summaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/cyrus-sasl.scm21
-rw-r--r--gnu/packages/gnome.scm17
-rw-r--r--gnu/packages/gtk.scm23
-rw-r--r--gnu/packages/python.scm22
-rw-r--r--gnu/packages/tls.scm37
5 files changed, 14 insertions, 106 deletions
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index c18703fde0..43c2099968 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -44,8 +44,8 @@
version ".tar.gz")))
(sha256 (base32
"1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))
- (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"))))
- (replacement cyrus-sasl/fixed)
+ (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"
+ "cyrus-sasl-CVE-2019-19906.patch"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)
@@ -81,20 +81,3 @@ server writers.")
(license (license:non-copyleft "file://COPYING"
"See COPYING in the distribution."))
(home-page "https://cyrusimap.org/sasl/")))
-
-(define cyrus-sasl/fixed
- (package
- (inherit cyrus-sasl)
- (version "2.1.27")
- (source (origin
- (method url-fetch)
- (uri (list (string-append
- "https://cyrusimap.org/releases/cyrus-sasl-"
- version ".tar.gz")
- (string-append
- "ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-"
- version ".tar.gz")))
- (sha256 (base32
- "1m85zcpgfdhm43cavpdkhb1s2zq1b31472hq1w1gs3xh94anp1i6"))
- (patches (search-patches "cyrus-sasl-ac-try-run-fix.patch"
- "cyrus-sasl-CVE-2019-19906.patch"))))))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 34f5078581..78a473b348 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -3221,10 +3221,10 @@ the GNOME desktop environment.")
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
+ (patches (search-patches "libcroco-CVE-2020-12825.patch"))
(sha256
(base32
"1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn"))))
- (replacement libcroco/fixed)
(build-system gnu-build-system)
(native-inputs
`(("pkg-config" ,pkg-config)))
@@ -3243,21 +3243,6 @@ XML/CSS rendering engine.")
;; LGPLv2.1-only.
(license license:lgpl2.1)))
-(define libcroco/fixed
- (package
- (inherit libcroco)
- (name "libcroco")
- (version "0.6.13")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnome/sources/" name "/"
- (version-major+minor version) "/"
- name "-" version ".tar.xz"))
- (sha256
- (base32
- "1m110rbj5d2raxcdp4iz0qp172284945awrsbdlq99ksmqsc4zkn"))
- (patches (search-patches "libcroco-CVE-2020-12825.patch"))))))
-
(define-public libgsf
(package
(name "libgsf")
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index bffc9e0298..24fd48d971 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -125,11 +125,12 @@ tools have full access to view and control running applications.")
(package
(name "cairo")
(version "1.16.0")
- (replacement cairo/fixed)
(source (origin
(method url-fetch)
(uri (string-append "https://cairographics.org/releases/cairo-"
version ".tar.xz"))
+ (patches (search-patches "cairo-CVE-2018-19876.patch"
+ "cairo-CVE-2020-35492.patch"))
(sha256
(base32
"0c930mk5xr2bshbdljv005j3j8zr47gqmkry3q6qgvqky6rjjysy"))))
@@ -176,15 +177,6 @@ affine transformation (scale, rotation, shear, etc.).")
(license license:lgpl2.1) ; or Mozilla Public License 1.1
(home-page "https://cairographics.org/")))
-(define cairo/fixed
- (package
- (inherit cairo)
- (source (origin
- (inherit (package-source cairo))
- (patches (append (search-patches "cairo-CVE-2018-19876.patch"
- "cairo-CVE-2020-35492.patch")
- (origin-patches (package-source cairo))))))))
-
(define-public cairo-sans-poppler
;; Variant used to break the dependency cycle between Poppler and Cairo.
(package/inherit cairo
@@ -567,12 +559,12 @@ highlighting and other features typical of a source code editor.")
(package
(name "gdk-pixbuf")
(version "2.40.0")
- (replacement gdk-pixbuf/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnome/sources/" name "/"
(version-major+minor version) "/"
name "-" version ".tar.xz"))
+ (patches (search-patches "gdk-pixbuf-CVE-2020-29385.patch"))
(sha256
(base32
"1rnlx9yfw970maxi2x6niaxmih5la11q1ilr7gzshz2kk585k0hm"))))
@@ -624,15 +616,6 @@ in the GNOME project.")
(license license:lgpl2.0+)
(home-page "https://developer.gnome.org/gdk-pixbuf/")))
-(define gdk-pixbuf/fixed
- (package
- (inherit gdk-pixbuf)
- (source (origin
- (inherit (package-source gdk-pixbuf))
- (patches
- (append (search-patches "gdk-pixbuf-CVE-2020-29385.patch")
- (origin-patches (package-source gdk-pixbuf))))))))
-
;; To build gdk-pixbuf with SVG support, we need librsvg, and librsvg depends
;; on gdk-pixbuf, so this new varibale. Also, librsvg adds 90MiB to the
;; closure size.
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 5d8fa1185b..ce424bdeb0 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -107,7 +107,6 @@
(define-public python-2.7
(package
(name "python2")
- (replacement python-2.7/fixed)
(version "2.7.17")
(source
(origin
@@ -122,7 +121,8 @@
"python-2.7-site-prefixes.patch"
"python-2.7-source-date-epoch.patch"
"python-2.7-adjust-tests.patch"
- "python-cross-compile.patch"))
+ "python-cross-compile.patch"
+ "python-2.7-CVE-2021-3177.patch"))
(modules '((guix build utils)))
(snippet
'(begin
@@ -351,14 +351,6 @@ data types.")
(properties '((cpe-name . "python")))
(license license:psfl)))
-(define python-2.7/fixed
- (package
- (inherit python-2.7)
- (source (origin
- (inherit (package-source python-2.7))
- (patches (append (search-patches "python-2.7-CVE-2021-3177.patch")
- (origin-patches (package-source python-2.7))))))))
-
;; Current 2.x version.
(define-public python-2 python-2.7)
@@ -373,7 +365,6 @@ data types.")
(define-public python-3.8
(package (inherit python-2)
(name "python")
- (replacement python-3.8/fixed)
(version "3.8.2")
(source (origin
(method url-fetch)
@@ -381,6 +372,7 @@ data types.")
version "/Python-" version ".tar.xz"))
(patches (search-patches
"python-CVE-2020-26116.patch"
+ "python-3.8-CVE-2021-3177.patch"
"python-3-fix-tests.patch"
"python-3.8-fix-tests.patch"
"python-3-deterministic-build-info.patch"
@@ -531,14 +523,6 @@ data types.")
(version-major+minor version)
"/site-packages"))))))))
-(define python-3.8/fixed
- (package
- (inherit python-3.8)
- (source (origin
- (inherit (package-source python-3.8))
- (patches (append (search-patches "python-3.8-CVE-2021-3177.patch")
- (origin-patches (package-source python-3.8))))))))
-
(define-public python-3.9
(package (inherit python-3.8)
(name "python-next")
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 25493cc7ca..fee6276674 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -165,7 +165,6 @@ living in the same process.")
(package
(name "gnutls")
(version "3.6.15")
- (replacement gnutls/fixed)
(source (origin
(method url-fetch)
;; Note: Releases are no longer on ftp.gnu.org since the
@@ -174,7 +173,9 @@ living in the same process.")
(version-major+minor version)
"/gnutls-" version ".tar.xz"))
(patches (search-patches "gnutls-skip-trust-store-test.patch"
- "gnutls-cross.patch"))
+ "gnutls-cross.patch"
+ "gnutls-CVE-2021-20231.patch"
+ "gnutls-CVE-2021-20232.patch"))
(sha256
(base32
"0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f"))))
@@ -257,15 +258,6 @@ required structures.")
(properties '((ftp-server . "ftp.gnutls.org")
(ftp-directory . "/gcrypt/gnutls")))))
-(define gnutls/fixed
- (package
- (inherit gnutls)
- (source (origin
- (inherit (package-source gnutls))
- (patches (append (search-patches "gnutls-CVE-2021-20231.patch"
- "gnutls-CVE-2021-20232.patch")
- (origin-patches (package-source gnutls))))))))
-
(define-public gnutls/guile-2.0
;; GnuTLS for Guile 2.0.
(package/inherit gnutls
@@ -296,8 +288,7 @@ required structures.")
(define-public openssl
(package
(name "openssl")
- (replacement openssl/fixed)
- (version "1.1.1i")
+ (version "1.1.1j")
(source (origin
(method url-fetch)
(uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -310,7 +301,7 @@ required structures.")
(patches (search-patches "openssl-1.1-c-rehash-in.patch"))
(sha256
(base32
- "0hjj1phcwkz69lx1lrvr9grhpl4y529mwqycqc1hdla1zqsnmgp8"))))
+ "1gw17520vh13izy1xf5q0a2fqgcayymjjj5bk0dlkxndfnszrwma"))))
(build-system gnu-build-system)
(outputs '("out"
"doc" ;6.8 MiB of man3 pages and full HTML documentation
@@ -431,24 +422,6 @@ required structures.")
(license license:openssl)
(home-page "https://www.openssl.org/")))
-(define-public openssl/fixed
- (package
- (inherit openssl)
- (version "1.1.1k")
- (source (origin
- (method url-fetch)
- (uri (list (string-append "https://www.openssl.org/source/openssl-"
- version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/"
- "openssl-" version ".tar.gz")
- (string-append "ftp://ftp.openssl.org/source/old/"
- (string-trim-right version char-set:letter)
- "/openssl-" version ".tar.gz")))
- (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
- (sha256
- (base32
- "1rdfzcrxy9y38wqdw5942vmdax9hjhgrprzxm42csal7p5shhal9"))))))
-
(define-public openssl-1.0
(package
(inherit openssl)