bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl.

2016-02-29 Thread Leo Famulari
On Mon, Feb 29, 2016 at 07:39:53PM -0500, Leo Famulari wrote: > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. Working patch attached. >From 00807e4421757f8d9204f1601de9a8286a408f91 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 29 Feb 2016 19:24:20 -0500 Subject:

bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl.

2016-02-29 Thread Leo Famulari
On Mon, Feb 29, 2016 at 07:39:53PM -0500, Leo Famulari wrote: > * gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. I realized that it would work if I imported (gnu packages gcc) when defining the tls module. I don't know if that's the right approach or not, but the output now r

bug#22650: guixSD default umask is 0000

2016-02-29 Thread myglc2
l...@gnu.org (Ludovic Courtès) writes: > myglc2 skribis: > >> glc@g1 ~$ ssh glc4@g1 >> glc4@g1's password: >> glc4@g1 ~$ umask >> > > Oh indeed, I can reproduce it. > > The problem is that lshd resets the umask when it starts (in > src/daemon.c:daemon_init) but never changes it again. > > P

bug#22831: [PATCH 2/2] WIP: gnu: openssl: Restrict allowed references for openssl.

2016-02-29 Thread Leo Famulari
* gnu/packages/tls.scm (openssl)[arguments]: Add #:allowed-references. --- gnu/packages/tls.scm | 7 +++ 1 file changed, 7 insertions(+) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 57f0ca1..5990413 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -200,6 +200,

bug#22831: [PATCH 1/2] gnu: openssl: Remove run-time dependency on Perl.

2016-02-29 Thread Leo Famulari
Fixes . * gnu/packages/patches/openssl-c-rehash.patch: Update patch to also replace the shebang of 'c_rehash.in'. --- gnu/packages/patches/openssl-c-rehash.patch | 14 ++ 1 file changed, 14 insertions(+) diff --git a/gnu/packages/patches/openssl-c-rehash.pa

bug#22831: [PATCH 0/2] OpenSSL / Perl run-time dependency

2016-02-29 Thread Leo Famulari
Patch 1/2 updates the patch we use to keep Perl from becoming a registered run-time dependency of OpenSSL. Patch 2/2 is an attempt to use #:allowed-references to prevent Perl from sneaking back in again. Unfortunately, it fails when gcc is an allowed reference. It "works" when gcc is not in the li

bug#22139: Indirect dependencies are not grafted

2016-02-29 Thread Ludovic Courtès
l...@gnu.org (Ludovic Courtès) skribis: > The grafting mechanism has a shortcoming: it is not recursive. > > Suppose we use ‘replace’ to provide a patch libpng. If a package has a > direct dependency on libpng, it is appropriately grafted to refer to the > new libpng. However, if a package depen

bug#22858: Patch security vulnerability in python-pillow

2016-02-29 Thread Christopher Allan Webber
Christopher Allan Webber writes: > Leo Famulari writes: > >>> I'm trying to figure out where the patches for this are, but I can't >>> find them. I expected them to maybe be here, but I don't see them here: >> >> I updated python-pillow to 3.1.1 with 16095d2729, fixing these issues. >> >> When I

bug#22858: Patch security vulnerability in python-pillow

2016-02-29 Thread Christopher Allan Webber
Leo Famulari writes: >> I'm trying to figure out where the patches for this are, but I can't >> find them. I expected them to maybe be here, but I don't see them here: > > I updated python-pillow to 3.1.1 with 16095d2729, fixing these issues. > > When I did that, CVE-2016-2533 wasn't named yet, b

bug#22826: gnupg test failure

2016-02-29 Thread Mark H Weaver
l...@gnu.org (Ludovic Courtès) writes: > Mark H Weaver skribis: > >> Danny Milosavljevic writes: >> >>> gnupg fails its tests: >>> >>> ... >>> note: keeping build directory `/tmp/guix-build-gnupg-2.1.11.drv-0' >>> builder for `/gnu/store/p91ba6zl4d8gr5ixfqxn8ixhrv13kdv9-gnupg-2.1.11.drv' >>> fa

bug#22858: Patch security vulnerability in python-pillow

2016-02-29 Thread Leo Famulari
On Mon, Feb 29, 2016 at 12:10:33PM -0800, Christopher Allan Webber wrote: > See: https://lwn.net/Articles/677914/ > > > Package: pillow > > CVE ID : CVE-2016-0740 CVE-2016-0775 CVE-2016-2533 > > > > Multiple security vulnerabilities have been found in Pillow, a Python > > imaging

bug#22858: Patch security vulnerability in python-pillow

2016-02-29 Thread Christopher Allan Webber
See: https://lwn.net/Articles/677914/ > Package: pillow > CVE ID : CVE-2016-0740 CVE-2016-0775 CVE-2016-2533 > > Multiple security vulnerabilities have been found in Pillow, a Python > imaging library, which may result in denial of service or the execution > of arbitrary code if

bug#22695: Binary Installation bugs and suggestions

2016-02-29 Thread Ludovic Courtès
Commit c8e26887eda99d1cd7b89772ff642854a6b78ebd incorporates your suggestions; closing this bug.. Thanks again! Ludo’.

bug#22848: xrandr installation (probably) stales with ftp downloads

2016-02-29 Thread Nils Gillmann
(continuation of first output posted) and it fails: Starting download of /gnu/store/dhkrdvf1smm3976h2z1f8gvjni47b51y-xrandr-1.5.0.tar.bz2 >From ftp://ftp.kaist.ac.kr/x.org/individual/app/xrandr-1.5.0.tar.bz2... ERROR: Throw to key `ftp-error' with args `(# "RETR xrandr-1.5.0.tar.bz2" 550 "Failed

bug#22848: xrandr installation (probably) stales with ftp downloads

2016-02-29 Thread Nils Gillmann
Various download errors during `guix package -i xrandr`, might be related to another ftp related bug. It is still in process, but not responding for some time now: Starting download of /gnu/store/dhkrdvf1smm3976h2z1f8gvjni47b51y-xrandr-1.5.0.tar.bz2 >From ftp://xorg.mirrors.pair.com/individual/ap

bug#22565: Cannot talk to upowerd over D-Bus

2016-02-29 Thread Ludovic Courtès
Ricardo Wurmus skribis: > Ludovic Courtès writes: > >> Ricardo Wurmus skribis: >> >>> I’m trying to figure out why we cannot use the Xfce menu to shut down or >>> reboot, and while doing that I found that >>> >>> loginctl poweroff >>> >>> (as root on the TTY) does have the intended effect.

bug#22831: OpenSSL should not depend on Perl

2016-02-29 Thread Leo Famulari
On Sun, Feb 28, 2016 at 02:37:54PM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > > > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote: > >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, > >> but one of the subsequent upgrades broke it: > > > > Bise

bug#22831: OpenSSL should not depend on Perl

2016-02-29 Thread Leo Famulari
On Sun, Feb 28, 2016 at 02:35:12PM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > > > On Sat, Feb 27, 2016 at 06:05:29PM +0100, Ludovic Courtès wrote: > >> Commit 784d6e91 changed OpenSSL such that it does not depend on Perl, > >> but one of the subsequent upgrades broke it: > > > > Bise

bug#22049: libreoffice compile error

2016-02-29 Thread Leo Famulari
On Mon, Feb 29, 2016 at 03:35:40AM -0500, Leo Famulari wrote: > On Sun, Feb 28, 2016 at 07:06:22PM +0100, Ludovic Courtès wrote: > > Leo Famulari skribis: > > > It looks like the problem is with a libreoffice dependency, ilmbase. > > > Looking at the build history on hydra.gnu.org, it hasn't built

bug#22049: libreoffice compile error

2016-02-29 Thread Leo Famulari
On Sun, Feb 28, 2016 at 07:06:22PM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > > It looks like the problem is with a libreoffice dependency, ilmbase. > > Looking at the build history on hydra.gnu.org, it hasn't built > > successfully since at least 2015-02-25: > > http://hydra.gnu.org/