From patchwork Fri Mar 7 18:32:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Graves X-Patchwork-Id: 2782 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1CD7F27BBE9; Fri, 7 Mar 2025 18:36:29 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7143C27BBE2 for ; Fri, 7 Mar 2025 18:36:27 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tqcYT-0006Zc-PL; Fri, 07 Mar 2025 13:36:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tqcYI-0006Z5-8c for guix-patches@gnu.org; Fri, 07 Mar 2025 13:36:09 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tqcYE-0007Oy-BA for guix-patches@gnu.org; Fri, 07 Mar 2025 13:36:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=m8Kj6XN9Ly3OUF/qOhUG3R3oCwmeD+ywXUU5B8UT9E0=; b=nrw7WSvBUqi21H4z5fagVA7GhHUZjtHBwCPlAnG5FjtLk2nq4uB7w7J8+d6QWJtYBbweRrB/pjiHe84OHn86JOh6guXCDAlBFKG3nV58m9/Qvdh/BMxDgd3KyrxUzgKv+hmM0t70fGaKkBjku3/hWqem7dZYeiA+96MDKAec8LQM3Rmd4d0yxUVJFqccVN9TXXwskat0XzVtuHt0cGJ9O+tXb6vEGVnfSlROCx81f/iQ8+BZvV/63S3+G5SWwYitq8ZVWqdzOS7Zt+hPNT6swr42p9YnqiGVJlOC+vLeDE1phkb3VYbhaEsgOrQZTWAjJY4z42f6aMcGJqzAj+dRCw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tqcYD-0006Jk-TL for guix-patches@gnu.org; Fri, 07 Mar 2025 13:36:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#76819] [PATCH v7 00/35] Add lint-hidden-cpe-vendors property Resent-From: Nicolas Graves Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 07 Mar 2025 18:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 76819 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 76819@debbugs.gnu.org Cc: ludo@gnu.org, Nicolas Graves X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.174137251424211 (code B ref -1); Fri, 07 Mar 2025 18:36:01 +0000 Received: (at submit) by debbugs.gnu.org; 7 Mar 2025 18:35:14 +0000 Received: from localhost ([127.0.0.1]:50021 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tqcXR-0006IQ-Cg for submit@debbugs.gnu.org; Fri, 07 Mar 2025 13:35:14 -0500 Received: from lists.gnu.org ([2001:470:142::17]:52868) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tqcXO-0006Ch-Q5 for submit@debbugs.gnu.org; Fri, 07 Mar 2025 13:35:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tqcXG-0006Bl-Ri for guix-patches@gnu.org; Fri, 07 Mar 2025 13:35:03 -0500 Received: from 7.mo560.mail-out.ovh.net ([188.165.48.182]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tqcXD-00077Z-EW for guix-patches@gnu.org; Fri, 07 Mar 2025 13:35:02 -0500 Received: from director9.ghost.mail-out.ovh.net (unknown [10.108.25.63]) by mo560.mail-out.ovh.net (Postfix) with ESMTP id 4Z8Zhc0gmPz1Zph for ; Fri, 7 Mar 2025 18:34:56 +0000 (UTC) Received: from ghost-submission-5b5ff79f4f-qlcsn (unknown [10.111.182.37]) by director9.ghost.mail-out.ovh.net (Postfix) with ESMTPS id B1F141FD62; Fri, 7 Mar 2025 18:34:55 +0000 (UTC) Received: from ngraves.fr ([37.59.142.100]) by ghost-submission-5b5ff79f4f-qlcsn with ESMTPSA id 12TpFU88y2exJAQAiuAbcg (envelope-from ); Fri, 07 Mar 2025 18:34:55 +0000 Authentication-Results: garm.ovh; auth=pass (GARM-100R0035ca5755e-d6c8-4c0d-82f1-59f395b2984e, 93CD87FFD4632086FD827B47E208BFE70AFEC0F0) smtp.auth=ngraves@ngraves.fr X-OVh-ClientIp: 90.92.117.144 Date: Fri, 7 Mar 2025 19:32:40 +0100 Message-ID: <20250307183454.7871-1-ngraves@ngraves.fr> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 X-Ovh-Tracer-Id: 4345973641200591586 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdduuddufeelucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvfevufffkffoggfgsedtkeertdertddtnecuhfhrohhmpefpihgtohhlrghsucfirhgrvhgvshcuoehnghhrrghvvghssehnghhrrghvvghsrdhfrheqnecuggftrfgrthhtvghrnhepkeffgeetfffgffejgeejvdffgfdtvdeuueetgfefuedvjeegvdegjeejveeuueevnecukfhppeduvdejrddtrddtrddupdeltddrledvrdduudejrddugeegpdefjedrheelrddugedvrddutddtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepuddvjedrtddrtddruddpmhgrihhlfhhrohhmpehnghhrrghvvghssehnghhrrghvvghsrdhfrhdpnhgspghrtghpthhtohepuddprhgtphhtthhopehguhhigidqphgrthgthhgvshesghhnuhdrohhrghdpoffvtefjohhsthepmhhoheeitdgmpdhmohguvgepshhmthhpohhuth DKIM-Signature: a=rsa-sha256; bh=m8Kj6XN9Ly3OUF/qOhUG3R3oCwmeD+ywXUU5B8UT9E0=; c=relaxed/relaxed; d=ngraves.fr; h=From; s=ovhmo4487190-selector1; t=1741372496; v=1; b=VBKjOOjr3/7vjnpbcpWqFRCRCvAjt3jnXhERQ/ZFrzjWRoCluA9paJKmcZaaUuZl93KaltVS 8+dq0n59DmYCYoqJeZBa6jhJCqNexUnBUz7xz6G830DiIAxALOCyIQV3pRPLiGvBeI7ubQqJwNS 47m5BWsiWEyuifN4LA1dpiPQDB2kxJYwq5/gr8eAwnlWS2vNwo0GE3W5DL/KgQVWmJwoIvaROpL sqZspuoxVqnS/j/Qus5eaR5UP7oPVMQRvYDVQ+iFnJvUUMCREdW71/WHwu35dQh2Dq89G1HIoXF GwaYbrc4rPvMBERnND3tXm3pphpx1miGeG/tToucFkT7g== Received-SPF: pass client-ip=188.165.48.182; envelope-from=ngraves@ngraves.fr; helo=7.mo560.mail-out.ovh.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Nicolas Graves X-ACL-Warn: , Nicolas Graves via Guix-patches X-Patchwork-Original-From: Nicolas Graves via Guix-patches via From: Nicolas Graves Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches I hope it's good this time! I've also added some new security fixes on top. Nicolas Graves (20): gnu: got: Add lint-hidden-cpe-vendors property. gnu: tinyxml: Fix CVE-2023-34194. gnu: wayvnc: Update to 0.9.1. gnu: neatvnc: Update to 0.9.4. gnu: opus: Add lint-hidden-cve property. gnu: jq: Add lint-hidden-cve property. gnu: highlight: Add lint-hidden-cpe-vendors property. gnu: yasm: Refresh package definition. gnu: music: Add lint-hidden-cpe-vendors property. gnu: indent: Update to 2.2.13-0.1737c92. gnu: snappy: Add cpe-name property. gnu: zchunk: Update to 1.5.1. gnu: dash: Add lint-hidden-cpe-vendors property. gnu: git: Use lint-hidden-cpe-vendors. gnu: soil: Add lint-hidden-cpe-vendors property. gnu: re2c: Update to 4.1. gnu: libconfuse: Patch CVE-2022-40320. gnu: libxls: Update to 1.6.3. gnu: ruby-git: Update to 3.0.0. gnu: yajl: Patch CVE-2023-33460. Nicolas Graves via Guix-patches via (15): cve: Add cpe-vendor and lint-hidden-cpe-vendors properties. gnu: halibut: Add cpe-vendor property. gnu: portfolio: Update to 1.0.1. gnu: folders: Add lint-hidden-cpe-vendors property. gnu: spectra: Add lint-hidden-cpe-vendors property. gnu: express: Add lint-hidden-cpe-vendors property. gnu: cli: Add lint-hidden-cpe-vendors property. gnu: h2c: Add lint-hidden-cpe-vendors property. gnu: xenon: Update to 0.9.3. gnu: bolt: Update to 0.9.8. gnu: bwm-ng: Add lint-hidden-cpe-vendors property. gnu: onedrive: Update to 2.5.2. gnu: dex: Update to 0.10.1. gnu: immer: Add lint-hidden-cpe-vendors property. gnu: cvs: Add lint-hidden-cpe-vendors property. gnu/local.mk | 4 +- gnu/packages/algebra.scm | 1 + gnu/packages/assembly.scm | 5 +- gnu/packages/bioinformatics.scm | 4 +- gnu/packages/code.scm | 66 +++++--- gnu/packages/compression.scm | 7 +- gnu/packages/cpp.scm | 2 + gnu/packages/curl.scm | 1 + gnu/packages/documentation.scm | 14 +- gnu/packages/esolangs.scm | 1 + gnu/packages/gl.scm | 3 +- gnu/packages/gnome-xyz.scm | 5 +- gnu/packages/linux.scm | 16 +- gnu/packages/networking.scm | 1 + .../patches/indent-CVE-2024-0911.patch | 61 ------- .../patches/libconfuse-CVE-2022-40320.patch | 38 +++++ .../patches/tinyxml-CVE-2023-34194.patch | 28 +++ .../patches/yajl-CVE-2023-33460.patch | 38 +++++ gnu/packages/pretty-print.scm | 3 +- gnu/packages/re2c.scm | 4 +- gnu/packages/ruby.scm | 4 +- gnu/packages/shells.scm | 3 +- gnu/packages/statistics.scm | 4 +- gnu/packages/sync.scm | 5 +- gnu/packages/textutils.scm | 4 +- gnu/packages/version-control.scm | 22 +-- gnu/packages/vnc.scm | 8 +- gnu/packages/web.scm | 9 +- gnu/packages/xdisorg.scm | 17 +- gnu/packages/xiph.scm | 5 +- gnu/packages/xml.scm | 3 +- guix/cve.scm | 160 +++++++++++------- guix/lint.scm | 10 +- tests/cve.scm | 14 +- 34 files changed, 350 insertions(+), 220 deletions(-) delete mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch create mode 100644 gnu/packages/patches/libconfuse-CVE-2022-40320.patch create mode 100644 gnu/packages/patches/tinyxml-CVE-2023-34194.patch create mode 100644 gnu/packages/patches/yajl-CVE-2023-33460.patch