gnu: spice: Fix CVE-2017-7506.

[jackhill/guix/guix.git] / gnu / packages / commencement.scm

diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 675852f..54cf89b 100644 (file)
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2017 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -22,6 +22,7 @@
 (define-module (gnu packages commencement)
   #:use-module ((guix licenses)
                 #:select (gpl3+ lgpl2.0+ public-domain))
+  #:use-module (gnu packages)
   #:use-module (gnu packages bootstrap)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
@@ -293,7 +294,6 @@
   (let ((perl (package
                 (inherit perl)
                 (name "perl-boot0")
-                (replacement #f)
                 (arguments
                  ;; At the very least, this must not depend on GCC & co.
                  (let ((args `(#:disallowed-references
@@ -466,7 +466,7 @@ the bootstrap environment."
   ;; built just below; the only difference is that this one uses the
   ;; bootstrap Bash.
   (package-with-bootstrap-guile
-   (package (inherit glibc)
+   (package/inherit glibc
      (name "glibc-intermediate")
      (arguments
       `(#:guile ,%bootstrap-guile
@@ -509,7 +509,14 @@ the bootstrap environment."
      (propagated-inputs `(("kernel-headers" ,(kernel-headers-boot0))))
      (native-inputs
       `(("texinfo" ,texinfo-boot0)
-        ("perl" ,perl-boot0)))
+        ("perl" ,perl-boot0)
+        ;; Apply this patch only on i686 to avoid a full rebuild.
+        ;; TODO: Remove in the next update cycle.
+        ,@(if (string-prefix? "i686" (or (%current-target-system)
+                                         (%current-system)))
+              `(("glibc-memchr-overflow-i686.patch"
+                 ,(search-patch "glibc-memchr-overflow-i686.patch")))
+              '())))
      (inputs
       `(;; The boot inputs.  That includes the bootstrap libc.  We don't want
         ;; it in $CPATH, hence the 'pre-configure' phase above.
@@ -632,7 +639,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
 
 (define glibc-final
   ;; The final glibc, which embeds the statically-linked Bash built above.
-  (package (inherit glibc-final-with-bootstrap-bash)
+  (package/inherit glibc-final-with-bootstrap-bash
     (name "glibc")
     (inputs `(("static-bash" ,static-bash-for-glibc)
               ,@(alist-delete
@@ -993,7 +1000,7 @@ COREUTILS-FINAL vs. COREUTILS, etc."
      "This package provides a complete GCC tool chain for C/C++ development to
 be installed in user profiles.  This includes GCC, as well as libc (headers
 and binaries, plus debugging symbols in the 'debug' output), and Binutils.")
-    (home-page "http://gcc.gnu.org/")
+    (home-page "https://gcc.gnu.org/")
     (outputs '("out" "debug"))
 
     ;; The main raison d'être of this "meta-package" is (1) to conveniently
@@ -1017,4 +1024,7 @@ and binaries, plus debugging symbols in the 'debug' output), and Binutils.")
 (define-public gcc-toolchain-6
   (gcc-toolchain gcc-6))
 
+(define-public gcc-toolchain-7
+  (gcc-toolchain gcc-7))
+
 ;;; commencement.scm ends here