Merge branch 'security-updates'
This commit is contained in:
commit
cd6cc144e0
|
@ -652,7 +652,6 @@ dist_patch_DATA = \
|
||||||
gnu/packages/patches/openjpeg-CVE-2015-6581.patch \
|
gnu/packages/patches/openjpeg-CVE-2015-6581.patch \
|
||||||
gnu/packages/patches/openjpeg-use-after-free-fix.patch \
|
gnu/packages/patches/openjpeg-use-after-free-fix.patch \
|
||||||
gnu/packages/patches/openssl-runpath.patch \
|
gnu/packages/patches/openssl-runpath.patch \
|
||||||
gnu/packages/patches/openssl-c-rehash.patch \
|
|
||||||
gnu/packages/patches/openssl-c-rehash-in.patch \
|
gnu/packages/patches/openssl-c-rehash-in.patch \
|
||||||
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
|
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
|
||||||
gnu/packages/patches/ots-no-include-missing-file.patch \
|
gnu/packages/patches/ots-no-include-missing-file.patch \
|
||||||
|
|
|
@ -208,9 +208,8 @@ applications should be.")
|
||||||
|
|
||||||
(define-public graphite2
|
(define-public graphite2
|
||||||
(package
|
(package
|
||||||
(replacement graphite2-1.3.6)
|
|
||||||
(name "graphite2")
|
(name "graphite2")
|
||||||
(version "1.3.5")
|
(version "1.3.6")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
|
@ -218,8 +217,8 @@ applications should be.")
|
||||||
version ".tar.gz"))
|
version ".tar.gz"))
|
||||||
(file-name (string-append name "-" version ".tar.gz"))
|
(file-name (string-append name "-" version ".tar.gz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0jrjb56zim57xg2pckfdyrw46c624mqz9zywgwza0g1bxg26940w"))))
|
"1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s"))))
|
||||||
(build-system cmake-build-system)
|
(build-system cmake-build-system)
|
||||||
(native-inputs
|
(native-inputs
|
||||||
`(("python" ,python-2) ; because of "import imap" in tests
|
`(("python" ,python-2) ; because of "import imap" in tests
|
||||||
|
@ -235,21 +234,6 @@ and returns a sequence of positioned glyphids from the font.")
|
||||||
(license license:lgpl2.1+)
|
(license license:lgpl2.1+)
|
||||||
(home-page "https://github.com/silnrsi/graphite")))
|
(home-page "https://github.com/silnrsi/graphite")))
|
||||||
|
|
||||||
(define graphite2-1.3.6
|
|
||||||
(package
|
|
||||||
(inherit graphite2)
|
|
||||||
(replacement #f)
|
|
||||||
(source
|
|
||||||
(let ((name "graphite2") (version "1.3.6"))
|
|
||||||
(origin
|
|
||||||
(method url-fetch)
|
|
||||||
(uri (string-append "https://github.com/silnrsi/graphite/archive/"
|
|
||||||
version ".tar.gz"))
|
|
||||||
(file-name (string-append name "-" version ".tar.gz"))
|
|
||||||
(sha256
|
|
||||||
(base32
|
|
||||||
"1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s")))))))
|
|
||||||
|
|
||||||
(define-public potrace
|
(define-public potrace
|
||||||
(package
|
(package
|
||||||
(name "potrace")
|
(name "potrace")
|
||||||
|
|
|
@ -61,14 +61,15 @@
|
||||||
(name "dbus")
|
(name "dbus")
|
||||||
(version "1.10.0")
|
(version "1.10.0")
|
||||||
(source (origin
|
(source (origin
|
||||||
;; TODO: Apply patch from DBUS/ACTIVATION below.
|
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append
|
(uri (string-append
|
||||||
"https://dbus.freedesktop.org/releases/dbus/dbus-"
|
"https://dbus.freedesktop.org/releases/dbus/dbus-"
|
||||||
version ".tar.gz"))
|
version ".tar.gz"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx"))))
|
"0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx"))
|
||||||
|
(patches
|
||||||
|
(list (search-patch "dbus-helper-search-path.patch")))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
'(#:configure-flags
|
'(#:configure-flags
|
||||||
|
@ -126,17 +127,6 @@ or through unencrypted TCP/IP suitable for use behind a firewall with
|
||||||
shared NFS home directories.")
|
shared NFS home directories.")
|
||||||
(license license:gpl2+))) ; or Academic Free License 2.1
|
(license license:gpl2+))) ; or Academic Free License 2.1
|
||||||
|
|
||||||
(define-public dbus/activation
|
|
||||||
;; D-Bus with a patch to fix service activation.
|
|
||||||
;; TODO: Merge with DBUS above.
|
|
||||||
(package
|
|
||||||
(inherit dbus)
|
|
||||||
(version (string-append (package-version dbus) ".a"))
|
|
||||||
(source (origin
|
|
||||||
(inherit (package-source dbus))
|
|
||||||
(patches
|
|
||||||
(list (search-patch "dbus-helper-search-path.patch")))))))
|
|
||||||
|
|
||||||
(define glib
|
(define glib
|
||||||
(package
|
(package
|
||||||
(name "glib")
|
(name "glib")
|
||||||
|
|
|
@ -1581,7 +1581,6 @@ from the module-init-tools project.")
|
||||||
|
|
||||||
(define-public eudev
|
(define-public eudev
|
||||||
;; The post-systemd fork, maintained by Gentoo.
|
;; The post-systemd fork, maintained by Gentoo.
|
||||||
;; TODO: Merge with 'eudev-with-blkid' below at an opportune time.
|
|
||||||
(package
|
(package
|
||||||
(name "eudev")
|
(name "eudev")
|
||||||
(version "3.1.5")
|
(version "3.1.5")
|
||||||
|
@ -1600,7 +1599,11 @@ from the module-init-tools project.")
|
||||||
("perl" ,perl)
|
("perl" ,perl)
|
||||||
("gperf" ,gperf)))
|
("gperf" ,gperf)))
|
||||||
(inputs
|
(inputs
|
||||||
`(("kmod" ,kmod)))
|
;; When linked against libblkid, eudev can populate /dev/disk/by-label
|
||||||
|
;; and similar; it also installs the '60-persistent-storage.rules' file,
|
||||||
|
;; which contains the rules to do that.
|
||||||
|
`(("util-linux" ,util-linux) ;for blkid
|
||||||
|
("kmod" ,kmod)))
|
||||||
(home-page "https://wiki.gentoo.org/wiki/Project:Eudev")
|
(home-page "https://wiki.gentoo.org/wiki/Project:Eudev")
|
||||||
(synopsis "Userspace device management")
|
(synopsis "Userspace device management")
|
||||||
(description "Udev is a daemon which dynamically creates and removes
|
(description "Udev is a daemon which dynamically creates and removes
|
||||||
|
@ -1608,18 +1611,6 @@ device nodes from /dev/, handles hotplug events and loads drivers at boot
|
||||||
time.")
|
time.")
|
||||||
(license license:gpl2+)))
|
(license license:gpl2+)))
|
||||||
|
|
||||||
(define-public eudev-with-blkid
|
|
||||||
;; TODO: Merge with 'eudev' above at an opportune time.
|
|
||||||
(package
|
|
||||||
(inherit eudev)
|
|
||||||
(name "eudev-with-blkid")
|
|
||||||
(inputs
|
|
||||||
;; When linked against libblkid, eudev can populate /dev/disk/by-label
|
|
||||||
;; and similar; it also installs the '60-persistent-storage.rules' file,
|
|
||||||
;; which contains the rules to do that.
|
|
||||||
`(("util-linux" ,util-linux) ;for blkid
|
|
||||||
,@(package-inputs eudev)))))
|
|
||||||
|
|
||||||
(define-public lvm2
|
(define-public lvm2
|
||||||
(package
|
(package
|
||||||
(name "lvm2")
|
(name "lvm2")
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
This patch removes the explicit reference to the 'perl' binary,
|
|
||||||
such that OpenSSL does not retain a reference to Perl.
|
|
||||||
|
|
||||||
The 'c_rehash' program is seldom used, but it is used nonetheless
|
|
||||||
to create symbolic links to certificates, for instance in the 'nss-certs'
|
|
||||||
package.
|
|
||||||
|
|
||||||
--- openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:07.313316482 +0200
|
|
||||||
+++ openssl-1.0.2d/tools/c_rehash 2015-09-09 18:36:28.965458458 +0200
|
|
||||||
@@ -1,4 +1,6 @@
|
|
||||||
-#!/usr/bin/perl
|
|
||||||
+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
|
|
||||||
+ & eval 'exec perl -wS "$0" $argv:q'
|
|
||||||
+ if 0;
|
|
||||||
|
|
||||||
# Perl c_rehash script, scan all files in a directory
|
|
||||||
# and add symbolic links to their hash values.
|
|
|
@ -38,7 +38,6 @@
|
||||||
(define-public perl
|
(define-public perl
|
||||||
;; Yeah, Perl... It is required early in the bootstrap process by Linux.
|
;; Yeah, Perl... It is required early in the bootstrap process by Linux.
|
||||||
(package
|
(package
|
||||||
(replacement perl-fixed)
|
|
||||||
(name "perl")
|
(name "perl")
|
||||||
(version "5.22.1")
|
(version "5.22.1")
|
||||||
(source (origin
|
(source (origin
|
||||||
|
@ -54,7 +53,8 @@
|
||||||
"perl-source-date-epoch.patch"
|
"perl-source-date-epoch.patch"
|
||||||
"perl-deterministic-ordering.patch"
|
"perl-deterministic-ordering.patch"
|
||||||
"perl-no-build-time.patch"
|
"perl-no-build-time.patch"
|
||||||
"perl-CVE-2015-8607.patch")))))
|
"perl-CVE-2015-8607.patch"
|
||||||
|
"perl-CVE-2016-2381.patch")))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
'(#:tests? #f
|
'(#:tests? #f
|
||||||
|
@ -116,28 +116,6 @@
|
||||||
(home-page "http://www.perl.org/")
|
(home-page "http://www.perl.org/")
|
||||||
(license gpl1+))) ; or "Artistic"
|
(license gpl1+))) ; or "Artistic"
|
||||||
|
|
||||||
(define perl-fixed
|
|
||||||
(package
|
|
||||||
(inherit perl)
|
|
||||||
(replacement #f)
|
|
||||||
(source
|
|
||||||
(let ((name "perl") (version "5.22.1"))
|
|
||||||
(origin
|
|
||||||
(method url-fetch)
|
|
||||||
(uri (string-append "http://www.cpan.org/src/5.0/perl-"
|
|
||||||
version ".tar.gz"))
|
|
||||||
(sha256
|
|
||||||
(base32
|
|
||||||
"09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb"))
|
|
||||||
(patches (map search-patch
|
|
||||||
'("perl-no-sys-dirs.patch"
|
|
||||||
"perl-autosplit-default-time.patch"
|
|
||||||
"perl-source-date-epoch.patch"
|
|
||||||
"perl-deterministic-ordering.patch"
|
|
||||||
"perl-no-build-time.patch"
|
|
||||||
"perl-CVE-2015-8607.patch"
|
|
||||||
"perl-CVE-2016-2381.patch"))))))))
|
|
||||||
|
|
||||||
(define-public perl-algorithm-c3
|
(define-public perl-algorithm-c3
|
||||||
(package
|
(package
|
||||||
(name "perl-algorithm-c3")
|
(name "perl-algorithm-c3")
|
||||||
|
|
|
@ -179,22 +179,21 @@ required structures.")
|
||||||
|
|
||||||
(define-public openssl
|
(define-public openssl
|
||||||
(package
|
(package
|
||||||
(replacement openssl-1.0.2g)
|
|
||||||
(name "openssl")
|
(name "openssl")
|
||||||
(version "1.0.2f")
|
(version "1.0.2g")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (list (string-append "ftp://ftp.openssl.org/source/"
|
(uri (list (string-append "ftp://ftp.openssl.org/source/"
|
||||||
name "-" version ".tar.gz")
|
name "-" version ".tar.gz")
|
||||||
(string-append "ftp://ftp.openssl.org/source/old/"
|
(string-append "ftp://ftp.openssl.org/source/old/"
|
||||||
(string-trim-right version char-set:letter)
|
(string-trim-right version char-set:letter)
|
||||||
"/" name "-" version ".tar.gz")))
|
"/" name "-" version ".tar.gz")))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"171fkdg9v6j29d962nh6kb79kfm8kkhy7n9makw39d7jvvj4wawk"))
|
"0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
|
||||||
(patches (map search-patch
|
(patches (map search-patch
|
||||||
'("openssl-runpath.patch"
|
'("openssl-runpath.patch"
|
||||||
"openssl-c-rehash.patch")))))
|
"openssl-c-rehash-in.patch")))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(native-inputs `(("perl" ,perl)))
|
(native-inputs `(("perl" ,perl)))
|
||||||
(arguments
|
(arguments
|
||||||
|
@ -283,60 +282,6 @@ required structures.")
|
||||||
(license license:openssl)
|
(license license:openssl)
|
||||||
(home-page "http://www.openssl.org/")))
|
(home-page "http://www.openssl.org/")))
|
||||||
|
|
||||||
(define openssl-1.0.2g
|
|
||||||
(package
|
|
||||||
(inherit openssl)
|
|
||||||
(replacement #f)
|
|
||||||
(source
|
|
||||||
(let ((name "openssl") (version "1.0.2g"))
|
|
||||||
(origin
|
|
||||||
(method url-fetch)
|
|
||||||
(uri (list (string-append "ftp://ftp.openssl.org/source/"
|
|
||||||
name "-" version ".tar.gz")
|
|
||||||
(string-append "ftp://ftp.openssl.org/source/old/"
|
|
||||||
(string-trim-right version char-set:letter)
|
|
||||||
"/" name "-" version ".tar.gz")))
|
|
||||||
(sha256
|
|
||||||
(base32
|
|
||||||
"0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
|
|
||||||
(patches (map search-patch
|
|
||||||
'("openssl-runpath.patch"
|
|
||||||
"openssl-c-rehash-in.patch"))))))
|
|
||||||
(arguments
|
|
||||||
(substitute-keyword-arguments (package-arguments openssl)
|
|
||||||
((#:phases phases)
|
|
||||||
`(modify-phases ,phases
|
|
||||||
(replace 'configure
|
|
||||||
(lambda* (#:key outputs #:allow-other-keys)
|
|
||||||
(let ((out (assoc-ref outputs "out")))
|
|
||||||
(zero?
|
|
||||||
(system*
|
|
||||||
"./config"
|
|
||||||
|
|
||||||
;; XXX TEMPORARY, FOR GRAFTING ONLY
|
|
||||||
;; Enable ssl2 code to preserve
|
|
||||||
;; ABI compatibility with 1.0.2f
|
|
||||||
"enable-ssl2"
|
|
||||||
|
|
||||||
"shared" ;build shared libraries
|
|
||||||
"--libdir=lib"
|
|
||||||
|
|
||||||
;; The default for this catch-all directory is
|
|
||||||
;; PREFIX/ssl. Change that to something more
|
|
||||||
;; conventional.
|
|
||||||
(string-append "--openssldir=" out
|
|
||||||
"/share/openssl-" ,(package-version openssl))
|
|
||||||
|
|
||||||
(string-append "--prefix=" out)
|
|
||||||
|
|
||||||
;; XXX FIXME: Work around a code generation bug in GCC
|
|
||||||
;; 4.9.3 on ARM when compiled with -mfpu=neon. See:
|
|
||||||
;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
|
|
||||||
,@(if (and (not (%current-target-system))
|
|
||||||
(string-prefix? "armhf" (%current-system)))
|
|
||||||
'("-mfpu=vfpv3")
|
|
||||||
'()))))))))))))
|
|
||||||
|
|
||||||
(define-public libressl
|
(define-public libressl
|
||||||
(package
|
(package
|
||||||
(name "libressl")
|
(name "libressl")
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
#:use-module (gnu system file-systems) ; 'file-system', etc.
|
#:use-module (gnu system file-systems) ; 'file-system', etc.
|
||||||
#:use-module (gnu packages admin)
|
#:use-module (gnu packages admin)
|
||||||
#:use-module ((gnu packages linux)
|
#:use-module ((gnu packages linux)
|
||||||
#:select (eudev-with-blkid kbd e2fsprogs lvm2 fuse alsa-utils crda gpm))
|
#:select (eudev kbd e2fsprogs lvm2 fuse alsa-utils crda gpm))
|
||||||
#:use-module ((gnu packages base)
|
#:use-module ((gnu packages base)
|
||||||
#:select (canonical-package glibc))
|
#:select (canonical-package glibc))
|
||||||
#:use-module (gnu packages package-management)
|
#:use-module (gnu packages package-management)
|
||||||
|
@ -1170,7 +1170,7 @@ item of @var{packages}."
|
||||||
(udev udev)
|
(udev udev)
|
||||||
(rules (append initial-rules rules)))))))))
|
(rules (append initial-rules rules)))))))))
|
||||||
|
|
||||||
(define* (udev-service #:key (udev eudev-with-blkid) (rules '()))
|
(define* (udev-service #:key (udev eudev) (rules '()))
|
||||||
"Run @var{udev}, which populates the @file{/dev} directory dynamically. Get
|
"Run @var{udev}, which populates the @file{/dev} directory dynamically. Get
|
||||||
extra rules from the packages listed in @var{rules}."
|
extra rules from the packages listed in @var{rules}."
|
||||||
(service udev-service-type
|
(service udev-service-type
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
|
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
#:use-module (gnu services)
|
#:use-module (gnu services)
|
||||||
#:use-module (gnu services shepherd)
|
#:use-module (gnu services shepherd)
|
||||||
#:use-module (gnu system shadow)
|
#:use-module (gnu system shadow)
|
||||||
#:use-module ((gnu packages glib) #:select (dbus/activation))
|
#:use-module ((gnu packages glib) #:select (dbus))
|
||||||
#:use-module (gnu packages admin)
|
#:use-module (gnu packages admin)
|
||||||
#:use-module (guix gexp)
|
#:use-module (guix gexp)
|
||||||
#:use-module (guix records)
|
#:use-module (guix records)
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
dbus-configuration make-dbus-configuration
|
dbus-configuration make-dbus-configuration
|
||||||
dbus-configuration?
|
dbus-configuration?
|
||||||
(dbus dbus-configuration-dbus ;<package>
|
(dbus dbus-configuration-dbus ;<package>
|
||||||
(default dbus/activation))
|
(default dbus))
|
||||||
(services dbus-configuration-services ;list of <package>
|
(services dbus-configuration-services ;list of <package>
|
||||||
(default '())))
|
(default '())))
|
||||||
|
|
||||||
|
@ -198,7 +198,7 @@ includes the @code{etc/dbus-1/system.d} directories of each package listed in
|
||||||
(append (dbus-configuration-services config)
|
(append (dbus-configuration-services config)
|
||||||
services)))))))
|
services)))))))
|
||||||
|
|
||||||
(define* (dbus-service #:key (dbus dbus/activation) (services '()))
|
(define* (dbus-service #:key (dbus dbus) (services '()))
|
||||||
"Return a service that runs the \"system bus\", using @var{dbus}, with
|
"Return a service that runs the \"system bus\", using @var{dbus}, with
|
||||||
support for @var{services}.
|
support for @var{services}.
|
||||||
|
|
||||||
|
|
|
@ -374,7 +374,7 @@ explicitly appear in OS."
|
||||||
|
|
||||||
;; Get 'insmod' & co. from kmod, not module-init-tools, since udev
|
;; Get 'insmod' & co. from kmod, not module-init-tools, since udev
|
||||||
;; already depends on it anyway.
|
;; already depends on it anyway.
|
||||||
kmod eudev-with-blkid
|
kmod eudev
|
||||||
|
|
||||||
e2fsprogs kbd
|
e2fsprogs kbd
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue