summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-03-22 00:14:03 +0100
committerLudovic Courtès <ludo@gnu.org>2016-03-22 00:14:03 +0100
commitcd6cc144e0822482a8ca2b033b7bd6d33f0fd331 (patch)
tree28b7c39d314eb54845de71f20fdb144e348c0fe5
parentffc13e753b37adb694de1d26f3ea51cf0796a8a2 (diff)
parenta3b84f70d8bc992a0fc38cabdf12d48ff5e10e15 (diff)
downloadguix-cd6cc144e0822482a8ca2b033b7bd6d33f0fd331.tar.gz
Merge branch 'security-updates'
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/fontutils.scm22
-rw-r--r--gnu/packages/glib.scm16
-rw-r--r--gnu/packages/linux.scm19
-rw-r--r--gnu/packages/patches/openssl-c-rehash.patch17
-rw-r--r--gnu/packages/perl.scm26
-rw-r--r--gnu/packages/tls.scm81
-rw-r--r--gnu/services/base.scm4
-rw-r--r--gnu/services/dbus.scm8
-rw-r--r--gnu/system.scm2
10 files changed, 33 insertions, 163 deletions
diff --git a/gnu-system.am b/gnu-system.am
index f13a55de12..c819b5ab97 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -652,7 +652,6 @@ dist_patch_DATA =						\
   gnu/packages/patches/openjpeg-CVE-2015-6581.patch		\
   gnu/packages/patches/openjpeg-use-after-free-fix.patch	\
   gnu/packages/patches/openssl-runpath.patch			\
-  gnu/packages/patches/openssl-c-rehash.patch			\
   gnu/packages/patches/openssl-c-rehash-in.patch		\
   gnu/packages/patches/orpheus-cast-errors-and-includes.patch	\
   gnu/packages/patches/ots-no-include-missing-file.patch	\
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index 7e3f293817..34f391e5fa 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -208,9 +208,8 @@ applications should be.")
 
 (define-public graphite2
   (package
-   (replacement graphite2-1.3.6)
    (name "graphite2")
-   (version "1.3.5")
+   (version "1.3.6")
    (source
      (origin
        (method url-fetch)
@@ -218,8 +217,8 @@ applications should be.")
                            version ".tar.gz"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
-         (base32
-           "0jrjb56zim57xg2pckfdyrw46c624mqz9zywgwza0g1bxg26940w"))))
+        (base32
+         "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s"))))
    (build-system cmake-build-system)
    (native-inputs
     `(("python" ,python-2) ; because of "import imap" in tests
@@ -235,21 +234,6 @@ and returns a sequence of positioned glyphids from the font.")
    (license license:lgpl2.1+)
    (home-page "https://github.com/silnrsi/graphite")))
 
-(define graphite2-1.3.6
-  (package
-    (inherit graphite2)
-    (replacement #f)
-    (source
-     (let ((name "graphite2") (version "1.3.6"))
-       (origin
-         (method url-fetch)
-         (uri (string-append "https://github.com/silnrsi/graphite/archive/"
-                             version ".tar.gz"))
-         (file-name (string-append name "-" version ".tar.gz"))
-         (sha256
-          (base32
-           "1frd9mjaqzvh9gs74ngc43igi53vzjzlwr5chbrs6ii1hc4aa23s")))))))
-
 (define-public potrace
   (package
     (name "potrace")
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index bc69af5a9e..16a1a6162d 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -61,14 +61,15 @@
     (name "dbus")
     (version "1.10.0")
     (source (origin
-              ;; TODO: Apply patch from DBUS/ACTIVATION below.
               (method url-fetch)
               (uri (string-append
                     "https://dbus.freedesktop.org/releases/dbus/dbus-"
                     version ".tar.gz"))
               (sha256
                (base32
-                "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx"))))
+                "0jwj7wlrhq5y0fwfh8k2d9rgdpfax06lj8698g6iqbwrzd2rgyqx"))
+              (patches
+               (list (search-patch "dbus-helper-search-path.patch")))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -126,17 +127,6 @@ or through unencrypted TCP/IP suitable for use behind a firewall with
 shared NFS home directories.")
     (license license:gpl2+)))                     ; or Academic Free License 2.1
 
-(define-public dbus/activation
-  ;; D-Bus with a patch to fix service activation.
-  ;; TODO: Merge with DBUS above.
-  (package
-    (inherit dbus)
-    (version (string-append (package-version dbus) ".a"))
-    (source (origin
-              (inherit (package-source dbus))
-              (patches
-               (list (search-patch "dbus-helper-search-path.patch")))))))
-
 (define glib
   (package
    (name "glib")
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index f62c254447..d3865fbe66 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1581,7 +1581,6 @@ from the module-init-tools project.")
 
 (define-public eudev
   ;; The post-systemd fork, maintained by Gentoo.
-  ;; TODO: Merge with 'eudev-with-blkid' below at an opportune time.
   (package
     (name "eudev")
     (version "3.1.5")
@@ -1600,7 +1599,11 @@ from the module-init-tools project.")
        ("perl" ,perl)
        ("gperf" ,gperf)))
     (inputs
-     `(("kmod" ,kmod)))
+     ;; When linked against libblkid, eudev can populate /dev/disk/by-label
+     ;; and similar; it also installs the '60-persistent-storage.rules' file,
+     ;; which contains the rules to do that.
+     `(("util-linux" ,util-linux)                 ;for blkid
+       ("kmod" ,kmod)))
     (home-page "https://wiki.gentoo.org/wiki/Project:Eudev")
     (synopsis "Userspace device management")
     (description "Udev is a daemon which dynamically creates and removes
@@ -1608,18 +1611,6 @@ device nodes from /dev/, handles hotplug events and loads drivers at boot
 time.")
     (license license:gpl2+)))
 
-(define-public eudev-with-blkid
-  ;; TODO: Merge with 'eudev' above at an opportune time.
-  (package
-    (inherit eudev)
-    (name "eudev-with-blkid")
-    (inputs
-     ;; When linked against libblkid, eudev can populate /dev/disk/by-label
-     ;; and similar; it also installs the '60-persistent-storage.rules' file,
-     ;; which contains the rules to do that.
-     `(("util-linux" ,util-linux)                 ;for blkid
-       ,@(package-inputs eudev)))))
-
 (define-public lvm2
   (package
     (name "lvm2")
diff --git a/gnu/packages/patches/openssl-c-rehash.patch b/gnu/packages/patches/openssl-c-rehash.patch
deleted file mode 100644
index f873a9af23..0000000000
--- a/gnu/packages/patches/openssl-c-rehash.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-This patch removes the explicit reference to the 'perl' binary,
-such that OpenSSL does not retain a reference to Perl.
-
-The 'c_rehash' program is seldom used, but it is used nonetheless
-to create symbolic links to certificates, for instance in the 'nss-certs'
-package.
-
---- openssl-1.0.2d/tools/c_rehash	2015-09-09 18:36:07.313316482 +0200
-+++ openssl-1.0.2d/tools/c_rehash	2015-09-09 18:36:28.965458458 +0200
-@@ -1,4 +1,6 @@
--#!/usr/bin/perl
-+eval '(exit $?0)' && eval 'exec perl -wS "$0" ${1+"$@"}'
-+  & eval 'exec perl -wS "$0" $argv:q'
-+    if 0;
- 
- # Perl c_rehash script, scan all files in a directory
- # and add symbolic links to their hash values.
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index fb42735495..9bbcc8ffa4 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -38,7 +38,6 @@
 (define-public perl
   ;; Yeah, Perl...  It is required early in the bootstrap process by Linux.
   (package
-    (replacement perl-fixed)
     (name "perl")
     (version "5.22.1")
     (source (origin
@@ -54,7 +53,8 @@
                              "perl-source-date-epoch.patch"
                              "perl-deterministic-ordering.patch"
                              "perl-no-build-time.patch"
-                             "perl-CVE-2015-8607.patch")))))
+                             "perl-CVE-2015-8607.patch"
+                             "perl-CVE-2016-2381.patch")))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f
@@ -116,28 +116,6 @@
     (home-page "http://www.perl.org/")
     (license gpl1+)))                          ; or "Artistic"
 
-(define perl-fixed
-  (package
-    (inherit perl)
-    (replacement #f)
-    (source
-      (let ((name "perl") (version "5.22.1"))
-        (origin
-          (method url-fetch)
-          (uri (string-append "http://www.cpan.org/src/5.0/perl-"
-                              version ".tar.gz"))
-          (sha256
-           (base32
-            "09wg24w5syyafyv87l6z8pxwz4bjgcdj996bx5844k6m9445sirb"))
-          (patches (map search-patch
-                        '("perl-no-sys-dirs.patch"
-                          "perl-autosplit-default-time.patch"
-                          "perl-source-date-epoch.patch"
-                          "perl-deterministic-ordering.patch"
-                          "perl-no-build-time.patch"
-                          "perl-CVE-2015-8607.patch"
-                          "perl-CVE-2016-2381.patch"))))))))
-
 (define-public perl-algorithm-c3
   (package
     (name "perl-algorithm-c3")
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index b6bf2578ea..d6225f7592 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -179,22 +179,21 @@ required structures.")
 
 (define-public openssl
   (package
-   (replacement openssl-1.0.2g)
    (name "openssl")
-   (version "1.0.2f")
+   (version "1.0.2g")
    (source (origin
-            (method url-fetch)
-            (uri (list (string-append "ftp://ftp.openssl.org/source/"
-                                      name "-" version ".tar.gz")
-                       (string-append "ftp://ftp.openssl.org/source/old/"
-                                      (string-trim-right version char-set:letter)
-                                      "/" name "-" version ".tar.gz")))
-            (sha256
-             (base32
-              "171fkdg9v6j29d962nh6kb79kfm8kkhy7n9makw39d7jvvj4wawk"))
-            (patches (map search-patch
-                          '("openssl-runpath.patch"
-                            "openssl-c-rehash.patch")))))
+             (method url-fetch)
+             (uri (list (string-append "ftp://ftp.openssl.org/source/"
+                                       name "-" version ".tar.gz")
+                        (string-append "ftp://ftp.openssl.org/source/old/"
+                                       (string-trim-right version char-set:letter)
+                                       "/" name "-" version ".tar.gz")))
+             (sha256
+              (base32
+               "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
+             (patches (map search-patch
+                           '("openssl-runpath.patch"
+                             "openssl-c-rehash-in.patch")))))
    (build-system gnu-build-system)
    (native-inputs `(("perl" ,perl)))
    (arguments
@@ -283,60 +282,6 @@ required structures.")
    (license license:openssl)
    (home-page "http://www.openssl.org/")))
 
-(define openssl-1.0.2g
-  (package
-    (inherit openssl)
-    (replacement #f)
-    (source
-     (let ((name "openssl") (version "1.0.2g"))
-       (origin
-         (method url-fetch)
-         (uri (list (string-append "ftp://ftp.openssl.org/source/"
-                                   name "-" version ".tar.gz")
-                    (string-append "ftp://ftp.openssl.org/source/old/"
-                                   (string-trim-right version char-set:letter)
-                                   "/" name "-" version ".tar.gz")))
-         (sha256
-          (base32
-           "0cxajjayi859czi545ddafi24m9nwsnjsw4q82zrmqvwj2rv315p"))
-         (patches (map search-patch
-                       '("openssl-runpath.patch"
-                         "openssl-c-rehash-in.patch"))))))
-    (arguments
-     (substitute-keyword-arguments (package-arguments openssl)
-       ((#:phases phases)
-        `(modify-phases ,phases
-           (replace 'configure
-             (lambda* (#:key outputs #:allow-other-keys)
-               (let ((out (assoc-ref outputs "out")))
-                 (zero?
-                  (system*
-                   "./config"
-
-                   ;; XXX TEMPORARY, FOR GRAFTING ONLY
-                   ;;     Enable ssl2 code to preserve
-                   ;;     ABI compatibility with 1.0.2f
-                   "enable-ssl2"
-
-                   "shared"             ;build shared libraries
-                   "--libdir=lib"
-
-                   ;; The default for this catch-all directory is
-                   ;; PREFIX/ssl.  Change that to something more
-                   ;; conventional.
-                   (string-append "--openssldir=" out
-                                  "/share/openssl-" ,(package-version openssl))
-
-                   (string-append "--prefix=" out)
-
-                   ;; XXX FIXME: Work around a code generation bug in GCC
-                   ;; 4.9.3 on ARM when compiled with -mfpu=neon.  See:
-                   ;; <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66917>
-                   ,@(if (and (not (%current-target-system))
-                              (string-prefix? "armhf" (%current-system)))
-                         '("-mfpu=vfpv3")
-                         '()))))))))))))
-
 (define-public libressl
   (package
     (name "libressl")
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 9b3dc73831..545fe60b1a 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -29,7 +29,7 @@
   #:use-module (gnu system file-systems)          ; 'file-system', etc.
   #:use-module (gnu packages admin)
   #:use-module ((gnu packages linux)
-                #:select (eudev-with-blkid kbd e2fsprogs lvm2 fuse alsa-utils crda gpm))
+                #:select (eudev kbd e2fsprogs lvm2 fuse alsa-utils crda gpm))
   #:use-module ((gnu packages base)
                 #:select (canonical-package glibc))
   #:use-module (gnu packages package-management)
@@ -1170,7 +1170,7 @@ item of @var{packages}."
                               (udev udev)
                               (rules (append initial-rules rules)))))))))
 
-(define* (udev-service #:key (udev eudev-with-blkid) (rules '()))
+(define* (udev-service #:key (udev eudev) (rules '()))
   "Run @var{udev}, which populates the @file{/dev} directory dynamically.  Get
 extra rules from the packages listed in @var{rules}."
   (service udev-service-type
diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm
index 88a840a4b5..9a4a13d41d 100644
--- a/gnu/services/dbus.scm
+++ b/gnu/services/dbus.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -21,7 +21,7 @@
   #:use-module (gnu services)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system shadow)
-  #:use-module ((gnu packages glib) #:select (dbus/activation))
+  #:use-module ((gnu packages glib) #:select (dbus))
   #:use-module (gnu packages admin)
   #:use-module (guix gexp)
   #:use-module (guix records)
@@ -38,7 +38,7 @@
   dbus-configuration make-dbus-configuration
   dbus-configuration?
   (dbus      dbus-configuration-dbus              ;<package>
-             (default dbus/activation))
+             (default dbus))
   (services  dbus-configuration-services          ;list of <package>
              (default '())))
 
@@ -198,7 +198,7 @@ includes the @code{etc/dbus-1/system.d} directories of each package listed in
                             (append (dbus-configuration-services config)
                                     services)))))))
 
-(define* (dbus-service #:key (dbus dbus/activation) (services '()))
+(define* (dbus-service #:key (dbus dbus) (services '()))
   "Return a service that runs the \"system bus\", using @var{dbus}, with
 support for @var{services}.
 
diff --git a/gnu/system.scm b/gnu/system.scm
index 5be24ba586..9b16011d1d 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -374,7 +374,7 @@ explicitly appear in OS."
 
          ;; Get 'insmod' & co. from kmod, not module-init-tools, since udev
          ;; already depends on it anyway.
-         kmod eudev-with-blkid
+         kmod eudev
 
          e2fsprogs kbd