From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366. Date: Mon, 03 Jul 2017 12:14:52 +0200 Message-ID: <87r2xxrfmr.fsf@gnu.org> References: <20170629200450.17825.10767@vcs0.savannah.gnu.org> <20170629200450.E946620FFF@vcs0.savannah.gnu.org> <87k23tpk4d.fsf@netris.org> <87h8ywb12p.fsf@gnu.org> <877ezsnk1b.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58670) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dRyNg-00027r-65 for guix-devel@gnu.org; Mon, 03 Jul 2017 06:15:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dRyNc-0002TF-Vl for guix-devel@gnu.org; Mon, 03 Jul 2017 06:15:00 -0400 In-Reply-To: <877ezsnk1b.fsf@netris.org> (Mark H. Weaver's message of "Sat, 01 Jul 2017 13:28:48 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Mark H Weaver Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Mark H Weaver skribis: > ludo@gnu.org (Ludovic Court=C3=A8s) writes: > >> First, we could mark the =E2=80=98replacement=E2=80=99 field as =E2=80= =9Cinnate=E2=80=9D, which means it >> will never be inherited (like the =E2=80=98location=E2=80=99 field.) Li= ke you, I can=E2=80=99t >> think of a situation where inheriting the replacement makes sense. > > I think we should do this. It's not a complete solution, but it would > be a step in the right direction. I=E2=80=99ll push the attached patch if that=E2=80=99s fine with you. It has the desired effect: --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> ,use(guix) scheme@(guile-user)> ,use(gnu packages base) scheme@(guile-user)> (package-replacement glibc) $1 =3D # scheme@(guile-user)> (package-replacement glibc-locales) $2 =3D #f scheme@(guile-user)> (package-replacement glibc-2.24) $3 =3D #f scheme@(guile-user)> ,optimize (package (inherit glibc) (name "foo")) $4 =3D (make-struct/no-tail (@@ (guix packages) ) "foo" (struct-ref ((@@ (gnu packages base) glibc-for-target)) 1) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 2) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 3) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 4) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 5) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 6) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 7) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 8) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 9) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 10) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 11) (lambda () #f) ; <=E2=80=94=E2=80=94=E2=80=94 =E2=80=98replacement=E2= =80=99 field (struct-ref ((@@ (gnu packages base) glibc-for-target)) 13) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 14) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 15) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 16) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 17) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 18) (struct-ref ((@@ (gnu packages base) glibc-for-target)) 19) ((@@ (guix packages) and=3D>) '((line . 5) (column . 10) (filename . #f)) (@@ (guix packages) source-properties->location))) --8<---------------cut here---------------end--------------->8--- Thanks, Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-packages-Mark-replacement-as-an-innate-field.patch Content-Description: the patch >From 59c12882e6954b17750c617abddf4997a9bcbfa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 3 Jul 2017 12:07:23 +0200 Subject: [PATCH] packages: Mark 'replacement' as an "innate" field. Suggested by Mark H Weaver at . * guix/packages.scm ()[replacement]: Mark as "innate". * gnu/packages/base.scm (glibc-2.25-patched, glibc-2.24) (glibc-2.23, glibc-2.22, glibc-2.21, glibc-locales): Remove 'replacement' field, which was set to #f. * gnu/packages/commencement.scm (perl-boot0): Likewise. * gnu/packages/fontutils.scm (graphite2/fixed): Likewise. * gnu/packages/ghostscript.scm (ghostscript/fixed): Likewise. * gnu/packages/gnupg.scm (libgcrypt-1.7.8): Likewise. * gnu/packages/guile.scm (guile-2.0/fixed, guile-2.2): Likewise. * gnu/packages/icu4c.scm (icu4c/fixed): Likewise. * gnu/packages/image.scm (libpng-apng): Likewise. * gnu/packages/make-bootstrap.scm (%guile-static): Likewise. * gnu/packages/pcre.scm (pcre/fixed): Likewise. * gnu/packages/perl.scm (perl/fixed): Likewise. * gnu/packages/ruby.scm (ruby-2.3, ruby-2.2, ruby-2.1) (ruby-1.8): Likewise. * gnu/packages/tls.scm (gnutls-3.5.13, gnutls/guile-2.2): Likewise. * gnu/packages/xml.scm (expat-2.2.1): Likewise. --- gnu/packages/base.scm | 6 ------ gnu/packages/commencement.scm | 1 - gnu/packages/fontutils.scm | 1 - gnu/packages/ghostscript.scm | 1 - gnu/packages/gnupg.scm | 2 -- gnu/packages/guile.scm | 4 +--- gnu/packages/icu4c.scm | 1 - gnu/packages/image.scm | 1 - gnu/packages/make-bootstrap.scm | 1 - gnu/packages/pcre.scm | 1 - gnu/packages/perl.scm | 1 - gnu/packages/ruby.scm | 4 ---- gnu/packages/tls.scm | 2 -- gnu/packages/xml.scm | 1 - guix/packages.scm | 5 ++++- 15 files changed, 5 insertions(+), 27 deletions(-) diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 979d65795..81f8b3c8d 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -905,7 +905,6 @@ GLIBC/HURD for a Hurd host" (define glibc-2.25-patched (package (inherit glibc) - (replacement #f) (source (origin (inherit (package-source glibc)) (patches (search-patches "glibc-ldd-x86_64.patch" @@ -923,7 +922,6 @@ GLIBC/HURD for a Hurd host" (package (inherit glibc) (version "2.24") - (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -943,7 +941,6 @@ GLIBC/HURD for a Hurd host" (package (inherit glibc) (version "2.23") - (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -963,7 +960,6 @@ GLIBC/HURD for a Hurd host" (package (inherit glibc) (version "2.22") - (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -991,7 +987,6 @@ GLIBC/HURD for a Hurd host" (package (inherit glibc-2.22) (version "2.21") - (replacement #f) (source (origin (inherit (package-source glibc-2.22)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -1004,7 +999,6 @@ GLIBC/HURD for a Hurd host" (package (inherit glibc) (name "glibc-locales") - (replacement #f) (source (origin (inherit (package-source glibc)) (patches (cons (search-patch "glibc-locales.patch") (origin-patches (package-source glibc)))))) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 069ffba88..54cf89bf4 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -294,7 +294,6 @@ (let ((perl (package (inherit perl) (name "perl-boot0") - (replacement #f) (arguments ;; At the very least, this must not depend on GCC & co. (let ((args `(#:disallowed-references diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index efea81dc1..75736a73d 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -415,7 +415,6 @@ and returns a sequence of positioned glyphids from the font.") (package (inherit graphite2) (name "graphite2") - (replacement #f) (source (origin (method url-fetch) diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index 1cb651c96..dc5dbcc85 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -219,7 +219,6 @@ output file formats and printers.") (define ghostscript/fixed (package (inherit ghostscript) - (replacement #f) (source (origin (inherit (package-source ghostscript)) diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 4ddf13dcc..e71ec8dce 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -119,7 +119,6 @@ generation.") (define libgcrypt-1.7.8 (package (inherit libgcrypt) - (replacement #f) (version "1.7.8") (source (origin (method url-fetch) @@ -131,7 +130,6 @@ generation.") (define-public libgcrypt-1.5 (package (inherit libgcrypt) - (replacement #f) (version "1.5.6") (source (origin diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm index 6bff34342..d79094e1e 100644 --- a/gnu/packages/guile.scm +++ b/gnu/packages/guile.scm @@ -217,14 +217,12 @@ without requiring the source code to be rewritten.") ;; in the `base' module, and thus changing it entails a full rebuild. (package (inherit guile-2.0) - (properties '((hidden? . #t))) ;people should install 'guile-2.0' - (replacement #f))) + (properties '((hidden? . #t))))) ;people should install 'guile-2.0' (define-public guile-2.2 (package (inherit guile-2.0) (name "guile") (version "2.2.2") - (replacement #f) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/guile/guile-" version diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm index 3e9652005..224319f84 100644 --- a/gnu/packages/icu4c.scm +++ b/gnu/packages/icu4c.scm @@ -71,7 +71,6 @@ C/C++ part.") (define icu4c/fixed (package (inherit icu4c) - (replacement #f) (source (origin (inherit (package-source icu4c)) (patches diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 504df60fb..8a03cbc3c 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -94,7 +94,6 @@ library. It supports almost all PNG features and is extensible.") (define-public libpng-apng (package (inherit libpng) - (replacement #f) ;libpng's replacement doesn't apply here (name "libpng-apng") (version (package-version libpng)) (arguments diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm index 9efe338a1..844b110eb 100644 --- a/gnu/packages/make-bootstrap.scm +++ b/gnu/packages/make-bootstrap.scm @@ -509,7 +509,6 @@ for `sh' in $PATH, and without nscd, and with static NSS modules." (patches patches))) (guile (package (inherit guile-2.0) (name (string-append (package-name guile-2.0) "-static")) - (replacement #f) (source source) (synopsis "Statically-linked and relocatable Guile") diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm index 58beab0a9..67a8db1c7 100644 --- a/gnu/packages/pcre.scm +++ b/gnu/packages/pcre.scm @@ -75,7 +75,6 @@ POSIX regular expression API.") (define pcre/fixed (package (inherit pcre) - (replacement #f) (source (origin (inherit (package-source pcre)) (patches (search-patches "pcre-CVE-2017-7186.patch")))))) diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm index 6da4bb13f..6a59e6bf8 100644 --- a/gnu/packages/perl.scm +++ b/gnu/packages/perl.scm @@ -151,7 +151,6 @@ (define perl/fixed (package (inherit perl) - (replacement #f) (source (origin (inherit (package-source perl)) diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 7680f4eae..7eba68444 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -106,7 +106,6 @@ a focus on simplicity and productivity.") (package (inherit ruby) (version "2.3.4") - (replacement #f) (source (origin (method url-fetch) @@ -124,7 +123,6 @@ a focus on simplicity and productivity.") (define-public ruby-2.2 (package (inherit ruby) - (replacement #f) (version "2.2.7") (source (origin @@ -138,7 +136,6 @@ a focus on simplicity and productivity.") (define-public ruby-2.1 (package (inherit ruby) - (replacement #f) (version "2.1.10") (source (origin @@ -172,7 +169,6 @@ a focus on simplicity and productivity.") (define-public ruby-1.8 (package (inherit ruby) - (replacement #f) (version "1.8.7-p374") (source (origin diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 9198bae02..f80f7d3bc 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -222,7 +222,6 @@ required structures.") ;; We use 'D' instead of '13' here to keep the store file name at ;; the same length. See . (version "3.5.D") - (replacement #f) (source (origin (method url-fetch) (uri @@ -240,7 +239,6 @@ required structures.") ;; GnuTLS for Guile 2.2. This is supported by GnuTLS >= 3.5.5. (package (inherit gnutls) - (replacement #f) (source (package-source gnutls-3.5.13)) (name "guile2.2-gnutls") (arguments diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 2b471e80d..67d6c8e8d 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -79,7 +79,6 @@ things the parser might find in the XML document (like start tags).") (package (inherit expat) (version "2.2.1") - (replacement #f) (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/expat/expat/" diff --git a/guix/packages.scm b/guix/packages.scm index 464fc433b..f60303404 100644 --- a/guix/packages.scm +++ b/guix/packages.scm @@ -269,8 +269,11 @@ name of its URI." ; inputs (native-search-paths package-native-search-paths (default '())) (search-paths package-search-paths (default '())) + + ;; The 'replacement' field is marked as "innate" because it never makes + ;; sense to inherit a replacement as is. See the 'package/inherit' macro. (replacement package-replacement ; package | #f - (default #f) (thunked)) + (default #f) (thunked) (innate)) (synopsis package-synopsis) ; one-line description (description package-description) ; one or two paragraphs -- 2.13.2 --=-=-=--