[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871].
From: |
Marius Bakke |
Subject: |
02/02: gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871]. |
Date: |
Sun, 11 Feb 2018 10:33:01 -0500 (EST) |
mbakke pushed a commit to branch master
in repository guix.
commit b4c9a3173dad692e3e72c55b16d17fd7163da516
Author: Marius Bakke <address@hidden>
Date: Sun Feb 11 11:46:27 2018 +0100
gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871].
* gnu/packages/check.scm (cppunit-1.14): New public variable.
* gnu/packages/libreoffice.scm (xmlsec-src-libreoffice): Remove variable.
(libreoffice): Update to 5.4.5.1.
[native-inputs]: Change CPPUNIT to CPPUNIT-1.14. Remove AUTOCONF and
AUTOMAKE.
[inputs]: Add GPGME, XMLSEC-NSS and LIBLTDL. Remove XMLSEC-SRC-LIBREOFFICE.
Replace LIBJPEG with LIBJPEG-TURBO.
[arguments]: Remove xmlsec code from PREPARE-SRC-PHASE. Make sure GPGME++
headers are found. Add workaround for <https://bugs.gentoo.org/641812>.
Add
"--disable-pdfium" to #:configure-flags.
* gnu/packages/xml.scm (xmlsec-nss): New public variable.
---
gnu/packages/check.scm | 17 +++++++++++
gnu/packages/libreoffice.scm | 70 ++++++++++++++++++++------------------------
gnu/packages/xml.scm | 12 +++++++-
3 files changed, 59 insertions(+), 40 deletions(-)
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 1276c0f..92f4935 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -157,6 +157,23 @@ unit testing. Test output is in XML for automatic testing
and GUI based for
supervised tests.")
(license license:lgpl2.1))) ; no copyright notices. LGPL2.1 is in the
tarball
+;; Some packages require this newer version of cppunit. However, it needs
+;; C++11 support, which is not enabled by default in our current GCC, and
+;; updating in-place would require adding CXXFLAGS to many dependent packages.
+;; Thus, keep as a separate variable for now.
+;; TODO: Remove this when our default GCC is updated to 6 or higher.
+(define-public cppunit-1.14
+ (package
+ (inherit cppunit)
+ (version "1.14.0")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://dev-www.libreoffice.org/src/"
+ "cppunit-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1027cyfx5gsjkdkaf6c2wnjh68882grw8n672018cj3vs9lrhmix"))))))
+
(define-public catch-framework
(package
(name "catch")
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 799b062..47dd21b 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -7,7 +7,7 @@
;;; Copyright © 2017 Tobias Geerinckx-Rice <address@hidden>
;;; Copyright © 2017 Andy Wingo <address@hidden>
;;; Copyright © 2017 Ludovic Courtès <address@hidden>
-;;; Copyright © 2017 Marius Bakke <address@hidden>
+;;; Copyright © 2017, 2018 Marius Bakke <address@hidden>
;;; Copyright © 2017 Rutger Helling <address@hidden>
;;;
;;; This file is part of GNU Guix.
@@ -54,6 +54,7 @@
#:use-module (gnu packages glib)
#:use-module (gnu packages gnome)
#:use-module (gnu packages gperf)
+ #:use-module (gnu packages gnupg)
#:use-module (gnu packages gnuzilla)
#:use-module (gnu packages gstreamer)
#:use-module (gnu packages gtk)
@@ -839,22 +840,10 @@ and to return information on pronunciations, meanings and
synonyms.")
(license (non-copyleft "file://COPYING"
"See COPYING in the distribution."))))
-;; LibreOffice requires an xmlsec source tarball; it does not even check
-;; for the presence of an externally compiled library.
-(define xmlsec-src-libreoffice
- (origin
- (method url-fetch)
- (uri
- (string-append
- "http://dev-www.libreoffice.org/src/"
- "86b1daaa438f5a7bea9a52d7b9799ac0-xmlsec1-1.2.23.tar.gz"))
- (sha256 (base32
- "17qfw5crkqn4v6xbkjxrjvcccfc00dy053892wrwv54qdk8n7m21"))))
-
(define-public libreoffice
(package
(name "libreoffice")
- (version "5.3.7.2")
+ (version "5.4.5.1")
(source
(origin
(method url-fetch)
@@ -863,16 +852,11 @@ and to return information on pronunciations, meanings and
synonyms.")
"https://download.documentfoundation.org/libreoffice/src/"
(version-prefix version 3) "/libreoffice-" version ".tar.xz"))
(sha256 (base32
- "0z7fssp0jcj09wxad1wmhy69n71a2mwl933lxp9dz5sdvzncxmy3"))))
+ "167bh6jgyhfcvn3g7xghkg4nb99h91diypdlry5df21xs8bis5gb"))))
(build-system gnu-build-system)
(native-inputs
- `(;; autoreconf is run by the LibreOffice build system, since after
- ;; unpacking the external xmlsec tarball, it applies a series of
- ;; patches to Makefile.am, configure.in, config.guess and config.sub.
- ("autoconf" ,autoconf)
- ("automake" ,automake)
- ("bison" ,bison)
- ("cppunit" ,cppunit)
+ `(("bison" ,bison)
+ ("cppunit" ,cppunit-1.14)
("flex" ,flex)
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
@@ -888,6 +872,7 @@ and to return information on pronunciations, meanings and
synonyms.")
("glew" ,glew)
("glm" ,glm)
("gperf" ,gperf)
+ ("gpgme" ,gpgme)
("graphite2" ,graphite2)
("gst-plugins-base" ,gst-plugins-base)
("gtk+" ,gtk+)
@@ -897,12 +882,14 @@ and to return information on pronunciations, meanings and
synonyms.")
("libabw" ,libabw)
("libcdr" ,libcdr)
("libcmis" ,libcmis)
- ("libjpeg" ,libjpeg)
+ ("libjpeg-turbo" ,libjpeg-turbo)
("libe-book" ,libe-book)
("libetonyek" ,libetonyek)
("libexttextcat" ,libexttextcat)
("libfreehand" ,libfreehand)
("liblangtag" ,liblangtag)
+ ;; XXX: Perhaps this should be propagated from xmlsec.
+ ("libltdl" ,libltdl)
("libmspub" ,libmspub)
("libmwaw" ,libmwaw)
("libodfgen" ,libodfgen)
@@ -935,7 +922,7 @@ and to return information on pronunciations, meanings and
synonyms.")
("unixodbc" ,unixodbc)
("unzip" ,unzip)
("vigra" ,vigra)
- ("xmlsec-src" ,xmlsec-src-libreoffice)
+ ("xmlsec" ,xmlsec-nss)
("zip" ,zip)))
(arguments
`(#:tests? #f ; Building the tests already fails.
@@ -944,26 +931,27 @@ and to return information on pronunciations, meanings and
synonyms.")
(modify-phases %standard-phases
(add-before 'configure 'prepare-src
(lambda* (#:key inputs #:allow-other-keys)
- (let ((xmlsec (assoc-ref inputs "xmlsec-src")))
+ (let ((gpgme (assoc-ref inputs "gpgme")))
(substitute*
(list "sysui/CustomTarget_share.mk"
"solenv/gbuild/gbuild.mk"
"solenv/gbuild/platform/unxgcc.mk")
(("/bin/sh") (which "sh")))
- (mkdir "external/tarballs")
- (symlink
- xmlsec
- (string-append "external/tarballs/"
- "86b1daaa438f5a7bea9a52d7b9799ac0-"
- "xmlsec1-1.2.23.tar.gz"))
- ;; The following is required for building xmlsec from the
- ;; unpatched external tarball; since "configure" starts with
- ;; "/bin/sh", it needs to be executed by a command invoking
- ;; the shell.
- (setenv "SHELL" (which "bash"))
- (setenv "CONFIG_SHELL" (which "bash"))
- (substitute* "external/libxmlsec/ExternalProject_xmlsec.mk"
- (("./configure") "$(CONFIG_SHELL) ./configure" ))
+
+ ;; GPGME++ headers are installed in a gpgme++ subdirectory,
+ ;; but files in "xmlsecurity/source/gpg/" expect to find them
+ ;; on the include path without a prefix.
+ (substitute* "xmlsecurity/Library_xsec_xmlsec.mk"
+ (("\\$\\$\\(INCLUDE\\)")
+ (string-append "$$(INCLUDE) -I" gpgme "/include/gpgme++")))
+
+ ;; XXX: When GTK2 is disabled, one header file is not
included.
+ ;; This is likely fixed in later versions. See also
+ ;; <https://bugs.gentoo.org/641812>.
+ (substitute* "vcl/unx/gtk3/gtk3gtkframe.cxx"
+ (("#include <unx/gtk/gtkgdi.hxx>")
+ "#include <unx/gtk/gtkgdi.hxx>\n#include
<unx/gtk/gtksalmenu.hxx>"))
+
#t)))
(add-after 'install 'bin-and-desktop-install
;; Create 'soffice' and 'libreoffice' symlinks to the executable
@@ -1037,6 +1025,10 @@ and to return information on pronunciations, meanings
and synonyms.")
"--disable-coinmp"
"--disable-firebird-sdbc" ; embedded firebird
"--disable-gltf"
+ ;; XXX: PDFium support requires fetching an external tarball and
+ ;; patching the build scripts to work with GCC5. Try enabling this
+ ;; when our default compiler is >=GCC 6.
+ "--disable-pdfium"
"--disable-gtk" ; disable use of GTK+ 2
"--without-doxygen")))
(home-page "https://www.libreoffice.org/")
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 0b3a820..e6d6681 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -13,7 +13,7 @@
;;; Copyright © 2016 Jan Nieuwenhuizen <address@hidden>
;;; Copyright © 2016, 2017 ng0 <address@hidden>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <address@hidden>
-;;; Copyright © 2016, 2017 Marius Bakke <address@hidden>
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <address@hidden>
;;; Copyright © 2017 Adriano Peluso <address@hidden>
;;; Copyright © 2017 Gregor Giesen <address@hidden>
;;; Copyright © 2017 Alex Vong <address@hidden>
@@ -41,6 +41,7 @@
#:use-module (gnu packages compression)
#:use-module (gnu packages gnupg)
#:use-module (gnu packages java)
+ #:use-module (gnu packages gnuzilla)
#:use-module (gnu packages perl)
#:use-module (gnu packages perl-check)
#:use-module (gnu packages python)
@@ -971,6 +972,15 @@ Libxml2).")
(license (license:x11-style "file://COPYING"
"See 'COPYING' in the distribution."))))
+(define-public xmlsec-nss
+ (package
+ (inherit xmlsec)
+ (name "xmlsec-nss")
+ (inputs
+ `(("nss" ,nss)
+ ("libltdl" ,libltdl)))
+ (synopsis "XML Security Library (using NSS instead of GnuTLS)")))
+
(define-public minixml
(package
(name "minixml")