summary refs log tree commit diff
diff options
context:
space:
mode:
authorMaxim Cournoyer <maxim.cournoyer@gmail.com>2021-04-23 21:32:22 -0400
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2021-04-23 21:32:22 -0400
commit87c0d6265ca014da382824996719c0b8fefe3646 (patch)
treec9036e6bfa9c0c6c140f5f69b57faf5422210dbf
parent1eb26d0e07ad439c935b324c1ed858f50e9dcccd (diff)
parente12210dc92098d8581cea3007d57dbb6be16bb41 (diff)
downloadguix-87c0d6265ca014da382824996719c0b8fefe3646.tar.gz
Merge remote-tracking branch 'origin/wip-ungrafting' into HEAD
-rw-r--r--gnu/packages/cyrus-sasl.scm21
-rw-r--r--gnu/packages/gnome.scm17
-rw-r--r--gnu/packages/gtk.scm23
-rw-r--r--gnu/packages/python.scm22
-rw-r--r--gnu/packages/tls.scm37
5 files changed, 14 insertions, 106 deletions
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index c18703fde0..43c2099968 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -44,8 +44,8 @@
                         version ".tar.gz")))
             (sha256 (base32
                      "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))
-            (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"))))
-   (replacement cyrus-sasl/fixed)
+            (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"
+                                     "cyrus-sasl-CVE-2019-19906.patch"))))
    (build-system gnu-build-system)
    (native-inputs
      `(("autoconf" ,autoconf)
@@ -81,20 +81,3 @@ server writers.")
    (license (license:non-copyleft "file://COPYING"
                                   "See COPYING in the distribution."))
    (home-page "https://cyrusimap.org/sasl/")))
-
-(define cyrus-sasl/fixed
-  (package
-    (inherit cyrus-sasl)
-    (version "2.1.27")
-    (source (origin
-              (method url-fetch)
-              (uri (list (string-append
-                          "https://cyrusimap.org/releases/cyrus-sasl-"
-                          version ".tar.gz")
-                         (string-append
-                          "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
-                          version ".tar.gz")))
-              (sha256 (base32
-                       "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))
-              (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"
-                                       "cyrus-sasl-CVE-2019-19906.patch"))))))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 34f5078581..78a473b348 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -3221,10 +3221,10 @@ the GNOME desktop environment.")
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version)  "/"
                                   name "-" version ".tar.xz"))
+              (patches (search-patches "libcroco-CVE-2020-12825.patch"))
               (sha256
                (base32
                 "1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn"))))
-    (replacement libcroco/fixed)
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -3243,21 +3243,6 @@ XML/CSS rendering engine.")
     ;; LGPLv2.1-only.
     (license license:lgpl2.1)))
 
-(define libcroco/fixed
-  (package
-    (inherit libcroco)
-    (name "libcroco")
-    (version "0.6.13")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/" name "/"
-                                  (version-major+minor version)  "/"
-                                  name "-" version ".tar.xz"))
-              (sha256
-               (base32
-                "1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn"))
-              (patches (search-patches "libcroco-CVE-2020-12825.patch"))))))
-
 (define-public libgsf
   (package
     (name "libgsf")
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index bffc9e0298..24fd48d971 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -125,11 +125,12 @@ tools have full access to view and control running applications.")
   (package
    (name "cairo")
    (version "1.16.0")
-   (replacement cairo/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "https://cairographics.org/releases/cairo-"
                                 version ".tar.xz"))
+            (patches (search-patches "cairo-CVE-2018-19876.patch"
+                                     "cairo-CVE-2020-35492.patch"))
             (sha256
              (base32
               "0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy"))))
@@ -176,15 +177,6 @@ affine transformation (scale, rotation, shear, etc.).")
    (license license:lgpl2.1) ; or Mozilla Public License 1.1
    (home-page "https://cairographics.org/")))
 
-(define cairo/fixed
-  (package
-    (inherit cairo)
-    (source (origin
-              (inherit (package-source cairo))
-              (patches (append (search-patches "cairo-CVE-2018-19876.patch"
-                                               "cairo-CVE-2020-35492.patch")
-                               (origin-patches (package-source cairo))))))))
-
 (define-public cairo-sans-poppler
   ;; Variant used to break the dependency cycle between Poppler and Cairo.
   (package/inherit cairo
@@ -567,12 +559,12 @@ highlighting and other features typical of a source code editor.")
   (package
    (name "gdk-pixbuf")
    (version "2.40.0")
-   (replacement gdk-pixbuf/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
                                 (version-major+minor version)  "/"
                                 name "-" version ".tar.xz"))
+            (patches (search-patches "gdk-pixbuf-CVE-2020-29385.patch"))
             (sha256
              (base32
               "1rnlx9yfw970maxi2x6niaxmih5la11q1ilr7gzshz2kk585k0hm"))))
@@ -624,15 +616,6 @@ in the GNOME project.")
    (license license:lgpl2.0+)
    (home-page "https://developer.gnome.org/gdk-pixbuf/")))
 
-(define gdk-pixbuf/fixed
-  (package
-    (inherit gdk-pixbuf)
-    (source (origin
-              (inherit (package-source gdk-pixbuf))
-              (patches
-               (append (search-patches "gdk-pixbuf-CVE-2020-29385.patch")
-                       (origin-patches (package-source gdk-pixbuf))))))))
-
 ;; To build gdk-pixbuf with SVG support, we need librsvg, and librsvg depends
 ;; on gdk-pixbuf, so this new varibale.  Also, librsvg adds 90MiB to the
 ;; closure size.
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 5d8fa1185b..ce424bdeb0 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -107,7 +107,6 @@
 (define-public python-2.7
   (package
     (name "python2")
-    (replacement python-2.7/fixed)
     (version "2.7.17")
     (source
      (origin
@@ -122,7 +121,8 @@
                                "python-2.7-site-prefixes.patch"
                                "python-2.7-source-date-epoch.patch"
                                "python-2.7-adjust-tests.patch"
-                               "python-cross-compile.patch"))
+                               "python-cross-compile.patch"
+                               "python-2.7-CVE-2021-3177.patch"))
       (modules '((guix build utils)))
       (snippet
        '(begin
@@ -351,14 +351,6 @@ data types.")
     (properties '((cpe-name . "python")))
     (license license:psfl)))
 
-(define python-2.7/fixed
-  (package
-    (inherit python-2.7)
-    (source (origin
-              (inherit (package-source python-2.7))
-              (patches (append (search-patches "python-2.7-CVE-2021-3177.patch")
-                               (origin-patches (package-source python-2.7))))))))
-
 ;; Current 2.x version.
 (define-public python-2 python-2.7)
 
@@ -373,7 +365,6 @@ data types.")
 (define-public python-3.8
   (package (inherit python-2)
     (name "python")
-    (replacement python-3.8/fixed)
     (version "3.8.2")
     (source (origin
               (method url-fetch)
@@ -381,6 +372,7 @@ data types.")
                                   version "/Python-" version ".tar.xz"))
               (patches (search-patches
                         "python-CVE-2020-26116.patch"
+                        "python-3.8-CVE-2021-3177.patch"
                         "python-3-fix-tests.patch"
                         "python-3.8-fix-tests.patch"
                         "python-3-deterministic-build-info.patch"
@@ -531,14 +523,6 @@ data types.")
                                         (version-major+minor version)
                                         "/site-packages"))))))))
 
-(define python-3.8/fixed
-  (package
-    (inherit python-3.8)
-    (source (origin
-              (inherit (package-source python-3.8))
-              (patches (append (search-patches "python-3.8-CVE-2021-3177.patch")
-                               (origin-patches (package-source python-3.8))))))))
-
 (define-public python-3.9
   (package (inherit python-3.8)
     (name "python-next")
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 25493cc7ca..fee6276674 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -165,7 +165,6 @@ living in the same process.")
   (package
     (name "gnutls")
     (version "3.6.15")
-    (replacement gnutls/fixed)
     (source (origin
               (method url-fetch)
               ;; Note: Releases are no longer on ftp.gnu.org since the
@@ -174,7 +173,9 @@ living in the same process.")
                                   (version-major+minor version)
                                   "/gnutls-" version ".tar.xz"))
               (patches (search-patches "gnutls-skip-trust-store-test.patch"
-                                       "gnutls-cross.patch"))
+                                       "gnutls-cross.patch"
+                                       "gnutls-CVE-2021-20231.patch"
+                                       "gnutls-CVE-2021-20232.patch"))
               (sha256
                (base32
                 "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
@@ -257,15 +258,6 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
-(define gnutls/fixed
-  (package
-    (inherit gnutls)
-    (source (origin
-              (inherit (package-source gnutls))
-              (patches (append (search-patches "gnutls-CVE-2021-20231.patch"
-                                               "gnutls-CVE-2021-20232.patch")
-                               (origin-patches (package-source gnutls))))))))
-
 (define-public gnutls/guile-2.0
   ;; GnuTLS for Guile 2.0.
   (package/inherit gnutls
@@ -296,8 +288,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
-   (replacement openssl/fixed)
-   (version "1.1.1i")
+   (version "1.1.1j")
    (source (origin
              (method url-fetch)
              (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -310,7 +301,7 @@ required structures.")
              (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
              (sha256
               (base32
-               "0hjj1phcwkz69lx1lrvr9grhpl4y529mwqycqc1hdla1zqsnmgp8"))))
+               "1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"         ;6.8 MiB of man3 pages and full HTML documentation
@@ -431,24 +422,6 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
-(define-public openssl/fixed
-  (package
-   (inherit openssl)
-   (version "1.1.1k")
-   (source (origin
-             (method url-fetch)
-             (uri (list (string-append "https://www.openssl.org/source/openssl-"
-                                       version ".tar.gz")
-                        (string-append "ftp://ftp.openssl.org/source/"
-                                       "openssl-" version ".tar.gz")
-                        (string-append "ftp://ftp.openssl.org/source/old/"
-                                       (string-trim-right version char-set:letter)
-                                       "/openssl-" version ".tar.gz")))
-             (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
-             (sha256
-              (base32
-               "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"))))))
-
 (define-public openssl-1.0
   (package
     (inherit openssl)