me
/
guix
Archived
1
0
Fork 0

Merge remote-tracking branch 'origin/wip-ungrafting' into HEAD

master
Maxim Cournoyer 2021-04-23 21:32:22 -04:00
commit 87c0d6265c
No known key found for this signature in database
GPG Key ID: 1260E46482E63562
5 changed files with 14 additions and 106 deletions

View File

@ -44,8 +44,8 @@
version ".tar.gz")))
(sha256 (base32
"1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))
(patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"))))
(replacement cyrus-sasl/fixed)
(patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"
"cyrus-sasl-CVE-2019-19906.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)
@ -81,20 +81,3 @@ server writers.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "https://cyrusimap.org/sasl/")))
(define cyrus-sasl/fixed
(package
(inherit cyrus-sasl)
(version "2.1.27")
(source (origin
(method url-fetch)
(uri (list (string-append
"https://cyrusimap.org/releases/cyrus-sasl-"
version ".tar.gz")
(string-append
"ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
version ".tar.gz")))
(sha256 (base32
"1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))
(patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"
"cyrus-sasl-CVE-2019-19906.patch"))))))

View File

@ -3221,10 +3221,10 @@ the GNOME desktop environment.")
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(patches (search-patches "libcroco-CVE-2020-12825.patch"))
(sha256
(base32
"1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn"))))
(replacement libcroco/fixed)
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@ -3243,21 +3243,6 @@ XML/CSS rendering engine.")
;; LGPLv2.1-only.
(license license:lgpl2.1)))
(define libcroco/fixed
(package
(inherit libcroco)
(name "libcroco")
(version "0.6.13")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(sha256
(base32
"1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn"))
(patches (search-patches "libcroco-CVE-2020-12825.patch"))))))
(define-public libgsf
(package
(name "libgsf")

View File

@ -125,11 +125,12 @@ tools have full access to view and control running applications.")
(package
(name "cairo")
(version "1.16.0")
(replacement cairo/fixed)
(source (origin
(method url-fetch)
(uri (string-append "https://cairographics.org/releases/cairo-"
version ".tar.xz"))
(patches (search-patches "cairo-CVE-2018-19876.patch"
"cairo-CVE-2020-35492.patch"))
(sha256
(base32
"0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy"))))
@ -176,15 +177,6 @@ affine transformation (scale, rotation, shear, etc.).")
(license license:lgpl2.1) ; or Mozilla Public License 1.1
(home-page "https://cairographics.org/")))
(define cairo/fixed
(package
(inherit cairo)
(source (origin
(inherit (package-source cairo))
(patches (append (search-patches "cairo-CVE-2018-19876.patch"
"cairo-CVE-2020-35492.patch")
(origin-patches (package-source cairo))))))))
(define-public cairo-sans-poppler
;; Variant used to break the dependency cycle between Poppler and Cairo.
(package/inherit cairo
@ -567,12 +559,12 @@ highlighting and other features typical of a source code editor.")
(package
(name "gdk-pixbuf")
(version "2.40.0")
(replacement gdk-pixbuf/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
(patches (search-patches "gdk-pixbuf-CVE-2020-29385.patch"))
(sha256
(base32
"1rnlx9yfw970maxi2x6niaxmih5la11q1ilr7gzshz2kk585k0hm"))))
@ -624,15 +616,6 @@ in the GNOME project.")
(license license:lgpl2.0+)
(home-page "https://developer.gnome.org/gdk-pixbuf/")))
(define gdk-pixbuf/fixed
(package
(inherit gdk-pixbuf)
(source (origin
(inherit (package-source gdk-pixbuf))
(patches
(append (search-patches "gdk-pixbuf-CVE-2020-29385.patch")
(origin-patches (package-source gdk-pixbuf))))))))
;; To build gdk-pixbuf with SVG support, we need librsvg, and librsvg depends
;; on gdk-pixbuf, so this new varibale. Also, librsvg adds 90MiB to the
;; closure size.

View File

@ -107,7 +107,6 @@
(define-public python-2.7
(package
(name "python2")
(replacement python-2.7/fixed)
(version "2.7.17")
(source
(origin
@ -122,7 +121,8 @@
"python-2.7-site-prefixes.patch"
"python-2.7-source-date-epoch.patch"
"python-2.7-adjust-tests.patch"
"python-cross-compile.patch"))
"python-cross-compile.patch"
"python-2.7-CVE-2021-3177.patch"))
(modules '((guix build utils)))
(snippet
'(begin
@ -351,14 +351,6 @@ data types.")
(properties '((cpe-name . "python")))
(license license:psfl)))
(define python-2.7/fixed
(package
(inherit python-2.7)
(source (origin
(inherit (package-source python-2.7))
(patches (append (search-patches "python-2.7-CVE-2021-3177.patch")
(origin-patches (package-source python-2.7))))))))
;; Current 2.x version.
(define-public python-2 python-2.7)
@ -373,7 +365,6 @@ data types.")
(define-public python-3.8
(package (inherit python-2)
(name "python")
(replacement python-3.8/fixed)
(version "3.8.2")
(source (origin
(method url-fetch)
@ -381,6 +372,7 @@ data types.")
version "/Python-" version ".tar.xz"))
(patches (search-patches
"python-CVE-2020-26116.patch"
"python-3.8-CVE-2021-3177.patch"
"python-3-fix-tests.patch"
"python-3.8-fix-tests.patch"
"python-3-deterministic-build-info.patch"
@ -531,14 +523,6 @@ data types.")
(version-major+minor version)
"/site-packages"))))))))
(define python-3.8/fixed
(package
(inherit python-3.8)
(source (origin
(inherit (package-source python-3.8))
(patches (append (search-patches "python-3.8-CVE-2021-3177.patch")
(origin-patches (package-source python-3.8))))))))
(define-public python-3.9
(package (inherit python-3.8)
(name "python-next")

View File

@ -165,7 +165,6 @@ living in the same process.")
(package
(name "gnutls")
(version "3.6.15")
(replacement gnutls/fixed)
(source (origin
(method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the
@ -174,7 +173,9 @@ living in the same process.")
(version-major+minor version)
"/gnutls-" version ".tar.xz"))
(patches (search-patches "gnutls-skip-trust-store-test.patch"
"gnutls-cross.patch"))
"gnutls-cross.patch"
"gnutls-CVE-2021-20231.patch"
"gnutls-CVE-2021-20232.patch"))
(sha256
(base32
"0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
@ -257,15 +258,6 @@ required structures.")
(properties '((ftp-server . "ftp.gnutls.org")
(ftp-directory . "/gcrypt/gnutls")))))
(define gnutls/fixed
(package
(inherit gnutls)
(source (origin
(inherit (package-source gnutls))
(patches (append (search-patches "gnutls-CVE-2021-20231.patch"
"gnutls-CVE-2021-20232.patch")
(origin-patches (package-source gnutls))))))))
(define-public gnutls/guile-2.0
;; GnuTLS for Guile 2.0.
(package/inherit gnutls
@ -296,8 +288,7 @@ required structures.")
(define-public openssl
(package
(name "openssl")
(replacement openssl/fixed)
(version "1.1.1i")
(version "1.1.1j")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
@ -310,7 +301,7 @@ required structures.")
(patches (search-patches "openssl-1.1-c-rehash-in.patch"))
(sha256
(base32
"0hjj1phcwkz69lx1lrvr9grhpl4y529mwqycqc1hdla1zqsnmgp8"))))
"1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma"))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;6.8 MiB of man3 pages and full HTML documentation
@ -431,24 +422,6 @@ required structures.")
(license license:openssl)
(home-page "https://www.openssl.org/")))
(define-public openssl/fixed
(package
(inherit openssl)
(version "1.1.1k")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/"
"openssl-" version ".tar.gz")
(string-append "ftp://ftp.openssl.org/source/old/"
(string-trim-right version char-set:letter)
"/openssl-" version ".tar.gz")))
(patches (search-patches "openssl-1.1-c-rehash-in.patch"))
(sha256
(base32
"1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"))))))
(define-public openssl-1.0
(package
(inherit openssl)