvm2 fuse alsa-utils crda gpm))
#:use-module ((gnu packages base)
#:select (canonical-package glibc))
#:use-module (gnu packages package-management)
@@ -1170,7 +1170,7 @@ item of @var{packages}."
(udev udev)
(rules (append initial-rules rules)))))))))
-(define* (udev-service #:key (udev eudev-with-blkid) (rules '()))
+(define* (udev-service #:key (udev eudev) (rules '()))
"Run @var{udev}, which populates the @file{/dev} directory dynamically. Get
extra rules from the packages listed in @var{rules}."
(service udev-service-type
diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm
index 88a840a4b5..9a4a13d41d 100644
--- a/gnu/services/dbus.scm
+++ b/gnu/services/dbus.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;;
;;; This file is part of GNU Guix.
@@ -21,7 +21,7 @@
#:use-module (gnu services)
#:use-module (gnu services shepherd)
#:use-module (gnu system shadow)
- #:use-module ((gnu packages glib) #:select (dbus/activation))
+ #:use-module ((gnu packages glib) #:select (dbus))
#:use-module (gnu packages admin)
#:use-module (guix gexp)
#:use-module (guix records)
@@ -38,7 +38,7 @@
dbus-configuration make-dbus-configuration
dbus-configuration?
(dbus dbus-configuration-dbus ;<package>
- (default dbus/activation))
+ (default dbus))
(services dbus-configuration-services ;list of <package>
(default '())))
@@ -198,7 +198,7 @@ includes the @code{etc/dbus-1/system.d} directories of each package listed in
(append (dbus-configuration-services config)
services)))))))
-(define* (dbus-service #:key (dbus dbus/activation) (services '()))
+(define* (dbus-service #:key (dbus dbus) (services '()))
"Return a service that runs the \"system bus\", using @var{dbus}, with
support for @var{services}.
diff --git a/gnu/system.scm b/gnu/system.scm
index 5be24ba586..9b16011d1d 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -374,7 +374,7 @@ explicitly appear in OS."
;; Get 'insmod' & co. from kmod, not module-init-tools, since udev
;; already depends on it anyway.
- kmod eudev-with-blkid
+ kmod eudev
e2fsprogs kbd