[bug#72851] gnu: pidgin: Update to 2.14.13 [security fixes].

The 2.14.9 update fixes CVE-2022-26491.

Cleanup leftovers from 89f4f0baa9ff956ba0efe9ec20e1805f01230a54.

* gnu/packages/messaging.scm (pidgin): Update to 2.14.13.
[source]: Switch to bz2 compression.
[snippet]: Remove.
[native-inputs]: Remove autoconf, automake and libtool.

Change-Id: Icde29d67b5ac09d7dc0939eb6c779d39b3470a6f
---
Change to bz2 compressed tarball as that is what guix refresh downloaded. This is the one used by other distributions (I have checked Arch, Fedora, NixOs). CCing the person who did the last update.

 gnu/packages/messaging.scm | 19 +++++--------------
 1 file changed, 5 insertions(+), 14 deletions(-)


base-commit: 8b25e1c5c2e8833444e702209f11731627f85239

Am Mittwoch, dem 28.08.2024 um 07:41 +0000 schrieb Dariqq:
> The 2.14.9 update fixes CVE-2022-26491.
> 
> Cleanup leftovers from 89f4f0baa9ff956ba0efe9ec20e1805f01230a54.
> 
> * gnu/packages/messaging.scm (pidgin): Update to 2.14.13.
> [source]: Switch to bz2 compression.
> [snippet]: Remove.
Why?
> [native-inputs]: Remove autoconf, automake and libtool.
Again, why?

> Change-Id: Icde29d67b5ac09d7dc0939eb6c779d39b3470a6f
> ---
> Change to bz2 compressed tarball as that is what guix refresh
> downloaded. This is the one used by other distributions (I have
> checked Arch, Fedora, NixOs). CCing the person who did the last
> update.
> 
>  gnu/packages/messaging.scm | 19 +++++--------------
>  1 file changed, 5 insertions(+), 14 deletions(-)
> 
> diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
> index 3f375f34c6..aaee5f7286 100644
> --- a/gnu/packages/messaging.scm
> +++ b/gnu/packages/messaging.scm
> @@ -948,32 +948,23 @@ (define-public ngircd
>  (define-public pidgin
>    (package
>      (name "pidgin")
> -    (version "2.14.5")
> +    (version "2.14.13")
>      (source
>       (origin
>         (method url-fetch)
>         (uri
>          (string-append "mirror://sourceforge/pidgin/Pidgin/"
> -                       version "/pidgin-" version ".tar.gz"))
> +                       version "/pidgin-" version ".tar.bz2"))
>         (sha256
> -        (base32
> "12llip3r8126gph82r638xjv2v2rg34qgggn1nbwfmc3s7halimr"))
> +        (base32
> "1a3by4niw5ls67mwgj20p2mr317zj4hzysi5glm9mq0pivf4j00j"))
>         (patches
> -        (search-patches "pidgin-add-search-path.patch"))
> -       (modules '((guix build utils)))
> -       (snippet
> -        '(begin
> -           ;; Remove stale generated file after applying patches.
> -           (delete-file "configure")
> -           #t))))
> +        (search-patches "pidgin-add-search-path.patch"))))
>      (build-system glib-or-gtk-build-system)
>      (native-inputs
> -     `(("autoconf" ,autoconf) ;; For bootstrap
> -       ("automake" ,automake) ;; For bootstrap
> -       ("check" ,check)
> +     `(("check" ,check)
>         ("dot" ,graphviz)
>         ("gconf" ,gconf)
>         ("intltool" ,intltool)
> -       ("libtool" ,libtool) ;; For bootstrap
>         ("pkg-config" ,pkg-config)))
As a follow-up commit, you might want to drop the input labels.

Cheers

Hi Liliana,

On 28.08.24 20:35, Liliana Marie Prikler wrote:
> Am Mittwoch, dem 28.08.2024 um 07:41 +0000 schrieb Dariqq:
>> The 2.14.9 update fixes CVE-2022-26491.
>>
>> Cleanup leftovers from 89f4f0baa9ff956ba0efe9ec20e1805f01230a54.
>>
>> * gnu/packages/messaging.scm (pidgin): Update to 2.14.13.
>> [source]: Switch to bz2 compression.
>> [snippet]: Remove.
> Why?
>> [native-inputs]: Remove autoconf, automake and libtool.
> Again, why?
> 
bz2 change: Default for the source download on the pidgin website and is 
what guix refresh fetched for me.


THe snippet was needed for an older patch (touching configure.ac) which 
got removed in commit 89f4f0baa9ff956ba0efe9ec20e1805f01230a54.
There was a comment "Remove the snippet and bootstrapping native inputs 
together with this patch" resp. "Remove stale generated file after 
applying pidgin-libnm.patch.".

Should configure scripts always be regenerated when building from tarballs?

> As a follow-up commit, you might want to drop the input labels.
> 
ALso noticed some other things later today:
- no status icon : --enable-trayicon-compat
-  nss-certs:  --with-system-ssl-certs=<dir>
- finch.pc requires libgnt. Should that also be propagated?
- Propagating gtk2 (required by pidgin.pc) conflicts in my home 
environments with nm-applet propagating gtk3.
- python2

> Cheers

Am Mittwoch, dem 28.08.2024 um 20:01 +0000 schrieb Dariqq:
> Should configure scripts always be regenerated when building from
> tarballs?
I think it makes sense to do so.

> > As a follow-up commit, you might want to drop the input labels.
> > 
> ALso noticed some other things later today:
> - no status icon : --enable-trayicon-compat
That one's de gustibus, especially in GNOME, where tray icons have
fallen out of favour.
> -  nss-certs:  --with-system-ssl-certs=<dir>
Pidgin should support the environment variable SSL_CERT_DIR – it would
be a bug if not.
> - finch.pc requires libgnt. Should that also be propagated?
> - Propagating gtk2 (required by pidgin.pc) conflicts in my home 
> environments with nm-applet propagating gtk3.
Presumably, this ought to be fine (it is 2 vs 3 after all), but you
might want to ignore the propagation(s), as pidgin is mostly used as an
app.  
> - python2
Ahh, well what can you do ‾\_(ツ)_/‾

On 28.08.24 22:22, Liliana Marie Prikler wrote:
> Am Mittwoch, dem 28.08.2024 um 20:01 +0000 schrieb Dariqq:
>> Should configure scripts always be regenerated when building from
>> tarballs?
> I think it makes sense to do so.
> 

Ok, will adjust this in a v2 (probably tomorrow sometime)

>>> As a follow-up commit, you might want to drop the input labels.
>>>
>> ALso noticed some other things later today:
>> - no status icon : --enable-trayicon-compat
> That one's de gustibus, especially in GNOME, where tray icons have
> fallen out of favour.

On my other system (not yet running guix) pidgin is built without this 
option and i have an icon (both gnome + appindicator extension). Need to 
investigate more.

Also dbus support would be nice,.
 From the configure log:
checking for python3... no
configure: WARNING: python3 interpreter not found in your path
Building without D-Bus support

Maybe we can just upgrade to python3 and be happy.

>> -  nss-certs:  --with-system-ssl-certs=<dir>
> Pidgin should support the environment variable SSL_CERT_DIR – it would
> be a bug if not.

Was grepping the tarball and could not find any reference to 
SSL_CERT_DIR. Without specifying a path to system certs pidgin/libpurple 
seems to bundle its own.

  The few package recipes i checked from other distribitions specify 
their global store here.

>> - finch.pc requires libgnt. Should that also be propagated?
>> - Propagating gtk2 (required by pidgin.pc) conflicts in my home
>> environments with nm-applet propagating gtk3.
> Presumably, this ought to be fine (it is 2 vs 3 after all), but you
> might want to ignore the propagation(s), as pidgin is mostly used as an
> app.

This is the error i get:
guix home: error: profile contains conflicting entries for gtk+
guix home: error:   first entry: gtk+@2.24.33 
/gnu/store/mm0dbi0gnd1vlip26wfs1nlll7cn3rd8-gtk+-2.24.33
guix home: error:    ... propagated from pidgin@2.14.5
guix home: error:   second entry: gtk+@3.24.41 
/gnu/store/ix9kcspd3n2rws5il1pfpy7i2yfh0q7v-gtk+-3.24.41
guix home: error:    ... propagated from network-manager-applet@1.36.0
hint: Try upgrading both `pidgin' and `network-manager-applet', or 
remove one of them from the profile.

"solved" this by making a local variant of pidgin with the propagated 
inputs as normal inputs.

>> - python2
> Ahh, well what can you do ‾\_(ツ)_/‾