~ruther/guix-local

b4c9a3173dad692e3e72c55b16d17fd7163da516 — Marius Bakke 8 years ago f1d7e14 
gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871].

* gnu/packages/check.scm (cppunit-1.14): New public variable.
* gnu/packages/libreoffice.scm (xmlsec-src-libreoffice): Remove variable.
(libreoffice): Update to 5.4.5.1.
[native-inputs]: Change CPPUNIT to CPPUNIT-1.14.  Remove AUTOCONF and AUTOMAKE.
[inputs]: Add GPGME, XMLSEC-NSS and LIBLTDL.  Remove XMLSEC-SRC-LIBREOFFICE.
Replace LIBJPEG with LIBJPEG-TURBO.
[arguments]: Remove xmlsec code from PREPARE-SRC-PHASE.  Make sure GPGME++
headers are found.  Add workaround for <https://bugs.gentoo.org/641812>.  Add
"--disable-pdfium" to #:configure-flags.
* gnu/packages/xml.scm (xmlsec-nss): New public variable.
patch browse .tar.gz 
3 files changed, 59 insertions(+), 40 deletions(-)

M gnu/packages/check.scm
M gnu/packages/libreoffice.scm
M gnu/packages/xml.scm

M gnu/packages/check.scm => gnu/packages/check.scm +17 -0
@@ 157,6 157,23 @@ unit testing.  Test output is in XML for automatic testing and GUI based for
supervised tests.")
    (license license:lgpl2.1))) ; no copyright notices. LGPL2.1 is in the tarball

;; Some packages require this newer version of cppunit.  However, it needs
;; C++11 support, which is not enabled by default in our current GCC, and
;; updating in-place would require adding CXXFLAGS to many dependent packages.
;; Thus, keep as a separate variable for now.
;; TODO: Remove this when our default GCC is updated to 6 or higher.
(define-public cppunit-1.14
  (package
    (inherit cppunit)
    (version "1.14.0")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://dev-www.libreoffice.org/src/"
                                  "cppunit-" version ".tar.gz"))
              (sha256
               (base32
                "1027cyfx5gsjkdkaf6c2wnjh68882grw8n672018cj3vs9lrhmix"))))))

(define-public catch-framework
  (package
    (name "catch")


M gnu/packages/libreoffice.scm => gnu/packages/libreoffice.scm +31 -39
@@ 7,7 7,7 @@
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
;;;
;;; This file is part of GNU Guix.


@@ 54,6 54,7 @@
  #:use-module (gnu packages glib)
  #:use-module (gnu packages gnome)
  #:use-module (gnu packages gperf)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages gnuzilla)
  #:use-module (gnu packages gstreamer)
  #:use-module (gnu packages gtk)


@@ 839,22 840,10 @@ and to return information on pronunciations, meanings and synonyms.")
    (license (non-copyleft "file://COPYING"
                           "See COPYING in the distribution."))))

;; LibreOffice requires an xmlsec source tarball; it does not even check
;; for the presence of an externally compiled library.
(define xmlsec-src-libreoffice
  (origin
    (method url-fetch)
    (uri
      (string-append
       "http://dev-www.libreoffice.org/src/"
       "86b1daaa438f5a7bea9a52d7b9799ac0-xmlsec1-1.2.23.tar.gz"))
    (sha256 (base32
             "17qfw5crkqn4v6xbkjxrjvcccfc00dy053892wrwv54qdk8n7m21"))))

(define-public libreoffice
  (package
    (name "libreoffice")
    (version "5.3.7.2")
    (version "5.4.5.1")
    (source
     (origin
      (method url-fetch)


@@ 863,16 852,11 @@ and to return information on pronunciations, meanings and synonyms.")
          "https://download.documentfoundation.org/libreoffice/src/"
          (version-prefix version 3) "/libreoffice-" version ".tar.xz"))
      (sha256 (base32
               "0z7fssp0jcj09wxad1wmhy69n71a2mwl933lxp9dz5sdvzncxmy3"))))
               "167bh6jgyhfcvn3g7xghkg4nb99h91diypdlry5df21xs8bis5gb"))))
    (build-system gnu-build-system)
    (native-inputs
     `(;; autoreconf is run by the LibreOffice build system, since after
       ;; unpacking the external xmlsec tarball, it applies a series of
       ;; patches to Makefile.am, configure.in, config.guess and config.sub.
       ("autoconf" ,autoconf)
       ("automake" ,automake)
       ("bison" ,bison)
       ("cppunit" ,cppunit)
     `(("bison" ,bison)
       ("cppunit" ,cppunit-1.14)
       ("flex" ,flex)
       ("pkg-config" ,pkg-config)
       ("python" ,python-wrapper)


@@ 888,6 872,7 @@ and to return information on pronunciations, meanings and synonyms.")
       ("glew" ,glew)
       ("glm" ,glm)
       ("gperf" ,gperf)
       ("gpgme" ,gpgme)
       ("graphite2" ,graphite2)
       ("gst-plugins-base" ,gst-plugins-base)
       ("gtk+" ,gtk+)


@@ 897,12 882,14 @@ and to return information on pronunciations, meanings and synonyms.")
       ("libabw" ,libabw)
       ("libcdr" ,libcdr)
       ("libcmis" ,libcmis)
       ("libjpeg" ,libjpeg)
       ("libjpeg-turbo" ,libjpeg-turbo)
       ("libe-book" ,libe-book)
       ("libetonyek" ,libetonyek)
       ("libexttextcat" ,libexttextcat)
       ("libfreehand" ,libfreehand)
       ("liblangtag" ,liblangtag)
       ;; XXX: Perhaps this should be propagated from xmlsec.
       ("libltdl" ,libltdl)
       ("libmspub" ,libmspub)
       ("libmwaw" ,libmwaw)
       ("libodfgen" ,libodfgen)


@@ 935,7 922,7 @@ and to return information on pronunciations, meanings and synonyms.")
       ("unixodbc" ,unixodbc)
       ("unzip" ,unzip)
       ("vigra" ,vigra)
       ("xmlsec-src" ,xmlsec-src-libreoffice)
       ("xmlsec" ,xmlsec-nss)
       ("zip" ,zip)))
    (arguments
     `(#:tests? #f ; Building the tests already fails.


@@ 944,26 931,27 @@ and to return information on pronunciations, meanings and synonyms.")
         (modify-phases %standard-phases
           (add-before 'configure 'prepare-src
             (lambda* (#:key inputs #:allow-other-keys)
               (let ((xmlsec (assoc-ref inputs "xmlsec-src")))
               (let ((gpgme (assoc-ref inputs "gpgme")))
                 (substitute*
                   (list "sysui/CustomTarget_share.mk"
                         "solenv/gbuild/gbuild.mk"
                         "solenv/gbuild/platform/unxgcc.mk")
                   (("/bin/sh") (which "sh")))
                 (mkdir "external/tarballs")
                 (symlink
                   xmlsec
                   (string-append "external/tarballs/"
                                  "86b1daaa438f5a7bea9a52d7b9799ac0-"
                                  "xmlsec1-1.2.23.tar.gz"))
                 ;; The following is required for building xmlsec from the
                 ;; unpatched external tarball; since "configure" starts with
                 ;; "/bin/sh", it needs to be executed by a command invoking
                 ;; the shell.
                 (setenv "SHELL" (which "bash"))
                 (setenv "CONFIG_SHELL" (which "bash"))
                 (substitute* "external/libxmlsec/ExternalProject_xmlsec.mk"
                   (("./configure") "$(CONFIG_SHELL) ./configure" ))

                 ;; GPGME++ headers are installed in a gpgme++ subdirectory,
                 ;; but files in "xmlsecurity/source/gpg/" expect to find them
                 ;; on the include path without a prefix.
                 (substitute* "xmlsecurity/Library_xsec_xmlsec.mk"
                   (("\\$\\$\\(INCLUDE\\)")
                    (string-append "$$(INCLUDE) -I" gpgme "/include/gpgme++")))

                 ;; XXX: When GTK2 is disabled, one header file is not included.
                 ;; This is likely fixed in later versions.  See also
                 ;; <https://bugs.gentoo.org/641812>.
                 (substitute* "vcl/unx/gtk3/gtk3gtkframe.cxx"
                   (("#include <unx/gtk/gtkgdi.hxx>")
                    "#include <unx/gtk/gtkgdi.hxx>\n#include <unx/gtk/gtksalmenu.hxx>"))

                 #t)))
           (add-after 'install 'bin-and-desktop-install
             ;; Create 'soffice' and 'libreoffice' symlinks to the executable


@@ 1037,6 1025,10 @@ and to return information on pronunciations, meanings and synonyms.")
          "--disable-coinmp"
          "--disable-firebird-sdbc" ; embedded firebird
          "--disable-gltf"
          ;; XXX: PDFium support requires fetching an external tarball and
          ;; patching the build scripts to work with GCC5.  Try enabling this
          ;; when our default compiler is >=GCC 6.
          "--disable-pdfium"
          "--disable-gtk" ; disable use of GTK+ 2
          "--without-doxygen")))
    (home-page "https://www.libreoffice.org/")


M gnu/packages/xml.scm => gnu/packages/xml.scm +11 -1
@@ 13,7 13,7 @@
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2016, 2017, 2018 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2017 Adriano Peluso <catonano@gmail.com>
;;; Copyright © 2017 Gregor Giesen <giesen@zaehlwerk.net>
;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>


@@ 41,6 41,7 @@
  #:use-module (gnu packages compression)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages java)
  #:use-module (gnu packages gnuzilla)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages perl-check)
  #:use-module (gnu packages python)


@@ 971,6 972,15 @@ Libxml2).")
    (license (license:x11-style "file://COPYING"
                                "See 'COPYING' in the distribution."))))

(define-public xmlsec-nss
  (package
    (inherit xmlsec)
    (name "xmlsec-nss")
    (inputs
     `(("nss" ,nss)
       ("libltdl" ,libltdl)))
    (synopsis "XML Security Library (using NSS instead of GnuTLS)")))

(define-public minixml
  (package
    (name "minixml")