From 7b83cd720fa1b460ab79753869441be272251ded Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 12 Feb 2020 16:20:29 +0100 Subject: gnu: eudev: Do not build the static libraries. * gnu/packages/linux.scm (eudev)[arguments]: Add "--disable-static" in #:configure-flags. --- gnu/packages/linux.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index d1ce205194..e68c1fb6cb 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2746,7 +2746,8 @@ to the in-kernel OOM killer.") (let ((out (assoc-ref outputs "out"))) (invoke (string-append out "/bin/udevadm") "hwdb" "--update"))))) - #:configure-flags (list "--enable-manpages"))) + #:configure-flags (list "--enable-manpages" + "--disable-static"))) (native-inputs `(("autoconf" ,autoconf) ("automake" ,automake) -- cgit v1.2.3 From 2fabf398c1ff52ec98676d1434267c5e3727cac5 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 12 Feb 2020 16:39:43 +0100 Subject: gnu: libaio: Update to 0.3.112. * gnu/packages/linux.scm (libaio): Update to 0.3.112. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index e68c1fb6cb..0dba6a3aa1 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3811,7 +3811,7 @@ Linux Device Mapper multipathing driver: (define-public libaio (package (name "libaio") - (version "0.3.111") + (version "0.3.112") (source (origin (method url-fetch) (uri (list @@ -3819,7 +3819,7 @@ Linux Device Mapper multipathing driver: name "-" version ".tar.gz"))) (sha256 (base32 - "0ajhzbqjwsmz51gwccfyw6w9k4j4gmxcl2ph30sfn2gxv0d8gkv2")))) + "14mlqdapjqq1dhpkdgy5z83mvsaz36fcxca7a4z6hinmr7r6415b")))) (build-system gnu-build-system) (arguments '(#:make-flags -- cgit v1.2.3 From d60458d77c53f2894d7c1f0649bf24e3f048db8b Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 12 Feb 2020 16:44:04 +0100 Subject: gnu: libaio: Do not install the static library. * gnu/packages/linux.scm (libaio)[arguments]: Add phase 'delete-static-library'. --- gnu/packages/linux.scm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 0dba6a3aa1..ef04a428d0 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3826,7 +3826,13 @@ Linux Device Mapper multipathing driver: (list "CC=gcc" (string-append "prefix=" %output)) #:test-target "partcheck" ; need root for a full 'check' #:phases - (modify-phases %standard-phases (delete 'configure)))) ; no configure script + (modify-phases %standard-phases + (delete 'configure) ;no configure script + (add-after 'install 'delete-static-library + (lambda* (#:key outputs #:allow-other-keys) + (let ((out (assoc-ref outputs "out"))) + (delete-file (string-append out "/lib/libaio.a")) + #t)))))) (home-page "https://pagure.io/libaio") (synopsis "Linux-native asynchronous I/O access library") (description -- cgit v1.2.3 From 21bdf383d7de83d523997d1689b8a2f6a5b858ef Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 15 Feb 2020 20:14:52 +0100 Subject: Revert "gnu: libaio: Do not install the static library." This change breaks 'lvm2-static' which cannot easily be made to work with a separate libaio.a due to missing symbols. This reverts commit d60458d77c53f2894d7c1f0649bf24e3f048db8b. --- gnu/packages/linux.scm | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index ef04a428d0..0dba6a3aa1 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3826,13 +3826,7 @@ Linux Device Mapper multipathing driver: (list "CC=gcc" (string-append "prefix=" %output)) #:test-target "partcheck" ; need root for a full 'check' #:phases - (modify-phases %standard-phases - (delete 'configure) ;no configure script - (add-after 'install 'delete-static-library - (lambda* (#:key outputs #:allow-other-keys) - (let ((out (assoc-ref outputs "out"))) - (delete-file (string-append out "/lib/libaio.a")) - #t)))))) + (modify-phases %standard-phases (delete 'configure)))) ; no configure script (home-page "https://pagure.io/libaio") (synopsis "Linux-native asynchronous I/O access library") (description -- cgit v1.2.3 From d85f8e46dbc5a978fe7359c89cbb3167fb9c2029 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 15 Feb 2020 20:24:26 +0100 Subject: gnu: eudev: Build and install the static library. 'lvm2-static' requires the static libudev.a. This is a follow-up to commit 7b83cd720fa1b460ab79753869441be272251ded. * gnu/packages/linux.scm (eudev)[arguments]: Remove "--disable-static" from #:configure-flags. Add phase 'move-static-library. [outputs]: New field. (lvm2-static)[inputs]: Remove. [propagated-inputs]: Remove EUDEV and add EUDEV:STATIC. --- gnu/packages/linux.scm | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 0dba6a3aa1..9deb9c3904 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2739,6 +2739,21 @@ to the in-kernel OOM killer.") (string-append (assoc-ref inputs "xsltproc") "/bin/xsltproc"))) #t)) + (add-after 'install 'move-static-library + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (static (assoc-ref outputs "static")) + (source (string-append out "/lib/libudev.a")) + (target (string-append static "/lib/libudev.a"))) + (mkdir-p (dirname target)) + (link source target) + (delete-file source) + ;; Remove reference to the static library from the .la file + ;; such that Libtool looks for it in the usual places. + (substitute* (string-append out "/lib/libudev.la") + (("old_library=.*") + "old_library=''\n")) + #t))) (add-after 'install 'build-hwdb (lambda* (#:key outputs #:allow-other-keys) ;; Build OUT/etc/udev/hwdb.bin. This allows 'lsusb' and @@ -2746,8 +2761,7 @@ to the in-kernel OOM killer.") (let ((out (assoc-ref outputs "out"))) (invoke (string-append out "/bin/udevadm") "hwdb" "--update"))))) - #:configure-flags (list "--enable-manpages" - "--disable-static"))) + #:configure-flags (list "--enable-manpages"))) (native-inputs `(("autoconf" ,autoconf) ("automake" ,automake) @@ -2768,6 +2782,7 @@ to the in-kernel OOM killer.") ;; which contains the rules to do that. `(("util-linux" ,util-linux) ;for blkid ("kmod" ,kmod))) + (outputs '("out" "static")) (home-page "https://wiki.gentoo.org/wiki/Project:Eudev") (synopsis "Userspace device management") (description "Udev is a daemon which dynamically creates and removes @@ -2860,8 +2875,7 @@ mapper. Kernel components are part of Linux-libre.") (name "lvm2-static") ;; Propagate udev because libdevmapper.a depends on libudev. - (inputs (alist-delete "udev" (package-inputs lvm2))) - (propagated-inputs `(("udev" ,eudev))) + (propagated-inputs `(("udev:static" ,eudev "static"))) (arguments (substitute-keyword-arguments (package-arguments lvm2) -- cgit v1.2.3 From c494e899db5180bb09626f4c94b99c919838369a Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 23 Feb 2020 21:04:55 +0100 Subject: gnu: ALSA: Update to 1.2.2. * gnu/packages/linux.scm (alsa-lib, alsa-utils, alsa-plugins): Update to 1.2.2. --- gnu/packages/linux.scm | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 4d24fcbd26..a4f0f56981 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -1662,7 +1662,7 @@ intercept and print the system calls executed by the program.") (define-public alsa-lib (package (name "alsa-lib") - (version "1.2.1.2") + (version "1.2.2") (source (origin (method url-fetch) (uri (string-append @@ -1670,7 +1670,7 @@ intercept and print the system calls executed by the program.") version ".tar.bz2")) (sha256 (base32 - "0hvrx0ipzqbcx4y1cmr9bgm9niifzkrhsb1ddgzzdwbk6q72d3lm")))) + "1v5kb8jyvrpkvvq7dq8hfbmcj68lml97i4s0prxpfx2mh3c57s6q")))) (build-system gnu-build-system) (arguments '(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath=" @@ -1686,14 +1686,14 @@ MIDI functionality to the Linux-based operating system.") (define-public alsa-utils (package (name "alsa-utils") - (version "1.2.1") + (version "1.2.2") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.alsa-project.org/pub/utils/" name "-" version ".tar.bz2")) (sha256 (base32 - "039c19b7091is0czl9jlrfczp7pp1jpdri0vvc4k07gl3skhn48b")))) + "1wz460by17rmxrcydn583rd4lhj6wlvqs6x1j5pdzxn5g3app024")))) (build-system gnu-build-system) (arguments ;; XXX: Disable man page creation until we have DocBook. @@ -1740,14 +1740,14 @@ MIDI functionality to the Linux-based operating system.") (define-public alsa-plugins (package (name "alsa-plugins") - (version "1.2.1") + (version "1.2.2") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.alsa-project.org/pub/plugins/" name "-" version ".tar.bz2")) (sha256 (base32 - "1nj8cpbi05rb62yzs01c1k7lymdn1ch229b599hbhd0psixdx52d")))) + "0z9k3ssbfk2ky2w13avgyf202j1drsz9sv3834bp33cj1i2hc3qw")))) (build-system gnu-build-system) ;; TODO: Split libavcodec and speex if possible. It looks like they can not ;; be split, there are references to both in files. -- cgit v1.2.3 From 9844848b23860136da54193b725b6653b4e9d8ee Mon Sep 17 00:00:00 2001 From: Brice Waegeneire Date: Thu, 20 Feb 2020 15:58:53 +0100 Subject: gnu: bluez: Update to 5.53. * gnu/packages/linux.scm (bluez): Update to 5.53. Signed-off-by: Marius Bakke --- gnu/packages/linux.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index a4f0f56981..10e27dc247 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -36,7 +36,7 @@ ;;; Copyright © 2019, 2020 Maxim Cournoyer ;;; Copyright © 2019 Stefan Stefanović ;;; Copyright © 2019 Pierre Langlois -;;; Copyright © 2019 Brice Waegeneire +;;; Copyright © 2019, 2020 Brice Waegeneire ;;; Copyright © 2019 Kei Kebreau ;;; Copyright © 2020 Oleg Pykhalov ;;; @@ -3947,7 +3947,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") (define-public bluez (package (name "bluez") - (version "5.52") + (version "5.53") (source (origin (method url-fetch) (uri (string-append @@ -3955,7 +3955,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") version ".tar.xz")) (sha256 (base32 - "02jng21lp6fb3c2bh6vf9y7cj4gaxwk29dfc32ncy0lj0gi4q57p")))) + "1g1qg6dz6hl3csrmz75ixr12lwv836hq3ckb259svvrg62l2vaiq")))) (build-system gnu-build-system) (arguments `(#:configure-flags -- cgit v1.2.3 From e4c60dcfb2cbd3988a0c31e68004a91c0d09210d Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Sun, 19 Jan 2020 01:39:45 +0100 Subject: gnu: tlp: Use HTTPS home page. * gnu/packages/linux.scm (tlp)[home-page]: Use HTTPS. --- gnu/packages/linux.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 489cd55e6e..b6048a8cfb 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -5420,7 +5420,7 @@ interface in sysfs, which can be accomplished with the included udev rules.") "wireless-tools")))))) bin-files) #t)))))) - (home-page "http://linrunner.de/en/tlp/tlp.html") + (home-page "https://linrunner.de/en/tlp/tlp.html") (synopsis "Power management tool for Linux") (description "TLP is a power management tool for Linux. It comes with a default configuration already optimized for battery life. Nevertheless, -- cgit v1.2.3 From 22464cf32abcd38311eb29001a23b26f8c4c54dc Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 12 Mar 2020 15:44:26 +0100 Subject: gnu: singularity: Wrap programs so they find Coreutils. * gnu/packages/linux.scm (singularity)[arguments]: Add 'set-PATH' phase. --- gnu/packages/linux.scm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index b6048a8cfb..e864e17800 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3494,7 +3494,19 @@ thanks to the use of namespaces.") (("if ! singularity_which mksquashfs") "if 0") (("if ! mksquashfs") (string-append "if ! " (which "mksquashfs")))) - #t))))) + #t)) + (add-after 'install 'set-PATH + (lambda* (#:key inputs outputs #:allow-other-keys) + ;; Have the 'singularity' and 'run-singularity' self-sufficient. + (let ((out (assoc-ref outputs "out")) + (coreutils (assoc-ref inputs "coreutils"))) + (wrap-program (string-append out "/bin/singularity") + `("PATH" ":" = (,(string-append coreutils "/bin")))) + (substitute* (string-append out "/bin/run-singularity") + (("/usr/bin/env singularity") + (string-append (which "env") " " + out "/bin/singularity"))) + #t)))))) (inputs `(("libarchive" ,libarchive) ("python" ,python-wrapper) -- cgit v1.2.3 From e0dbed64c530916ab600f193f5f6f6ad6177f7b3 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 12 Mar 2020 16:38:44 +0100 Subject: gnu: singularity: Do not use the "errors=remount-ro" squashfs option. This mount option stopped being supported with Linux-libre 5.4.5: http://ci.guix.gnu.org/build/2056359/details * gnu/packages/linux.scm (singularity)[source]: Remove "errors=remount-ro" mount option from source code. --- gnu/packages/linux.scm | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index e864e17800..01986222e8 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3482,6 +3482,12 @@ thanks to the use of namespaces.") _ program) (string-append "/run/setuid-programs/singularity-" program "-helper"))) + + ;; These squashfs mount options are apparently no longer + ;; supported since Linux-libre 5.4.5. + (substitute* "src/lib/image/squashfs/mount.c" + (("\"errors=remount-ro\"") + "NULL")) #t)))) (build-system gnu-build-system) (arguments -- cgit v1.2.3 From dcd7a97b8c5a68cd82ca91988e371442c6002b20 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 12 Mar 2020 20:49:19 -0400 Subject: gnu: linux-libre@4.4: Update to 4.4.216. * gnu/packages/linux.scm (linux-libre-4.4-version): Update to 4.4.216. (linux-libre-4.4-pristine-source): Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 01986222e8..0f4bc88ceb 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -394,10 +394,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (%upstream-linux-source version hash) deblob-scripts-4.9))) -(define-public linux-libre-4.4-version "4.4.215") +(define-public linux-libre-4.4-version "4.4.216") (define-public linux-libre-4.4-pristine-source (let ((version linux-libre-4.4-version) - (hash (base32 "00zy6cxwb16pqziiqs25pz5llryx2v2nbk9vvzpzxa8x43ad7g18"))) + (hash (base32 "1hjgh9brvxzi6ypgfnk07l3j28xsxgz88sdshnz19vj96bn1w70q"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-4.4))) -- cgit v1.2.3 From e0d5a43e516a858a97f046a3f0241a753232fda9 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 12 Mar 2020 20:50:24 -0400 Subject: gnu: linux-libre@4.9: Update to 4.9.216. * gnu/packages/linux.scm (linux-libre-4.9-version): Update to 4.9.216. (linux-libre-4.9-pristine-source): Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 0f4bc88ceb..ffb66b3644 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -386,10 +386,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (%upstream-linux-source version hash) deblob-scripts-4.14))) -(define-public linux-libre-4.9-version "4.9.215") +(define-public linux-libre-4.9-version "4.9.216") (define-public linux-libre-4.9-pristine-source (let ((version linux-libre-4.9-version) - (hash (base32 "0j4z2al318654z40w4f8zhh73zwpgn8igjr5k4mz401phm3jyvr3"))) + (hash (base32 "0lgv5k8v5xz9z2z4k42566bh0akyk1gr0dx6s1m1rjrzsf9k86l6"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-4.9))) -- cgit v1.2.3 From 230a59d418f3835b586594b9b8dd9b6939fd4497 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 12 Mar 2020 20:50:52 -0400 Subject: gnu: linux-libre@4.14: Update to 4.14.173. * gnu/packages/linux.scm (linux-libre-4.14-version): Update to 4.14.173. (linux-libre-4.14-pristine-source): Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index ffb66b3644..4f09440ec6 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -378,10 +378,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (%upstream-linux-source version hash) deblob-scripts-4.19))) -(define-public linux-libre-4.14-version "4.14.172") +(define-public linux-libre-4.14-version "4.14.173") (define-public linux-libre-4.14-pristine-source (let ((version linux-libre-4.14-version) - (hash (base32 "0yi13cky6jdswca7nrjgcrdxk8rnqdbhblhy6mws103mjfms2613"))) + (hash (base32 "0kxp3mgiags8hdax15masab9zr89xraqvl9ri7zwgksx8ixav0m2"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-4.14))) -- cgit v1.2.3 From 2a2bef35b80ea8507be1c6faf873dd6bfa3e42b9 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 12 Mar 2020 20:51:25 -0400 Subject: gnu: linux-libre@4.19: Update to 4.19.109. * gnu/packages/linux.scm (linux-libre-4.19-version): Update to 4.19.109. (linux-libre-4.19-pristine-source): Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 4f09440ec6..e4dc378466 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -370,10 +370,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (%upstream-linux-source version hash) deblob-scripts-5.4))) -(define-public linux-libre-4.19-version "4.19.108") +(define-public linux-libre-4.19-version "4.19.109") (define-public linux-libre-4.19-pristine-source (let ((version linux-libre-4.19-version) - (hash (base32 "18shyy1z2s8r26qb4rcz7gwl43dnmycjjywp9gss5zlfn2jyrbh9"))) + (hash (base32 "0kwnlv5336vqdf38dzn077ic17zkb4rl5khxmc47syzd9zm4fhnh"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-4.19))) -- cgit v1.2.3 From ebbe8adc3faf2420a709177a5eda8e36cf8784dc Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Thu, 12 Mar 2020 20:51:59 -0400 Subject: gnu: linux-libre: Update to 5.4.25. * gnu/packages/linux.scm (linux-libre-5.4-version): Update to 5.4.25. (linux-libre-5.4-pristine-source): Update hash. --- gnu/packages/linux.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/linux.scm') diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index e4dc378466..7f293a9071 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -362,10 +362,10 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." "linux-" version ".tar.xz")) (sha256 hash))) -(define-public linux-libre-5.4-version "5.4.24") +(define-public linux-libre-5.4-version "5.4.25") (define-public linux-libre-5.4-pristine-source (let ((version linux-libre-5.4-version) - (hash (base32 "1cvy3mxwzll4f9j8i3hfmi0i0zq75aiafq1jskp9n4kq9iwar83z"))) + (hash (base32 "09ay0adc3s3m7qk0nj5lkmrp5i0q76a9kax0xix8914d115rgvf0"))) (make-linux-libre-source version (%upstream-linux-source version hash) deblob-scripts-5.4))) -- cgit v1.2.3 From 364a1374ad5e04a91cdc29203f0c8073eede72d4 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Thu, 12 Mar 2020 15:16:58 -0400 Subject: gnu: BlueZ: Fix CVE-2020-0556. * gnu/packages/patches/bluez-CVE-2020-0556.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/linux.scm (bluez)[replacement]: New field. (bluez/fixed): New variable. --- gnu/local.mk | 1 + gnu/packages/linux.scm | 9 ++ gnu/packages/patches/bluez-CVE-2020-0556.patch | 180 +++++++++++++++++++++++++ 3 files changed, 190 insertions(+) create mode 100644 gnu/packages/patches/bluez-CVE-2020-0556.patch (limited to 'gnu/packages/linux.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 99baddea92..8e312e24e7 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -763,6 +763,7 @@ dist_patch_DATA = \ %D%/packages/patches/binutils-loongson-workaround.patch \ %D%/packages/patches/blender-2.79-newer-ffmpeg.patch \ %D%/packages/patches/blender-2.79-python-3.7-fix.patch \ + %D%/packages/patches/bluez-CVE-2020-0556.patch \ %D%/packages/patches/byobu-writable-status.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/calibre-remove-test-bs4.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 7f293a9071..b9787f2ec5 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3994,6 +3994,7 @@ Bluetooth audio output devices like headphones or loudspeakers.") (define-public bluez (package (name "bluez") + (replacement bluez/fixed) (version "5.52") (source (origin (method url-fetch) @@ -4059,6 +4060,14 @@ Bluetooth audio output devices like headphones or loudspeakers.") is flexible, efficient and uses a modular implementation.") (license license:gpl2+))) +(define bluez/fixed + (package + (inherit bluez) + (source (origin + (inherit (package-source bluez)) + (patches (append (origin-patches (package-source bluez)) + (search-patches "bluez-CVE-2020-0556.patch"))))))) + (define-public fuse-exfat (package (name "fuse-exfat") diff --git a/gnu/packages/patches/bluez-CVE-2020-0556.patch b/gnu/packages/patches/bluez-CVE-2020-0556.patch new file mode 100644 index 0000000000..7c34459a3a --- /dev/null +++ b/gnu/packages/patches/bluez-CVE-2020-0556.patch @@ -0,0 +1,180 @@ +Fix CVE-2020-0556: + +https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ +https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556 + +Patches copied from upstream source repository: + +https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787 +https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 + +From 3cccdbab2324086588df4ccf5f892fb3ce1f1787 Mon Sep 17 00:00:00 2001 +From: Alain Michaud +Date: Tue, 10 Mar 2020 02:35:18 +0000 +Subject: [PATCH] HID accepts bonded device connections only. + +This change adds a configuration for platforms to choose a more secure +posture for the HID profile. While some older mice are known to not +support pairing or encryption, some platform may choose a more secure +posture by requiring the device to be bonded and require the +connection to be encrypted when bonding is required. + +Reference: +https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html +--- + profiles/input/device.c | 23 ++++++++++++++++++++++- + profiles/input/device.h | 1 + + profiles/input/input.conf | 8 ++++++++ + profiles/input/manager.c | 13 ++++++++++++- + 4 files changed, 43 insertions(+), 2 deletions(-) + +diff --git a/profiles/input/device.c b/profiles/input/device.c +index 2cb3811c8..d89da2d7c 100644 +--- a/profiles/input/device.c ++++ b/profiles/input/device.c +@@ -92,6 +92,7 @@ struct input_device { + + static int idle_timeout = 0; + static bool uhid_enabled = false; ++static bool classic_bonded_only = false; + + void input_set_idle_timeout(int timeout) + { +@@ -103,6 +104,11 @@ void input_enable_userspace_hid(bool state) + uhid_enabled = state; + } + ++void input_set_classic_bonded_only(bool state) ++{ ++ classic_bonded_only = state; ++} ++ + static void input_device_enter_reconnect_mode(struct input_device *idev); + static int connection_disconnect(struct input_device *idev, uint32_t flags); + +@@ -970,8 +976,18 @@ static int hidp_add_connection(struct input_device *idev) + if (device_name_known(idev->device)) + device_get_name(idev->device, req->name, sizeof(req->name)); + ++ /* Make sure the device is bonded if required */ ++ if (classic_bonded_only && !device_is_bonded(idev->device, ++ btd_device_get_bdaddr_type(idev->device))) { ++ error("Rejected connection from !bonded device %s", dst_addr); ++ goto cleanup; ++ } ++ + /* Encryption is mandatory for keyboards */ +- if (req->subclass & 0x40) { ++ /* Some platforms may choose to require encryption for all devices */ ++ /* Note that this only matters for pre 2.1 devices as otherwise the */ ++ /* device is encrypted by default by the lower layers */ ++ if (classic_bonded_only || req->subclass & 0x40) { + if (!bt_io_set(idev->intr_io, &gerr, + BT_IO_OPT_SEC_LEVEL, BT_IO_SEC_MEDIUM, + BT_IO_OPT_INVALID)) { +@@ -1203,6 +1219,11 @@ static void input_device_enter_reconnect_mode(struct input_device *idev) + DBG("path=%s reconnect_mode=%s", idev->path, + reconnect_mode_to_string(idev->reconnect_mode)); + ++ /* Make sure the device is bonded if required */ ++ if (classic_bonded_only && !device_is_bonded(idev->device, ++ btd_device_get_bdaddr_type(idev->device))) ++ return; ++ + /* Only attempt an auto-reconnect when the device is required to + * accept reconnections from the host. + */ +diff --git a/profiles/input/device.h b/profiles/input/device.h +index 51a9aee18..3044db673 100644 +--- a/profiles/input/device.h ++++ b/profiles/input/device.h +@@ -29,6 +29,7 @@ struct input_conn; + + void input_set_idle_timeout(int timeout); + void input_enable_userspace_hid(bool state); ++void input_set_classic_bonded_only(bool state); + + int input_device_register(struct btd_service *service); + void input_device_unregister(struct btd_service *service); +diff --git a/profiles/input/input.conf b/profiles/input/input.conf +index 3e1d65aae..166aff4a4 100644 +--- a/profiles/input/input.conf ++++ b/profiles/input/input.conf +@@ -11,3 +11,11 @@ + # Enable HID protocol handling in userspace input profile + # Defaults to false (HIDP handled in HIDP kernel module) + #UserspaceHID=true ++ ++# Limit HID connections to bonded devices ++# The HID Profile does not specify that devices must be bonded, however some ++# platforms may want to make sure that input connections only come from bonded ++# device connections. Several older mice have been known for not supporting ++# pairing/encryption. ++# Defaults to false to maximize device compatibility. ++#ClassicBondedOnly=true +diff --git a/profiles/input/manager.c b/profiles/input/manager.c +index 1d31b0652..5cd27b839 100644 +--- a/profiles/input/manager.c ++++ b/profiles/input/manager.c +@@ -96,7 +96,7 @@ static int input_init(void) + config = load_config_file(CONFIGDIR "/input.conf"); + if (config) { + int idle_timeout; +- gboolean uhid_enabled; ++ gboolean uhid_enabled, classic_bonded_only; + + idle_timeout = g_key_file_get_integer(config, "General", + "IdleTimeout", &err); +@@ -114,6 +114,17 @@ static int input_init(void) + input_enable_userspace_hid(uhid_enabled); + } else + g_clear_error(&err); ++ ++ classic_bonded_only = g_key_file_get_boolean(config, "General", ++ "ClassicBondedOnly", &err); ++ ++ if (!err) { ++ DBG("input.conf: ClassicBondedOnly=%s", ++ classic_bonded_only ? "true" : "false"); ++ input_set_classic_bonded_only(classic_bonded_only); ++ } else ++ g_clear_error(&err); ++ + } + + btd_profile_register(&input_profile); +-- +2.25.1 + +From 8cdbd3b09f29da29374e2f83369df24228da0ad1 Mon Sep 17 00:00:00 2001 +From: Alain Michaud +Date: Tue, 10 Mar 2020 02:35:16 +0000 +Subject: [PATCH] HOGP must only accept data from bonded devices. + +HOGP 1.0 Section 6.1 establishes that the HOGP must require bonding. + +Reference: +https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.htm +--- + profiles/input/hog.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/profiles/input/hog.c b/profiles/input/hog.c +index 83c017dcb..dfac68921 100644 +--- a/profiles/input/hog.c ++++ b/profiles/input/hog.c +@@ -186,6 +186,10 @@ static int hog_accept(struct btd_service *service) + return -EINVAL; + } + ++ /* HOGP 1.0 Section 6.1 requires bonding */ ++ if (!device_is_bonded(device, btd_device_get_bdaddr_type(device))) ++ return -ECONNREFUSED; ++ + /* TODO: Replace GAttrib with bt_gatt_client */ + bt_hog_attach(dev->hog, attrib); + +-- +2.25.1 + -- cgit v1.2.3