guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871].


From: Marius Bakke
Subject: 02/02: gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871].
Date: Sun, 11 Feb 2018 10:33:01 -0500 (EST)

mbakke pushed a commit to branch master
in repository guix.

commit b4c9a3173dad692e3e72c55b16d17fd7163da516
Author: Marius Bakke <address@hidden>
Date:   Sun Feb 11 11:46:27 2018 +0100

    gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871].
    
    * gnu/packages/check.scm (cppunit-1.14): New public variable.
    * gnu/packages/libreoffice.scm (xmlsec-src-libreoffice): Remove variable.
    (libreoffice): Update to 5.4.5.1.
    [native-inputs]: Change CPPUNIT to CPPUNIT-1.14.  Remove AUTOCONF and 
AUTOMAKE.
    [inputs]: Add GPGME, XMLSEC-NSS and LIBLTDL.  Remove XMLSEC-SRC-LIBREOFFICE.
    Replace LIBJPEG with LIBJPEG-TURBO.
    [arguments]: Remove xmlsec code from PREPARE-SRC-PHASE.  Make sure GPGME++
    headers are found.  Add workaround for <https://bugs.gentoo.org/641812>.  
Add
    "--disable-pdfium" to #:configure-flags.
    * gnu/packages/xml.scm (xmlsec-nss): New public variable.
---
 gnu/packages/check.scm       | 17 +++++++++++
 gnu/packages/libreoffice.scm | 70 ++++++++++++++++++++------------------------
 gnu/packages/xml.scm         | 12 +++++++-
 3 files changed, 59 insertions(+), 40 deletions(-)

diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 1276c0f..92f4935 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -157,6 +157,23 @@ unit testing.  Test output is in XML for automatic testing 
and GUI based for
 supervised tests.")
     (license license:lgpl2.1))) ; no copyright notices. LGPL2.1 is in the 
tarball
 
+;; Some packages require this newer version of cppunit.  However, it needs
+;; C++11 support, which is not enabled by default in our current GCC, and
+;; updating in-place would require adding CXXFLAGS to many dependent packages.
+;; Thus, keep as a separate variable for now.
+;; TODO: Remove this when our default GCC is updated to 6 or higher.
+(define-public cppunit-1.14
+  (package
+    (inherit cppunit)
+    (version "1.14.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://dev-www.libreoffice.org/src/";
+                                  "cppunit-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1027cyfx5gsjkdkaf6c2wnjh68882grw8n672018cj3vs9lrhmix"))))))
+
 (define-public catch-framework
   (package
     (name "catch")
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 799b062..47dd21b 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -7,7 +7,7 @@
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <address@hidden>
 ;;; Copyright © 2017 Andy Wingo <address@hidden>
 ;;; Copyright © 2017 Ludovic Courtès <address@hidden>
-;;; Copyright © 2017 Marius Bakke <address@hidden>
+;;; Copyright © 2017, 2018 Marius Bakke <address@hidden>
 ;;; Copyright © 2017 Rutger Helling <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -54,6 +54,7 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gperf)
+  #:use-module (gnu packages gnupg)
   #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages gtk)
@@ -839,22 +840,10 @@ and to return information on pronunciations, meanings and 
synonyms.")
     (license (non-copyleft "file://COPYING"
                            "See COPYING in the distribution."))))
 
-;; LibreOffice requires an xmlsec source tarball; it does not even check
-;; for the presence of an externally compiled library.
-(define xmlsec-src-libreoffice
-  (origin
-    (method url-fetch)
-    (uri
-      (string-append
-       "http://dev-www.libreoffice.org/src/";
-       "86b1daaa438f5a7bea9a52d7b9799ac0-xmlsec1-1.2.23.tar.gz"))
-    (sha256 (base32
-             "17qfw5crkqn4v6xbkjxrjvcccfc00dy053892wrwv54qdk8n7m21"))))
-
 (define-public libreoffice
   (package
     (name "libreoffice")
-    (version "5.3.7.2")
+    (version "5.4.5.1")
     (source
      (origin
       (method url-fetch)
@@ -863,16 +852,11 @@ and to return information on pronunciations, meanings and 
synonyms.")
           "https://download.documentfoundation.org/libreoffice/src/";
           (version-prefix version 3) "/libreoffice-" version ".tar.xz"))
       (sha256 (base32
-               "0z7fssp0jcj09wxad1wmhy69n71a2mwl933lxp9dz5sdvzncxmy3"))))
+               "167bh6jgyhfcvn3g7xghkg4nb99h91diypdlry5df21xs8bis5gb"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(;; autoreconf is run by the LibreOffice build system, since after
-       ;; unpacking the external xmlsec tarball, it applies a series of
-       ;; patches to Makefile.am, configure.in, config.guess and config.sub.
-       ("autoconf" ,autoconf)
-       ("automake" ,automake)
-       ("bison" ,bison)
-       ("cppunit" ,cppunit)
+     `(("bison" ,bison)
+       ("cppunit" ,cppunit-1.14)
        ("flex" ,flex)
        ("pkg-config" ,pkg-config)
        ("python" ,python-wrapper)
@@ -888,6 +872,7 @@ and to return information on pronunciations, meanings and 
synonyms.")
        ("glew" ,glew)
        ("glm" ,glm)
        ("gperf" ,gperf)
+       ("gpgme" ,gpgme)
        ("graphite2" ,graphite2)
        ("gst-plugins-base" ,gst-plugins-base)
        ("gtk+" ,gtk+)
@@ -897,12 +882,14 @@ and to return information on pronunciations, meanings and 
synonyms.")
        ("libabw" ,libabw)
        ("libcdr" ,libcdr)
        ("libcmis" ,libcmis)
-       ("libjpeg" ,libjpeg)
+       ("libjpeg-turbo" ,libjpeg-turbo)
        ("libe-book" ,libe-book)
        ("libetonyek" ,libetonyek)
        ("libexttextcat" ,libexttextcat)
        ("libfreehand" ,libfreehand)
        ("liblangtag" ,liblangtag)
+       ;; XXX: Perhaps this should be propagated from xmlsec.
+       ("libltdl" ,libltdl)
        ("libmspub" ,libmspub)
        ("libmwaw" ,libmwaw)
        ("libodfgen" ,libodfgen)
@@ -935,7 +922,7 @@ and to return information on pronunciations, meanings and 
synonyms.")
        ("unixodbc" ,unixodbc)
        ("unzip" ,unzip)
        ("vigra" ,vigra)
-       ("xmlsec-src" ,xmlsec-src-libreoffice)
+       ("xmlsec" ,xmlsec-nss)
        ("zip" ,zip)))
     (arguments
      `(#:tests? #f ; Building the tests already fails.
@@ -944,26 +931,27 @@ and to return information on pronunciations, meanings and 
synonyms.")
          (modify-phases %standard-phases
            (add-before 'configure 'prepare-src
              (lambda* (#:key inputs #:allow-other-keys)
-               (let ((xmlsec (assoc-ref inputs "xmlsec-src")))
+               (let ((gpgme (assoc-ref inputs "gpgme")))
                  (substitute*
                    (list "sysui/CustomTarget_share.mk"
                          "solenv/gbuild/gbuild.mk"
                          "solenv/gbuild/platform/unxgcc.mk")
                    (("/bin/sh") (which "sh")))
-                 (mkdir "external/tarballs")
-                 (symlink
-                   xmlsec
-                   (string-append "external/tarballs/"
-                                  "86b1daaa438f5a7bea9a52d7b9799ac0-"
-                                  "xmlsec1-1.2.23.tar.gz"))
-                 ;; The following is required for building xmlsec from the
-                 ;; unpatched external tarball; since "configure" starts with
-                 ;; "/bin/sh", it needs to be executed by a command invoking
-                 ;; the shell.
-                 (setenv "SHELL" (which "bash"))
-                 (setenv "CONFIG_SHELL" (which "bash"))
-                 (substitute* "external/libxmlsec/ExternalProject_xmlsec.mk"
-                   (("./configure") "$(CONFIG_SHELL) ./configure" ))
+
+                 ;; GPGME++ headers are installed in a gpgme++ subdirectory,
+                 ;; but files in "xmlsecurity/source/gpg/" expect to find them
+                 ;; on the include path without a prefix.
+                 (substitute* "xmlsecurity/Library_xsec_xmlsec.mk"
+                   (("\\$\\$\\(INCLUDE\\)")
+                    (string-append "$$(INCLUDE) -I" gpgme "/include/gpgme++")))
+
+                 ;; XXX: When GTK2 is disabled, one header file is not 
included.
+                 ;; This is likely fixed in later versions.  See also
+                 ;; <https://bugs.gentoo.org/641812>.
+                 (substitute* "vcl/unx/gtk3/gtk3gtkframe.cxx"
+                   (("#include <unx/gtk/gtkgdi.hxx>")
+                    "#include <unx/gtk/gtkgdi.hxx>\n#include 
<unx/gtk/gtksalmenu.hxx>"))
+
                  #t)))
            (add-after 'install 'bin-and-desktop-install
              ;; Create 'soffice' and 'libreoffice' symlinks to the executable
@@ -1037,6 +1025,10 @@ and to return information on pronunciations, meanings 
and synonyms.")
           "--disable-coinmp"
           "--disable-firebird-sdbc" ; embedded firebird
           "--disable-gltf"
+          ;; XXX: PDFium support requires fetching an external tarball and
+          ;; patching the build scripts to work with GCC5.  Try enabling this
+          ;; when our default compiler is >=GCC 6.
+          "--disable-pdfium"
           "--disable-gtk" ; disable use of GTK+ 2
           "--without-doxygen")))
     (home-page "https://www.libreoffice.org/";)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 0b3a820..e6d6681 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2016 Jan Nieuwenhuizen <address@hidden>
 ;;; Copyright © 2016, 2017 ng0 <address@hidden>
 ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <address@hidden>
-;;; Copyright © 2016, 2017 Marius Bakke <address@hidden>
+;;; Copyright © 2016, 2017, 2018 Marius Bakke <address@hidden>
 ;;; Copyright © 2017 Adriano Peluso <address@hidden>
 ;;; Copyright © 2017 Gregor Giesen <address@hidden>
 ;;; Copyright © 2017 Alex Vong <address@hidden>
@@ -41,6 +41,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages java)
+  #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages perl-check)
   #:use-module (gnu packages python)
@@ -971,6 +972,15 @@ Libxml2).")
     (license (license:x11-style "file://COPYING"
                                 "See 'COPYING' in the distribution."))))
 
+(define-public xmlsec-nss
+  (package
+    (inherit xmlsec)
+    (name "xmlsec-nss")
+    (inputs
+     `(("nss" ,nss)
+       ("libltdl" ,libltdl)))
+    (synopsis "XML Security Library (using NSS instead of GnuTLS)")))
+
 (define-public minixml
   (package
     (name "minixml")



reply via email to

[Prev in Thread] Current Thread [Next in Thread]