gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871].

* gnu/packages/check.scm (cppunit-1.14): New public variable.
* gnu/packages/libreoffice.scm (xmlsec-src-libreoffice): Remove variable.
(libreoffice): Update to 5.4.5.1.
[native-inputs]: Change CPPUNIT to CPPUNIT-1.14.  Remove AUTOCONF and AUTOMAKE.
[inputs]: Add GPGME, XMLSEC-NSS and LIBLTDL.  Remove XMLSEC-SRC-LIBREOFFICE.
Replace LIBJPEG with LIBJPEG-TURBO.
[arguments]: Remove xmlsec code from PREPARE-SRC-PHASE.  Make sure GPGME++
headers are found.  Add workaround for <https://bugs.gentoo.org/641812>.  Add
"--disable-pdfium" to #:configure-flags.
* gnu/packages/xml.scm (xmlsec-nss): New public variable.
This commit is contained in:
Marius Bakke 2018-02-11 11:46:27 +01:00
parent f1d7e14a1b
commit b4c9a3173d
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
3 changed files with 59 additions and 40 deletions

View File

@ -157,6 +157,23 @@ unit testing. Test output is in XML for automatic testing and GUI based for
supervised tests.") supervised tests.")
(license license:lgpl2.1))) ; no copyright notices. LGPL2.1 is in the tarball (license license:lgpl2.1))) ; no copyright notices. LGPL2.1 is in the tarball
;; Some packages require this newer version of cppunit. However, it needs
;; C++11 support, which is not enabled by default in our current GCC, and
;; updating in-place would require adding CXXFLAGS to many dependent packages.
;; Thus, keep as a separate variable for now.
;; TODO: Remove this when our default GCC is updated to 6 or higher.
(define-public cppunit-1.14
(package
(inherit cppunit)
(version "1.14.0")
(source (origin
(method url-fetch)
(uri (string-append "https://dev-www.libreoffice.org/src/"
"cppunit-" version ".tar.gz"))
(sha256
(base32
"1027cyfx5gsjkdkaf6c2wnjh68882grw8n672018cj3vs9lrhmix"))))))
(define-public catch-framework (define-public catch-framework
(package (package
(name "catch") (name "catch")

View File

@ -7,7 +7,7 @@
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Andy Wingo <wingo@igalia.com> ;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com> ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
@ -54,6 +54,7 @@
#:use-module (gnu packages glib) #:use-module (gnu packages glib)
#:use-module (gnu packages gnome) #:use-module (gnu packages gnome)
#:use-module (gnu packages gperf) #:use-module (gnu packages gperf)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages gnuzilla) #:use-module (gnu packages gnuzilla)
#:use-module (gnu packages gstreamer) #:use-module (gnu packages gstreamer)
#:use-module (gnu packages gtk) #:use-module (gnu packages gtk)
@ -839,22 +840,10 @@ and to return information on pronunciations, meanings and synonyms.")
(license (non-copyleft "file://COPYING" (license (non-copyleft "file://COPYING"
"See COPYING in the distribution.")))) "See COPYING in the distribution."))))
;; LibreOffice requires an xmlsec source tarball; it does not even check
;; for the presence of an externally compiled library.
(define xmlsec-src-libreoffice
(origin
(method url-fetch)
(uri
(string-append
"http://dev-www.libreoffice.org/src/"
"86b1daaa438f5a7bea9a52d7b9799ac0-xmlsec1-1.2.23.tar.gz"))
(sha256 (base32
"17qfw5crkqn4v6xbkjxrjvcccfc00dy053892wrwv54qdk8n7m21"))))
(define-public libreoffice (define-public libreoffice
(package (package
(name "libreoffice") (name "libreoffice")
(version "5.3.7.2") (version "5.4.5.1")
(source (source
(origin (origin
(method url-fetch) (method url-fetch)
@ -863,16 +852,11 @@ and to return information on pronunciations, meanings and synonyms.")
"https://download.documentfoundation.org/libreoffice/src/" "https://download.documentfoundation.org/libreoffice/src/"
(version-prefix version 3) "/libreoffice-" version ".tar.xz")) (version-prefix version 3) "/libreoffice-" version ".tar.xz"))
(sha256 (base32 (sha256 (base32
"0z7fssp0jcj09wxad1wmhy69n71a2mwl933lxp9dz5sdvzncxmy3")))) "167bh6jgyhfcvn3g7xghkg4nb99h91diypdlry5df21xs8bis5gb"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(native-inputs (native-inputs
`(;; autoreconf is run by the LibreOffice build system, since after `(("bison" ,bison)
;; unpacking the external xmlsec tarball, it applies a series of ("cppunit" ,cppunit-1.14)
;; patches to Makefile.am, configure.in, config.guess and config.sub.
("autoconf" ,autoconf)
("automake" ,automake)
("bison" ,bison)
("cppunit" ,cppunit)
("flex" ,flex) ("flex" ,flex)
("pkg-config" ,pkg-config) ("pkg-config" ,pkg-config)
("python" ,python-wrapper) ("python" ,python-wrapper)
@ -888,6 +872,7 @@ and to return information on pronunciations, meanings and synonyms.")
("glew" ,glew) ("glew" ,glew)
("glm" ,glm) ("glm" ,glm)
("gperf" ,gperf) ("gperf" ,gperf)
("gpgme" ,gpgme)
("graphite2" ,graphite2) ("graphite2" ,graphite2)
("gst-plugins-base" ,gst-plugins-base) ("gst-plugins-base" ,gst-plugins-base)
("gtk+" ,gtk+) ("gtk+" ,gtk+)
@ -897,12 +882,14 @@ and to return information on pronunciations, meanings and synonyms.")
("libabw" ,libabw) ("libabw" ,libabw)
("libcdr" ,libcdr) ("libcdr" ,libcdr)
("libcmis" ,libcmis) ("libcmis" ,libcmis)
("libjpeg" ,libjpeg) ("libjpeg-turbo" ,libjpeg-turbo)
("libe-book" ,libe-book) ("libe-book" ,libe-book)
("libetonyek" ,libetonyek) ("libetonyek" ,libetonyek)
("libexttextcat" ,libexttextcat) ("libexttextcat" ,libexttextcat)
("libfreehand" ,libfreehand) ("libfreehand" ,libfreehand)
("liblangtag" ,liblangtag) ("liblangtag" ,liblangtag)
;; XXX: Perhaps this should be propagated from xmlsec.
("libltdl" ,libltdl)
("libmspub" ,libmspub) ("libmspub" ,libmspub)
("libmwaw" ,libmwaw) ("libmwaw" ,libmwaw)
("libodfgen" ,libodfgen) ("libodfgen" ,libodfgen)
@ -935,7 +922,7 @@ and to return information on pronunciations, meanings and synonyms.")
("unixodbc" ,unixodbc) ("unixodbc" ,unixodbc)
("unzip" ,unzip) ("unzip" ,unzip)
("vigra" ,vigra) ("vigra" ,vigra)
("xmlsec-src" ,xmlsec-src-libreoffice) ("xmlsec" ,xmlsec-nss)
("zip" ,zip))) ("zip" ,zip)))
(arguments (arguments
`(#:tests? #f ; Building the tests already fails. `(#:tests? #f ; Building the tests already fails.
@ -944,26 +931,27 @@ and to return information on pronunciations, meanings and synonyms.")
(modify-phases %standard-phases (modify-phases %standard-phases
(add-before 'configure 'prepare-src (add-before 'configure 'prepare-src
(lambda* (#:key inputs #:allow-other-keys) (lambda* (#:key inputs #:allow-other-keys)
(let ((xmlsec (assoc-ref inputs "xmlsec-src"))) (let ((gpgme (assoc-ref inputs "gpgme")))
(substitute* (substitute*
(list "sysui/CustomTarget_share.mk" (list "sysui/CustomTarget_share.mk"
"solenv/gbuild/gbuild.mk" "solenv/gbuild/gbuild.mk"
"solenv/gbuild/platform/unxgcc.mk") "solenv/gbuild/platform/unxgcc.mk")
(("/bin/sh") (which "sh"))) (("/bin/sh") (which "sh")))
(mkdir "external/tarballs")
(symlink ;; GPGME++ headers are installed in a gpgme++ subdirectory,
xmlsec ;; but files in "xmlsecurity/source/gpg/" expect to find them
(string-append "external/tarballs/" ;; on the include path without a prefix.
"86b1daaa438f5a7bea9a52d7b9799ac0-" (substitute* "xmlsecurity/Library_xsec_xmlsec.mk"
"xmlsec1-1.2.23.tar.gz")) (("\\$\\$\\(INCLUDE\\)")
;; The following is required for building xmlsec from the (string-append "$$(INCLUDE) -I" gpgme "/include/gpgme++")))
;; unpatched external tarball; since "configure" starts with
;; "/bin/sh", it needs to be executed by a command invoking ;; XXX: When GTK2 is disabled, one header file is not included.
;; the shell. ;; This is likely fixed in later versions. See also
(setenv "SHELL" (which "bash")) ;; <https://bugs.gentoo.org/641812>.
(setenv "CONFIG_SHELL" (which "bash")) (substitute* "vcl/unx/gtk3/gtk3gtkframe.cxx"
(substitute* "external/libxmlsec/ExternalProject_xmlsec.mk" (("#include <unx/gtk/gtkgdi.hxx>")
(("./configure") "$(CONFIG_SHELL) ./configure" )) "#include <unx/gtk/gtkgdi.hxx>\n#include <unx/gtk/gtksalmenu.hxx>"))
#t))) #t)))
(add-after 'install 'bin-and-desktop-install (add-after 'install 'bin-and-desktop-install
;; Create 'soffice' and 'libreoffice' symlinks to the executable ;; Create 'soffice' and 'libreoffice' symlinks to the executable
@ -1037,6 +1025,10 @@ and to return information on pronunciations, meanings and synonyms.")
"--disable-coinmp" "--disable-coinmp"
"--disable-firebird-sdbc" ; embedded firebird "--disable-firebird-sdbc" ; embedded firebird
"--disable-gltf" "--disable-gltf"
;; XXX: PDFium support requires fetching an external tarball and
;; patching the build scripts to work with GCC5. Try enabling this
;; when our default compiler is >=GCC 6.
"--disable-pdfium"
"--disable-gtk" ; disable use of GTK+ 2 "--disable-gtk" ; disable use of GTK+ 2
"--without-doxygen"))) "--without-doxygen")))
(home-page "https://www.libreoffice.org/") (home-page "https://www.libreoffice.org/")

View File

@ -13,7 +13,7 @@
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net> ;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com> ;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net> ;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com> ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
@ -41,6 +41,7 @@
#:use-module (gnu packages compression) #:use-module (gnu packages compression)
#:use-module (gnu packages gnupg) #:use-module (gnu packages gnupg)
#:use-module (gnu packages java) #:use-module (gnu packages java)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages perl) #:use-module (gnu packages perl)
#:use-module (gnu packages perl-check) #:use-module (gnu packages perl-check)
#:use-module (gnu packages python) #:use-module (gnu packages python)
@ -971,6 +972,15 @@ Libxml2).")
(license (license:x11-style "file://COPYING" (license (license:x11-style "file://COPYING"
"See 'COPYING' in the distribution.")))) "See 'COPYING' in the distribution."))))
(define-public xmlsec-nss
(package
(inherit xmlsec)
(name "xmlsec-nss")
(inputs
`(("nss" ,nss)
("libltdl" ,libltdl)))
(synopsis "XML Security Library (using NSS instead of GnuTLS)")))
(define-public minixml (define-public minixml
(package (package
(name "minixml") (name "minixml")