From b4c9a3173dad692e3e72c55b16d17fd7163da516 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 11 Feb 2018 11:46:27 +0100 Subject: [PATCH] gnu: libreoffice: Update to 5.4.5.1 [CVE-2018-6871]. * gnu/packages/check.scm (cppunit-1.14): New public variable. * gnu/packages/libreoffice.scm (xmlsec-src-libreoffice): Remove variable. (libreoffice): Update to 5.4.5.1. [native-inputs]: Change CPPUNIT to CPPUNIT-1.14. Remove AUTOCONF and AUTOMAKE. [inputs]: Add GPGME, XMLSEC-NSS and LIBLTDL. Remove XMLSEC-SRC-LIBREOFFICE. Replace LIBJPEG with LIBJPEG-TURBO. [arguments]: Remove xmlsec code from PREPARE-SRC-PHASE. Make sure GPGME++ headers are found. Add workaround for . Add "--disable-pdfium" to #:configure-flags. * gnu/packages/xml.scm (xmlsec-nss): New public variable. --- gnu/packages/check.scm | 17 +++++++++ gnu/packages/libreoffice.scm | 70 ++++++++++++++++-------------------- gnu/packages/xml.scm | 12 ++++++- 3 files changed, 59 insertions(+), 40 deletions(-) diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm index 1276c0fda4..92f4935927 100644 --- a/gnu/packages/check.scm +++ b/gnu/packages/check.scm @@ -157,6 +157,23 @@ (define-public cppunit supervised tests.") (license license:lgpl2.1))) ; no copyright notices. LGPL2.1 is in the tarball +;; Some packages require this newer version of cppunit. However, it needs +;; C++11 support, which is not enabled by default in our current GCC, and +;; updating in-place would require adding CXXFLAGS to many dependent packages. +;; Thus, keep as a separate variable for now. +;; TODO: Remove this when our default GCC is updated to 6 or higher. +(define-public cppunit-1.14 + (package + (inherit cppunit) + (version "1.14.0") + (source (origin + (method url-fetch) + (uri (string-append "https://dev-www.libreoffice.org/src/" + "cppunit-" version ".tar.gz")) + (sha256 + (base32 + "1027cyfx5gsjkdkaf6c2wnjh68882grw8n672018cj3vs9lrhmix")))))) + (define-public catch-framework (package (name "catch") diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm index 799b062439..47dd21b3b0 100644 --- a/gnu/packages/libreoffice.scm +++ b/gnu/packages/libreoffice.scm @@ -7,7 +7,7 @@ ;;; Copyright © 2017 Tobias Geerinckx-Rice ;;; Copyright © 2017 Andy Wingo ;;; Copyright © 2017 Ludovic Courtès -;;; Copyright © 2017 Marius Bakke +;;; Copyright © 2017, 2018 Marius Bakke ;;; Copyright © 2017 Rutger Helling ;;; ;;; This file is part of GNU Guix. @@ -54,6 +54,7 @@ (define-module (gnu packages libreoffice) #:use-module (gnu packages glib) #:use-module (gnu packages gnome) #:use-module (gnu packages gperf) + #:use-module (gnu packages gnupg) #:use-module (gnu packages gnuzilla) #:use-module (gnu packages gstreamer) #:use-module (gnu packages gtk) @@ -839,22 +840,10 @@ (define-public mythes (license (non-copyleft "file://COPYING" "See COPYING in the distribution.")))) -;; LibreOffice requires an xmlsec source tarball; it does not even check -;; for the presence of an externally compiled library. -(define xmlsec-src-libreoffice - (origin - (method url-fetch) - (uri - (string-append - "http://dev-www.libreoffice.org/src/" - "86b1daaa438f5a7bea9a52d7b9799ac0-xmlsec1-1.2.23.tar.gz")) - (sha256 (base32 - "17qfw5crkqn4v6xbkjxrjvcccfc00dy053892wrwv54qdk8n7m21")))) - (define-public libreoffice (package (name "libreoffice") - (version "5.3.7.2") + (version "5.4.5.1") (source (origin (method url-fetch) @@ -863,16 +852,11 @@ (define-public libreoffice "https://download.documentfoundation.org/libreoffice/src/" (version-prefix version 3) "/libreoffice-" version ".tar.xz")) (sha256 (base32 - "0z7fssp0jcj09wxad1wmhy69n71a2mwl933lxp9dz5sdvzncxmy3")))) + "167bh6jgyhfcvn3g7xghkg4nb99h91diypdlry5df21xs8bis5gb")))) (build-system gnu-build-system) (native-inputs - `(;; autoreconf is run by the LibreOffice build system, since after - ;; unpacking the external xmlsec tarball, it applies a series of - ;; patches to Makefile.am, configure.in, config.guess and config.sub. - ("autoconf" ,autoconf) - ("automake" ,automake) - ("bison" ,bison) - ("cppunit" ,cppunit) + `(("bison" ,bison) + ("cppunit" ,cppunit-1.14) ("flex" ,flex) ("pkg-config" ,pkg-config) ("python" ,python-wrapper) @@ -888,6 +872,7 @@ (define-public libreoffice ("glew" ,glew) ("glm" ,glm) ("gperf" ,gperf) + ("gpgme" ,gpgme) ("graphite2" ,graphite2) ("gst-plugins-base" ,gst-plugins-base) ("gtk+" ,gtk+) @@ -897,12 +882,14 @@ (define-public libreoffice ("libabw" ,libabw) ("libcdr" ,libcdr) ("libcmis" ,libcmis) - ("libjpeg" ,libjpeg) + ("libjpeg-turbo" ,libjpeg-turbo) ("libe-book" ,libe-book) ("libetonyek" ,libetonyek) ("libexttextcat" ,libexttextcat) ("libfreehand" ,libfreehand) ("liblangtag" ,liblangtag) + ;; XXX: Perhaps this should be propagated from xmlsec. + ("libltdl" ,libltdl) ("libmspub" ,libmspub) ("libmwaw" ,libmwaw) ("libodfgen" ,libodfgen) @@ -935,7 +922,7 @@ (define-public libreoffice ("unixodbc" ,unixodbc) ("unzip" ,unzip) ("vigra" ,vigra) - ("xmlsec-src" ,xmlsec-src-libreoffice) + ("xmlsec" ,xmlsec-nss) ("zip" ,zip))) (arguments `(#:tests? #f ; Building the tests already fails. @@ -944,26 +931,27 @@ (define-public libreoffice (modify-phases %standard-phases (add-before 'configure 'prepare-src (lambda* (#:key inputs #:allow-other-keys) - (let ((xmlsec (assoc-ref inputs "xmlsec-src"))) + (let ((gpgme (assoc-ref inputs "gpgme"))) (substitute* (list "sysui/CustomTarget_share.mk" "solenv/gbuild/gbuild.mk" "solenv/gbuild/platform/unxgcc.mk") (("/bin/sh") (which "sh"))) - (mkdir "external/tarballs") - (symlink - xmlsec - (string-append "external/tarballs/" - "86b1daaa438f5a7bea9a52d7b9799ac0-" - "xmlsec1-1.2.23.tar.gz")) - ;; The following is required for building xmlsec from the - ;; unpatched external tarball; since "configure" starts with - ;; "/bin/sh", it needs to be executed by a command invoking - ;; the shell. - (setenv "SHELL" (which "bash")) - (setenv "CONFIG_SHELL" (which "bash")) - (substitute* "external/libxmlsec/ExternalProject_xmlsec.mk" - (("./configure") "$(CONFIG_SHELL) ./configure" )) + + ;; GPGME++ headers are installed in a gpgme++ subdirectory, + ;; but files in "xmlsecurity/source/gpg/" expect to find them + ;; on the include path without a prefix. + (substitute* "xmlsecurity/Library_xsec_xmlsec.mk" + (("\\$\\$\\(INCLUDE\\)") + (string-append "$$(INCLUDE) -I" gpgme "/include/gpgme++"))) + + ;; XXX: When GTK2 is disabled, one header file is not included. + ;; This is likely fixed in later versions. See also + ;; . + (substitute* "vcl/unx/gtk3/gtk3gtkframe.cxx" + (("#include ") + "#include \n#include ")) + #t))) (add-after 'install 'bin-and-desktop-install ;; Create 'soffice' and 'libreoffice' symlinks to the executable @@ -1037,6 +1025,10 @@ (define (install-appdata app) "--disable-coinmp" "--disable-firebird-sdbc" ; embedded firebird "--disable-gltf" + ;; XXX: PDFium support requires fetching an external tarball and + ;; patching the build scripts to work with GCC5. Try enabling this + ;; when our default compiler is >=GCC 6. + "--disable-pdfium" "--disable-gtk" ; disable use of GTK+ 2 "--without-doxygen"))) (home-page "https://www.libreoffice.org/") diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 0b3a820387..e6d668178e 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -13,7 +13,7 @@ ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2016, 2017 ng0 ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice -;;; Copyright © 2016, 2017 Marius Bakke +;;; Copyright © 2016, 2017, 2018 Marius Bakke ;;; Copyright © 2017 Adriano Peluso ;;; Copyright © 2017 Gregor Giesen ;;; Copyright © 2017 Alex Vong @@ -41,6 +41,7 @@ (define-module (gnu packages xml) #:use-module (gnu packages compression) #:use-module (gnu packages gnupg) #:use-module (gnu packages java) + #:use-module (gnu packages gnuzilla) #:use-module (gnu packages perl) #:use-module (gnu packages perl-check) #:use-module (gnu packages python) @@ -971,6 +972,15 @@ (define-public xmlsec (license (license:x11-style "file://COPYING" "See 'COPYING' in the distribution.")))) +(define-public xmlsec-nss + (package + (inherit xmlsec) + (name "xmlsec-nss") + (inputs + `(("nss" ,nss) + ("libltdl" ,libltdl))) + (synopsis "XML Security Library (using NSS instead of GnuTLS)"))) + (define-public minixml (package (name "minixml")