[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.
|
From: |
Ludovic Courtès |
|
Subject: |
Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366. |
|
Date: |
Mon, 03 Jul 2017 12:14:52 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Hi,
Mark H Weaver <address@hidden> skribis:
> address@hidden (Ludovic Courtès) writes:
>
>> First, we could mark the ‘replacement’ field as “innate”, which means it
>> will never be inherited (like the ‘location’ field.) Like you, I can’t
>> think of a situation where inheriting the replacement makes sense.
>
> I think we should do this. It's not a complete solution, but it would
> be a step in the right direction.
I’ll push the attached patch if that’s fine with you.
It has the desired effect:
--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> ,use(guix)
scheme@(guile-user)> ,use(gnu packages base)
scheme@(guile-user)> (package-replacement glibc)
$1 = #<package address@hidden gnu/packages/base.scm:906 2f69780>
scheme@(guile-user)> (package-replacement glibc-locales)
$2 = #f
scheme@(guile-user)> (package-replacement glibc-2.24)
$3 = #f
scheme@(guile-user)> ,optimize (package (inherit glibc) (name "foo"))
$4 = (make-struct/no-tail
(@@ (guix packages) <package>)
"foo"
(struct-ref
((@@ (gnu packages base) glibc-for-target))
1)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
2)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
3)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
4)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
5)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
6)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
7)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
8)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
9)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
10)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
11)
(lambda () #f) ; <——— ‘replacement’ field
(struct-ref
((@@ (gnu packages base) glibc-for-target))
13)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
14)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
15)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
16)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
17)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
18)
(struct-ref
((@@ (gnu packages base) glibc-for-target))
19)
((@@ (guix packages) and=>)
'((line . 5) (column . 10) (filename . #f))
(@@ (guix packages) source-properties->location)))
--8<---------------cut here---------------end--------------->8---
Thanks,
Ludo’.
>From 59c12882e6954b17750c617abddf4997a9bcbfa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <address@hidden>
Date: Mon, 3 Jul 2017 12:07:23 +0200
Subject: [PATCH] packages: Mark 'replacement' as an "innate" field.
Suggested by Mark H Weaver
at <https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00355.html>.
* guix/packages.scm (<package>)[replacement]: Mark as "innate".
* gnu/packages/base.scm (glibc-2.25-patched, glibc-2.24)
(glibc-2.23, glibc-2.22, glibc-2.21, glibc-locales): Remove
'replacement' field, which was set to #f.
* gnu/packages/commencement.scm (perl-boot0): Likewise.
* gnu/packages/fontutils.scm (graphite2/fixed): Likewise.
* gnu/packages/ghostscript.scm (ghostscript/fixed): Likewise.
* gnu/packages/gnupg.scm (libgcrypt-1.7.8): Likewise.
* gnu/packages/guile.scm (guile-2.0/fixed, guile-2.2): Likewise.
* gnu/packages/icu4c.scm (icu4c/fixed): Likewise.
* gnu/packages/image.scm (libpng-apng): Likewise.
* gnu/packages/make-bootstrap.scm (%guile-static): Likewise.
* gnu/packages/pcre.scm (pcre/fixed): Likewise.
* gnu/packages/perl.scm (perl/fixed): Likewise.
* gnu/packages/ruby.scm (ruby-2.3, ruby-2.2, ruby-2.1)
(ruby-1.8): Likewise.
* gnu/packages/tls.scm (gnutls-3.5.13, gnutls/guile-2.2): Likewise.
* gnu/packages/xml.scm (expat-2.2.1): Likewise.
---
gnu/packages/base.scm | 6 ------
gnu/packages/commencement.scm | 1 -
gnu/packages/fontutils.scm | 1 -
gnu/packages/ghostscript.scm | 1 -
gnu/packages/gnupg.scm | 2 --
gnu/packages/guile.scm | 4 +---
gnu/packages/icu4c.scm | 1 -
gnu/packages/image.scm | 1 -
gnu/packages/make-bootstrap.scm | 1 -
gnu/packages/pcre.scm | 1 -
gnu/packages/perl.scm | 1 -
gnu/packages/ruby.scm | 4 ----
gnu/packages/tls.scm | 2 --
gnu/packages/xml.scm | 1 -
guix/packages.scm | 5 ++++-
15 files changed, 5 insertions(+), 27 deletions(-)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 979d65795..81f8b3c8d 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -905,7 +905,6 @@ GLIBC/HURD for a Hurd host"
(define glibc-2.25-patched
(package
(inherit glibc)
- (replacement #f)
(source (origin
(inherit (package-source glibc))
(patches (search-patches "glibc-ldd-x86_64.patch"
@@ -923,7 +922,6 @@ GLIBC/HURD for a Hurd host"
(package
(inherit glibc)
(version "2.24")
- (replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
@@ -943,7 +941,6 @@ GLIBC/HURD for a Hurd host"
(package
(inherit glibc)
(version "2.23")
- (replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
@@ -963,7 +960,6 @@ GLIBC/HURD for a Hurd host"
(package
(inherit glibc)
(version "2.22")
- (replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
@@ -991,7 +987,6 @@ GLIBC/HURD for a Hurd host"
(package
(inherit glibc-2.22)
(version "2.21")
- (replacement #f)
(source (origin
(inherit (package-source glibc-2.22))
(uri (string-append "mirror://gnu/glibc/glibc-"
@@ -1004,7 +999,6 @@ GLIBC/HURD for a Hurd host"
(package
(inherit glibc)
(name "glibc-locales")
- (replacement #f)
(source (origin (inherit (package-source glibc))
(patches (cons (search-patch "glibc-locales.patch")
(origin-patches (package-source glibc))))))
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 069ffba88..54cf89bf4 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -294,7 +294,6 @@
(let ((perl (package
(inherit perl)
(name "perl-boot0")
- (replacement #f)
(arguments
;; At the very least, this must not depend on GCC & co.
(let ((args `(#:disallowed-references
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index efea81dc1..75736a73d 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -415,7 +415,6 @@ and returns a sequence of positioned glyphids from the
font.")
(package
(inherit graphite2)
(name "graphite2")
- (replacement #f)
(source
(origin
(method url-fetch)
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 1cb651c96..dc5dbcc85 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -219,7 +219,6 @@ output file formats and printers.")
(define ghostscript/fixed
(package
(inherit ghostscript)
- (replacement #f)
(source
(origin
(inherit (package-source ghostscript))
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 4ddf13dcc..e71ec8dce 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -119,7 +119,6 @@ generation.")
(define libgcrypt-1.7.8
(package
(inherit libgcrypt)
- (replacement #f)
(version "1.7.8")
(source (origin
(method url-fetch)
@@ -131,7 +130,6 @@ generation.")
(define-public libgcrypt-1.5
(package (inherit libgcrypt)
- (replacement #f)
(version "1.5.6")
(source
(origin
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 6bff34342..d79094e1e 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -217,14 +217,12 @@ without requiring the source code to be rewritten.")
;; in the `base' module, and thus changing it entails a full rebuild.
(package
(inherit guile-2.0)
- (properties '((hidden? . #t))) ;people should install 'guile-2.0'
- (replacement #f)))
+ (properties '((hidden? . #t))))) ;people should install 'guile-2.0'
(define-public guile-2.2
(package (inherit guile-2.0)
(name "guile")
(version "2.2.2")
- (replacement #f)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/guile/guile-" version
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 3e9652005..224319f84 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -71,7 +71,6 @@ C/C++ part.")
(define icu4c/fixed
(package
(inherit icu4c)
- (replacement #f)
(source (origin
(inherit (package-source icu4c))
(patches
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 504df60fb..8a03cbc3c 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -94,7 +94,6 @@ library. It supports almost all PNG features and is
extensible.")
(define-public libpng-apng
(package
(inherit libpng)
- (replacement #f) ;libpng's replacement doesn't apply here
(name "libpng-apng")
(version (package-version libpng))
(arguments
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index 9efe338a1..844b110eb 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -509,7 +509,6 @@ for `sh' in $PATH, and without nscd, and with static NSS
modules."
(patches patches)))
(guile (package (inherit guile-2.0)
(name (string-append (package-name guile-2.0) "-static"))
- (replacement #f)
(source source)
(synopsis "Statically-linked and relocatable Guile")
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 58beab0a9..67a8db1c7 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -75,7 +75,6 @@ POSIX regular expression API.")
(define pcre/fixed
(package
(inherit pcre)
- (replacement #f)
(source (origin
(inherit (package-source pcre))
(patches (search-patches "pcre-CVE-2017-7186.patch"))))))
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 6da4bb13f..6a59e6bf8 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -151,7 +151,6 @@
(define perl/fixed
(package
(inherit perl)
- (replacement #f)
(source
(origin
(inherit (package-source perl))
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 7680f4eae..7eba68444 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -106,7 +106,6 @@ a focus on simplicity and productivity.")
(package
(inherit ruby)
(version "2.3.4")
- (replacement #f)
(source
(origin
(method url-fetch)
@@ -124,7 +123,6 @@ a focus on simplicity and productivity.")
(define-public ruby-2.2
(package (inherit ruby)
- (replacement #f)
(version "2.2.7")
(source
(origin
@@ -138,7 +136,6 @@ a focus on simplicity and productivity.")
(define-public ruby-2.1
(package (inherit ruby)
- (replacement #f)
(version "2.1.10")
(source
(origin
@@ -172,7 +169,6 @@ a focus on simplicity and productivity.")
(define-public ruby-1.8
(package (inherit ruby)
- (replacement #f)
(version "1.8.7-p374")
(source
(origin
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 9198bae02..f80f7d3bc 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -222,7 +222,6 @@ required structures.")
;; We use 'D' instead of '13' here to keep the store file name at
;; the same length. See <https://bugs.gnu.org/27308>.
(version "3.5.D")
- (replacement #f)
(source (origin
(method url-fetch)
(uri
@@ -240,7 +239,6 @@ required structures.")
;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5.
(package
(inherit gnutls)
- (replacement #f)
(source (package-source gnutls-3.5.13))
(name "guile2.2-gnutls")
(arguments
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 2b471e80d..67d6c8e8d 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -79,7 +79,6 @@ things the parser might find in the XML document (like start
tags).")
(package
(inherit expat)
(version "2.2.1")
- (replacement #f)
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/expat/expat/"
diff --git a/guix/packages.scm b/guix/packages.scm
index 464fc433b..f60303404 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -269,8 +269,11 @@ name of its URI."
; inputs
(native-search-paths package-native-search-paths (default '()))
(search-paths package-search-paths (default '()))
+
+ ;; The 'replacement' field is marked as "innate" because it never makes
+ ;; sense to inherit a replacement as is. See the 'package/inherit' macro.
(replacement package-replacement ; package | #f
- (default #f) (thunked))
+ (default #f) (thunked) (innate))
(synopsis package-synopsis) ; one-line description
(description package-description) ; one or two paragraphs
--
2.13.2