From patchwork Tue Dec 11 20:42:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marius Bakke X-Patchwork-Id: 455 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id AC2AA16905; Tue, 11 Dec 2018 20:43:13 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) by mira.cbaines.net (Postfix) with ESMTP id F095516905 for ; Tue, 11 Dec 2018 20:43:11 +0000 (GMT) Received: from localhost ([::1]:41346 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gWos2-0001qV-EI for patchwork@mira.cbaines.net; Tue, 11 Dec 2018 15:43:10 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36983) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gWory-0001oW-Kw for guix-patches@gnu.org; Tue, 11 Dec 2018 15:43:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gWoru-0002wL-E2 for guix-patches@gnu.org; Tue, 11 Dec 2018 15:43:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:39975) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gWoru-0002w7-0L for guix-patches@gnu.org; Tue, 11 Dec 2018 15:43:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gWort-0007jM-R5 for guix-patches@gnu.org; Tue, 11 Dec 2018 15:43:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#33701] [PATCH staging 00/23] Glib/GTK+ updates Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 11 Dec 2018 20:43:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33701 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 33701@debbugs.gnu.org Received: via spool by 33701-submit@debbugs.gnu.org id=B33701.154456094529658 (code B ref 33701); Tue, 11 Dec 2018 20:43:01 +0000 Received: (at 33701) by debbugs.gnu.org; 11 Dec 2018 20:42:25 +0000 Received: from localhost ([127.0.0.1]:44233 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gWorG-0007iF-0H for submit@debbugs.gnu.org; Tue, 11 Dec 2018 15:42:25 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:48651) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gWorB-0007hv-2x for 33701@debbugs.gnu.org; Tue, 11 Dec 2018 15:42:18 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B76352211C for <33701@debbugs.gnu.org>; Tue, 11 Dec 2018 15:42:11 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 11 Dec 2018 15:42:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm1; bh=5szTJRSQN8EP90yvNCFXDLB156 Tfn/CTYIOyT+PCDnE=; b=ofavtdt9+HKTaFUBqK5jMBzdwmxnhJEZGBGOMU4ZhD 7NrC5WMoSr+cD+5VU/32h2O9uLkcb/0TFCIpGMN8wCjMlqqmYLNlWWn65I5Cpg8n BlBzYSW/t7LGgepCA7UwWKjHTraFcS1ddI6u8PMd5/YNSdVZajaLSFcGLHJIB90w h/DrGc+R/EGgGfquDaM7NXjh3KQhZ8i9AEYdS6zbZJ0C/zQvFzMLWa+cN2ClWAhp 53x+qqSUsbM1aZKopj7GuE0o1HFn6klu4/LB2eYMwRNEhv+1lnOd6h/jS3ytaiyq oX5BnReUrn3P0xW1VtlnDFPKPUUVcOMba8J7fk/Dk7zg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=5szTJR SQN8EP90yvNCFXDLB156Tfn/CTYIOyT+PCDnE=; b=PVsP/ENnGwcvJK7wiw1gWO clw5H2Q0bnVwuH5jj1JfAKPqptEq2FGVJ00g0ybzxjhlCUeHCHSXsGPE0gKuT9Px CVCuoNhtPIlbBh1lUrJ7uGnQtkmP2xSammQHa3wBsMFYX3pHBzHBEHfJaSjLkmXI QR15WA1R82JqLwFtAsOPGfAvtPtV4IEteOx7Q1x/1KX3uXv9AFmp595GjN/Y2M37 9lRk2BmW6cWRIIFmsinzTaScGZsDrVf2Z5WhTeZezqMmvp6jg5UGIPXA5en+cO46 AkSbyPlwDbrx03ruCl0s4LWKRWl1AFMjdpYJuuG85jUuQFMYUBFYdtNz60fn8Hig == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtkedrudegjedgudegtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecu fedttdenucenucfjughrpefhvffujghffgffkfggtgesghdtreertdertdenucfhrhhomh epofgrrhhiuhhsuceurghkkhgvuceomhgsrghkkhgvsehfrghsthhmrghilhdrtghomheq necukfhppeeivddrudeirddvvdeirddugedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hmsggrkhhkvgesfhgrshhtmhgrihhlrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id DA7B7E4122 for <33701@debbugs.gnu.org>; Tue, 11 Dec 2018 15:42:10 -0500 (EST) From: Marius Bakke In-Reply-To: <20181211011205.15542-1-mbakke@fastmail.com> References: <20181211011205.15542-1-mbakke@fastmail.com> User-Agent: Notmuch/0.28 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Tue, 11 Dec 2018 21:42:09 +0100 Message-ID: <87k1kfssm6.fsf@fastmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches Marius Bakke writes: > This late series adds around 1000 rebuilds to the current staging > branch. They also bring many of the GNOME family libraries to the > latest upstream versions. > > The good: > * Latest Ghostscript, Poppler, Harfbuzz, GnuTLS, and other > security-critical libraries. Some of these have changed > build systems, or ABIs, so future patching is easier. > * Most/all regressions are already fixed. Whoops, I spoke too soon: I upgraded glib-networking from 2.58 to 2.59 in the last minute (to fix a test failure), but the change broke libsoup and possibly more. In v2 of this series, two patches have diverged. Libsoup was adjusted to cope with the new "certtool" API from GnuTLS 3.6: ...while Glib-Networking was downgraded to 2.58, and removes related code at the same time: The reason for removing SSL_CERT_FILE completely instead of adjusting the patch is that Glib-Networking no longer does any certificate handling by itself, instead everything is handed over to GnuTLS. Thus supporting such a patch is difficult, and it does not seem to be needed anymore in practice. From ade89abc16f2247e6d5db633f001ff853fa989ba Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 10 Dec 2018 07:39:52 +0100 Subject: [PATCH staging 23/23] gnu: glib-networking: Update to 2.58.0. * gnu/packages/gnome.scm (glib-networking): Update to 2.58.0. [build-system]: Change to MESON-BUILD-SYSTEM. [arguments]: Explicitly disable libproxy; add phase to appease tests. (libgdata, libsoup)[arguments]: Remove phase that sets SSL_CERT_FILE. * gnu/packages/spice.scm (spice)[arguments]: Likewise. * gnu/packages/web.scm (uhttpmock)[arguments]: Likewise. --- gnu/local.mk | 1 - gnu/packages/gnome.scm | 43 +++++-------------- .../glib-networking-ssl-cert-file.patch | 29 ------------- gnu/packages/spice.scm | 6 +-- gnu/packages/web.scm | 9 ---- 5 files changed, 12 insertions(+), 76 deletions(-) delete mode 100644 gnu/packages/patches/glib-networking-ssl-cert-file.patch diff --git a/gnu/local.mk b/gnu/local.mk index 3f2ca7a845..03627b98c1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -741,7 +741,6 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-no-header-uuid.patch \ %D%/packages/patches/ghostscript-no-header-creationdate.patch \ %D%/packages/patches/giflib-make-reallocarray-private.patch \ - %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ %D%/packages/patches/glibc-CVE-2015-5180.patch \ %D%/packages/patches/glibc-CVE-2015-7547.patch \ diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index cea9445191..95bfcaf564 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -360,12 +360,6 @@ formats like PNG, SVG, PDF and EPS.") (arguments '(#:phases (modify-phases %standard-phases - (add-before 'check 'use-empty-ssl-cert-file - (lambda _ - ;; The ca-certificates.crt is not available in the build - ;; environment. - (setenv "SSL_CERT_FILE" "/dev/null") - #t)) (add-before 'check 'disable-failing-tests (lambda _ ;; The PicasaWeb API tests fail with gnome-online-accounts@3.24.2. @@ -2396,7 +2390,7 @@ library.") (define-public glib-networking (package (name "glib-networking") - (version "2.54.1") + (version "2.58.0") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/glib-networking/" @@ -2404,29 +2398,17 @@ library.") name "-" version ".tar.xz")) (sha256 (base32 - "0bq16m9nh3gcz9x2fvygr0iwxd2pxcbrm3lj3kihsnh1afv8g9za")) - (patches - (search-patches "glib-networking-ssl-cert-file.patch")))) - (build-system gnu-build-system) + "0s006gs9nsq6mg31spqha1jffzmp6qjh10y27h0fxf1iw1ah5ymx")))) + (build-system meson-build-system) (arguments - `(#:configure-flags - '("--with-ca-certificates=/etc/ssl/certs/ca-certificates.crt") - #:phases - (modify-phases %standard-phases - (add-before 'configure 'patch-giomoduledir - ;; Install GIO modules into $out/lib/gio/modules. - (lambda _ - (substitute* "configure" - (("GIO_MODULE_DIR=.*") - (string-append "GIO_MODULE_DIR=" %output - "/lib/gio/modules\n"))) - #t)) - (add-before 'check 'use-empty-ssl-cert-file - (lambda _ - ;; The ca-certificates.crt is not available in the build - ;; environment. - (setenv "SSL_CERT_FILE" "/dev/null") - #t))))) + `(#:configure-flags '("-Dlibproxy_support=false") + #:phases (modify-phases %standard-phases + (add-before 'check 'disable-TLSv1.3 + (lambda _ + ;; XXX: One test fails when TLS 1.3 is enabled, fixed in 2.60.0: + ;; . + (setenv "G_TLS_GNUTLS_PRIORITY" "NORMAL:-VERS-TLS1.3") + #t))))) (native-inputs `(("pkg-config" ,pkg-config) ("intltool" ,intltool))) @@ -2516,9 +2498,6 @@ libxml to ease remote use of the RESTful API.") ;; The 'check-local' target runs 'env LANG=C sort -u', ;; unset 'LC_ALL' to make 'LANG' working. (unsetenv "LC_ALL") - ;; The ca-certificates.crt is not available in the build - ;; environment. - (setenv "SSL_CERT_FILE" "/dev/null") ;; HTTPD in Guix uses mod_event and does not build prefork. (substitute* "tests/httpd.conf" (("^LoadModule mpm_prefork_module.*$") "\n")) diff --git a/gnu/packages/patches/glib-networking-ssl-cert-file.patch b/gnu/packages/patches/glib-networking-ssl-cert-file.patch deleted file mode 100644 index 32bdd0790f..0000000000 --- a/gnu/packages/patches/glib-networking-ssl-cert-file.patch +++ /dev/null @@ -1,29 +0,0 @@ -From b010e41346d418220582c20ab8d7f3971e4fb78a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= -Date: Fri, 14 Aug 2015 17:28:36 +0800 -Subject: [PATCH] gnutls: Allow overriding the anchor file location by - 'SSL_CERT_FILE' - ---- - tls/gnutls/gtlsbackend-gnutls.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/tls/gnutls/gtlsbackend-gnutls.c b/tls/gnutls/gtlsbackend-gnutls.c -index 55ec1a5..217d3c8 100644 ---- a/tls/gnutls/gtlsbackend-gnutls.c -+++ b/tls/gnutls/gtlsbackend-gnutls.c -@@ -101,8 +101,10 @@ g_tls_backend_gnutls_real_create_database (GTlsBackendGnutls *self, - GError **error) - { - const gchar *anchor_file = NULL; -+ anchor_file = g_getenv ("SSL_CERT_FILE"); - #ifdef GTLS_SYSTEM_CA_FILE -- anchor_file = GTLS_SYSTEM_CA_FILE; -+ if (!anchor_file) -+ anchor_file = GTLS_SYSTEM_CA_FILE; - #endif - return g_tls_file_database_new (anchor_file, error); - } --- -2.4.3 - diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm index 94e6aa8438..8ab5a335c8 100644 --- a/gnu/packages/spice.scm +++ b/gnu/packages/spice.scm @@ -213,11 +213,7 @@ which allows users to view a desktop computing environment.") "--enable-automated-tests") ;; Several tests appear to be opening the same sockets concurrently. - #:parallel-tests? #f - - #:phases (modify-phases %standard-phases - (add-before 'check 'use-empty-ssl-cert-file - (lambda _ (setenv "SSL_CERT_FILE" "/dev/null") #t))))) + #:parallel-tests? #f)) (synopsis "Server implementation of the SPICE protocol") (description "SPICE is a remote display system built for virtual environments which allows you to view a computing 'desktop' environment diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index f8315d4379..8dc6927897 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -4241,15 +4241,6 @@ you'd expect.") (base32 "163py4klka423x7li2b685gmg3a6hjf074mlff2ajhmi3l0lm8x6")))) (build-system glib-or-gtk-build-system) - (arguments - `(#:phases - (modify-phases %standard-phases - (add-before 'check 'use-empty-ssl-cert-file - (lambda _ - ;; Search for ca-certificates.crt files - ;; during the check phase. - (setenv "SSL_CERT_FILE" "/dev/null") - #t))))) (native-inputs `(("gobject-introspection" ,gobject-introspection) ;; For check phase. -- 2.20.0