From patchwork Fri May 9 16:50:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Z572 X-Patchwork-Id: 42486 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 011E027BC4B; Fri, 9 May 2025 17:52:29 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7E6AD27BC49 for ; Fri, 9 May 2025 17:52:29 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uDQxF-0003bu-FL; Fri, 09 May 2025 12:52:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uDQx9-0003bj-2X for guix-patches@gnu.org; Fri, 09 May 2025 12:52:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uDQx8-0001ll-OZ for guix-patches@gnu.org; Fri, 09 May 2025 12:52:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=KSiag2sG21sMgtN+6va4lW6hkQB5IamyLsXU33Vq+b8=; b=FsEsDldzkItjCENeHPYTwxDmV9pmeIkFNkDkqw8SlQc9xh8k/otGyUSk6dyI9jIyjufLIxGhXfvukccLdnbClbFJZJzQpwDEyMNUr8ZL9gqFNNQjGRMGoEvcf1VBGwV2zBif57iHKOJ739qmZSpwSx+GtUkrrp6641qeRDm+uNVU70Ubfi4V7yTqiaAbyCPBi8kIxXqlNcJbnb8GFcr0H6nm5euiWmdzSvMwk6FxMeNuftyWVdiUnQ2rdJ39zEzrM/8W2N7mxphuZy3SBgr75VwmOrQwAaxyGTf02kZ2lXBQ9/HOv9Rrn8RVzCIkBXG40ZaCn76RLfjkRjV/aZe+9g==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uDQx8-0007Q8-9T for guix-patches@gnu.org; Fri, 09 May 2025 12:52:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH core-packages-team 1/4] gnu: curl: Ungraft. Resent-From: Zheng Junjie Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 09 May 2025 16:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680946828381 (code B ref 78337); Fri, 09 May 2025 16:52:02 +0000 Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:08 +0000 Received: from localhost ([127.0.0.1]:38973 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uDQwG-0007Ne-3f for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:08 -0400 Received: from mail.z572.online ([88.99.160.180]:46358) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uDQwD-0007N1-0o for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me; t=1746809878; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KSiag2sG21sMgtN+6va4lW6hkQB5IamyLsXU33Vq+b8=; b=X2XNkiwW5TIrUZzKWh4MmGm8cBzvYcGFPm8RxOikwY0j0TprSStk7Cr9vhf6MWwbTfxeqM iuPFwsJRTCgzc1SW3cdamgGSiV0Daz8j3jYLj5vorSbDW1o095q30qI0suBmI/Rwo+SkK8 28grCg+G1RG5ij9ln8KL1XE6r+r9eKk= Received: from m.tailaa68d.ts.net ( [61.174.159.83]) by mail.z572.online (OpenSMTPD) with ESMTPSA id 9a9eb3fb (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>; Fri, 9 May 2025 16:57:57 +0000 (UTC) From: Zheng Junjie Date: Sat, 10 May 2025 00:50:52 +0800 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/curl.scm (curl)[replacement]: Remove it. [source]: Add curl-CVE-2024-8096.patch. * gnu/packages/curl.scm (curl/fixed): Remove it. Change-Id: I43e6c1c0c97bc86ce0e4801559eead53a1a07d12 --- gnu/packages/curl.scm | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 3e9cd517a2..ded616a052 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -69,7 +69,6 @@ (define-public curl (package (name "curl") (version "8.6.0") - (replacement curl/fixed) (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" @@ -77,7 +76,8 @@ (define-public curl (sha256 (base32 "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w")) - (patches (search-patches "curl-use-ssl-cert-env.patch")))) + (patches (search-patches "curl-use-ssl-cert-env.patch" + "curl-CVE-2024-8096.patch")))) (outputs '("out" "doc")) ;1.2 MiB of man3 pages (build-system gnu-build-system) @@ -179,16 +179,6 @@ (define-public curl (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")))) -(define-public curl/fixed - (hidden-package - (package - (inherit curl) - (replacement curl/fixed) - (source (origin - (inherit (package-source curl)) - (patches (append (origin-patches (package-source curl)) - (search-patches "curl-CVE-2024-8096.patch")))))))) - (define-public gnurl (deprecated-package "gnurl" curl)) (define-public curl-ssh From patchwork Fri May 9 16:50:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Z572 X-Patchwork-Id: 42488 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C3A6527BC49; Fri, 9 May 2025 17:52:36 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3A26927BC4A for ; Fri, 9 May 2025 17:52:35 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uDQxL-0003d0-DB; Fri, 09 May 2025 12:52:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uDQxB-0003by-SZ for guix-patches@gnu.org; Fri, 09 May 2025 12:52:07 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uDQx9-0001ls-WA for guix-patches@gnu.org; Fri, 09 May 2025 12:52:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=Zuaf+aaIg1TCfQXnXxVvX5fIvWVArK3dj1y7DqBMY4k=; b=I+XHyfWnHbmDWkW/D1C3USnFJwKBPgv/9KdJKmXqLgazsFi67Dc/lTlyPr/W4d1gK3ECDaWNPT5Cm4/SLSZtTp3SJpWqh207EKkA2Mbty9DohcrqJlg6A8TDPMT//NfFKgpHJthy02TxaEF6Ffzevb4VK+sDpsRv1fLL721Pf0OlbbqTNGhkIkLk21Hh5jJoSrDKBeAuWVowO5FZ6byHO8FLtzqnmKo+32ED/wSbnQ8fw7H46bEGWgSBLqQp3lcLFpkrQ6XYrikMm1lMWHvmFV0Og0VCI5TyuzQZ8znQvsnR6lmCwz4cTxKTGlVwMVCQBY6TXSGPidIXtysKvDM8JQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uDQx8-0007QF-Qj for guix-patches@gnu.org; Fri, 09 May 2025 12:52:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH core-packages-team 2/4] gnu: cups-minimal: Ungraft. Resent-From: Zheng Junjie Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 09 May 2025 16:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680947328405 (code B ref 78337); Fri, 09 May 2025 16:52:02 +0000 Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:13 +0000 Received: from localhost ([127.0.0.1]:38976 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uDQwK-0007O1-LU for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:13 -0400 Received: from mail.z572.online ([88.99.160.180]:46358) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uDQwE-0007N1-NF for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me; t=1746809880; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Zuaf+aaIg1TCfQXnXxVvX5fIvWVArK3dj1y7DqBMY4k=; b=aYEofaqOUbeUiPMsYfZhbgeRKUlS8wFV8k/UGb2/ycImzi2Sy4c1B0Id2UO8gG+8NuN+TC KuKymUeOfKPkN0643PWuNrUZR2VpBAPCrhM9TOlqanh0sOhhDivKfx7fCQG0wdUxtU9TXS EzBZIuPcV8YZScBSdFlbNHKUuRGhg1A= Received: from m.tailaa68d.ts.net ( [61.174.159.83]) by mail.z572.online (OpenSMTPD) with ESMTPSA id babfcb5b (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>; Fri, 9 May 2025 16:58:00 +0000 (UTC) From: Zheng Junjie Date: Sat, 10 May 2025 00:50:53 +0800 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/cups.scm (cups-minimal)[replacement]: Remove it. [source]: Add cups-minimal-Address-PPD-injection-issues.patch. * gnu/packages/cups.scm (cups-minimal/fixed): Remove it. Change-Id: Icb5295af42b5a84741a73ed4b662bc8736ab6b2b --- gnu/packages/cups.scm | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index 5eb45b97b5..2ef1a56b2f 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -266,7 +266,6 @@ (define-public cups-minimal (package (name "cups-minimal") (version "2.4.9") - (replacement cups-minimal/fixed) (source (origin (method git-fetch) @@ -276,7 +275,8 @@ (define-public cups-minimal ;; Avoid NAME confusion: these are the complete CUPS sources. (file-name (git-file-name "cups" version)) (sha256 - (base32 "08wjd1flyaslhnwvxl39403qi3g675rk532ysiyk6cda4r8ks1g1")))) + (base32 "08wjd1flyaslhnwvxl39403qi3g675rk532ysiyk6cda4r8ks1g1")) + (patches (search-patches "cups-minimal-Address-PPD-injection-issues.patch")))) (build-system gnu-build-system) (arguments (list #:configure-flags @@ -356,15 +356,6 @@ (define-public cups-minimal ;; CUPS is Apache 2.0 with exceptions, see the NOTICE file. (license license:asl2.0))) -(define cups-minimal/fixed - (package - (inherit cups-minimal) - (source - (origin - (inherit (package-source cups-minimal)) - (patches - (search-patches "cups-minimal-Address-PPD-injection-issues.patch")))))) - (define-public cups (package/inherit cups-minimal (name "cups") From patchwork Fri May 9 16:50:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Z572 X-Patchwork-Id: 42487 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E75E627BC4B; Fri, 9 May 2025 17:52:33 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3F32C27BC49 for ; Fri, 9 May 2025 17:52:33 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uDQxR-0003dy-7s; Fri, 09 May 2025 12:52:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uDQxB-0003bv-RM for guix-patches@gnu.org; Fri, 09 May 2025 12:52:07 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uDQx9-0001ly-VI for guix-patches@gnu.org; Fri, 09 May 2025 12:52:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=RDBBdIqvqx6vIcPe9vrv9PSHt7cX1p2IY59S5U8G96g=; b=vO4NgfVqxC4vk+YPDaugeTAaqK0h4bPTI51As4+LrH+AFaOjd6qB5a2bwD7m5ddhJIR3yx2pxWLLKD64jDK6v5hltqeDX9ArjwbEnT0phC21CIBsskZr8NXYm3D0X395pMhW3Gq1Vpfy0zQKDyo8DM0hm6Z1ZHe2kTBoiYGVjfwhZQgs6foFzuw0e4uzamg76z2C5YpYazEbTfTPl5tkfgRnYgPsb+UuzyNgIhWlKftN2zWSwOKJQQu0yBXJe2Yuhs0ElPll9YCvnktuQJp2fljcn4NIYjA9t9QZaowJTVULb20eyEDmY2hiaI7epD0upPYJmgRP/9b0EH/a5YAbQw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uDQx9-0007QN-CM for guix-patches@gnu.org; Fri, 09 May 2025 12:52:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH core-packages-team 3/4] gnu: libarchive: Update to 3.7.7. Resent-From: Zheng Junjie Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 09 May 2025 16:52:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680947328413 (code B ref 78337); Fri, 09 May 2025 16:52:03 +0000 Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:13 +0000 Received: from localhost ([127.0.0.1]:38978 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uDQwL-0007O6-48 for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:13 -0400 Received: from mail.z572.online ([88.99.160.180]:46358) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uDQwF-0007N1-H4 for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me; t=1746809882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RDBBdIqvqx6vIcPe9vrv9PSHt7cX1p2IY59S5U8G96g=; b=h90+hBffjGdnju7DMYj14KaUg7o7hx3lNQmIJg9G5On9SlmY1AUuVliEuRH7ZxRM1ppQsm BZfsboyrPO1F7ODGAOFP9U7G217ClPsTG+PYULGqppnPNDpI/c16K6k85Fqc+iMFHgxzRr lyggVoAYNXBPD8xvlgesZ0ys/bgln7o= Received: from m.tailaa68d.ts.net ( [61.174.159.83]) by mail.z572.online (OpenSMTPD) with ESMTPSA id 846699dd (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>; Fri, 9 May 2025 16:58:01 +0000 (UTC) From: Zheng Junjie Date: Sat, 10 May 2025 00:50:54 +0800 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/backup.scm (libarchive): Update to 3.7.7. * gnu/packages/backup.scm (libarchive/fixed): Delete variable. * gnu/packages/patches/libarchive-remove-potential-backdoor.patch: Remove it * gnu/local.mk (dist_patch_DATA): Unregister it. Change-Id: Ia6474f9dae9a3d1a707d94fcace9bd50b2e3ac4c --- gnu/local.mk | 1 - gnu/packages/backup.scm | 22 +-------- ...libarchive-remove-potential-backdoor.patch | 47 ------------------- 3 files changed, 2 insertions(+), 68 deletions(-) delete mode 100644 gnu/packages/patches/libarchive-remove-potential-backdoor.patch diff --git a/gnu/local.mk b/gnu/local.mk index 67a41bdbf4..831939f72e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1718,7 +1718,6 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ %D%/packages/patches/libaio-32bit-test.patch \ %D%/packages/patches/libaio-riscv-test5.patch \ - %D%/packages/patches/libarchive-remove-potential-backdoor.patch \ %D%/packages/patches/libbase-fix-includes.patch \ %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index b4aca86774..876167898b 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -263,8 +263,7 @@ (define-public hdup (define-public libarchive (package (name "libarchive") - (replacement libarchive/fixed) - (version "3.6.1") + (version "3.7.7") (source (origin (method url-fetch) @@ -273,10 +272,9 @@ (define-public libarchive (string-append "https://github.com/libarchive/libarchive" "/releases/download/v" version "/libarchive-" version ".tar.xz"))) - (patches (search-patches "libarchive-remove-potential-backdoor.patch")) (sha256 (base32 - "1rj8q5v26lxxr8x4b4nqbrj7p06qvl91hb8cdxi3xx3qp771lhas")))) + "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7")))) (build-system gnu-build-system) (inputs (list bzip2 @@ -353,22 +351,6 @@ (define-public libarchive @command{bsdcat}, @command{bsdcpio} and @command{bsdtar} commands.") (license license:bsd-2))) -(define libarchive/fixed - (package - (inherit libarchive) - (version "3.7.7") - (source - (origin - (method url-fetch) - (uri (list (string-append "https://libarchive.org/downloads/libarchive-" - version ".tar.xz") - (string-append "https://github.com/libarchive/libarchive" - "/releases/download/v" version "/libarchive-" - version ".tar.xz"))) - (sha256 - (base32 - "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7")))))) - (define-public rdup (package (name "rdup") diff --git a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch deleted file mode 100644 index 2b9a9e2ffe..0000000000 --- a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch +++ /dev/null @@ -1,47 +0,0 @@ -Remove code added by 'JiaT75', the malicious actor that backdoored `xz`: - -https://github.com/libarchive/libarchive/pull/2101 - -At libarchive, they are reviewing all code contributed by this actor: - -https://github.com/libarchive/libarchive/issues/2103 - -See the original disclosure and subsequent discussion for more -information about this incident: - -https://seclists.org/oss-sec/2024/q1/268 - -Patch copied from upstream source repository: - -https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942 - -From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001 -From: Ed Maste -Date: Fri, 29 Mar 2024 18:02:06 -0400 -Subject: [PATCH] tar: make error reporting more robust and use correct errno - (#2101) - -As discussed in #1609. ---- - tar/read.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/tar/read.c b/tar/read.c -index af3d3f42..a7f14a07 100644 ---- a/tar/read.c -+++ b/tar/read.c -@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer) - if (r != ARCHIVE_OK) { - if (!bsdtar->verbose) - safe_fprintf(stderr, "%s", archive_entry_pathname(entry)); -- fprintf(stderr, ": %s: ", archive_error_string(a)); -- fprintf(stderr, "%s", strerror(errno)); -+ safe_fprintf(stderr, ": %s: %s", -+ archive_error_string(a), -+ strerror(archive_errno(a))); - if (!bsdtar->verbose) - fprintf(stderr, "\n"); - bsdtar->return_value = 1; --- -2.41.0 - From patchwork Fri May 9 16:50:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Z572 X-Patchwork-Id: 42489 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id F3A1927BC4B; Fri, 9 May 2025 17:52:39 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 4477927BC49 for ; Fri, 9 May 2025 17:52:39 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uDQxL-0003d4-Db; Fri, 09 May 2025 12:52:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uDQxB-0003bx-SF for guix-patches@gnu.org; Fri, 09 May 2025 12:52:07 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uDQxA-0001lz-44 for guix-patches@gnu.org; Fri, 09 May 2025 12:52:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=6cHF+Flp5D97rZAupL+8xmeHR32yW+BjfPYVNRfh8HM=; b=JhJEWMxdAPpL1z/8fJPdgCNxw2arX8hP/nkxhzXFva4Lc+tXN+9ym6wSpsOHBTx5tsq892wKBQThCsKkekCEUpk0UGuNsoP5m33ga3DQ0vDwiep0n/Okr9hR/Z48sTMEN9fp3oC6/orLfLYqCqtthmD8WB6LSeKfA588Kadvi7INHjH7o2kWpKmtGPdqCS9VHqWBAcVVeVm5ithI1VoiYdRKJk/Xn55OAg0Gtz52e/kDbkZ9CET6f/sb9L8Tdwad1rvQDP37Z4THlZxv2guUORZ37pLR017gxVdaf0EU7+zd7o9rLRNCDeFzFSgR5QwDq2AGfqKidlY7gNSBFuJQOQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uDQx9-0007QU-Vp for guix-patches@gnu.org; Fri, 09 May 2025 12:52:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH core-packages-team 4/4] gnu: expat: Update to 2.7.1. Resent-From: Zheng Junjie Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 09 May 2025 16:52:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680947428421 (code B ref 78337); Fri, 09 May 2025 16:52:03 +0000 Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:14 +0000 Received: from localhost ([127.0.0.1]:38980 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uDQwL-0007OE-O6 for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:14 -0400 Received: from mail.z572.online ([88.99.160.180]:46358) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uDQwI-0007N1-5o for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me; t=1746809883; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6cHF+Flp5D97rZAupL+8xmeHR32yW+BjfPYVNRfh8HM=; b=PMydZL3+yDjheJNYgHEMqzv+TOclqXAjtM925ZeJvX7bf+lQVGS2jDTSdtXIJIHnKxIqP0 rAAbpmEobifBGo5yPA+tPj96gq85pTb0WjJ0aedxa6W3bVkyCLWH15ocl05ynHcYObIctc 5meVC74jpNz9lK12B/h4nL8PetKTe5E= Received: from m.tailaa68d.ts.net ( [61.174.159.83]) by mail.z572.online (OpenSMTPD) with ESMTPSA id 6f6ce7a4 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>; Fri, 9 May 2025 16:58:03 +0000 (UTC) From: Zheng Junjie Date: Sat, 10 May 2025 00:50:55 +0800 Message-ID: <3b47e053512b58a4664503357f6a871e0c2a66e3.1746808204.git.z572@z572.online> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/xml.scm (expat): Update to 2.7.1. (expat/fixed): Remove it. * gnu/packages/patches/expat-CVE-2024-45490.patch: Remove it. * gnu/packages/patches/expat-CVE-2024-45491.patch: Remove it. * gnu/packages/patches/expat-CVE-2024-45492.patch: Remove it. * gnu/local.mk (dist_patch_DATA): Unregister them. Change-Id: Ia0bc5da202afba0636032e4f4e10051778214944 --- gnu/local.mk | 3 -- .../patches/expat-CVE-2024-45490.patch | 34 ------------------- .../patches/expat-CVE-2024-45491.patch | 34 ------------------- .../patches/expat-CVE-2024-45492.patch | 33 ------------------ gnu/packages/xml.scm | 16 ++------- 5 files changed, 2 insertions(+), 118 deletions(-) delete mode 100644 gnu/packages/patches/expat-CVE-2024-45490.patch delete mode 100644 gnu/packages/patches/expat-CVE-2024-45491.patch delete mode 100644 gnu/packages/patches/expat-CVE-2024-45492.patch diff --git a/gnu/local.mk b/gnu/local.mk index 831939f72e..c15ef425ca 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1258,9 +1258,6 @@ dist_patch_DATA = \ %D%/packages/patches/esmini-use-pkgconfig.patch \ %D%/packages/patches/esmtp-add-lesmtp.patch \ %D%/packages/patches/exercism-disable-self-update.patch \ - %D%/packages/patches/expat-CVE-2024-45490.patch \ - %D%/packages/patches/expat-CVE-2024-45491.patch \ - %D%/packages/patches/expat-CVE-2024-45492.patch \ %D%/packages/patches/extempore-unbundle-external-dependencies.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ %D%/packages/patches/fail2ban-paths-guix-conf.patch \ diff --git a/gnu/packages/patches/expat-CVE-2024-45490.patch b/gnu/packages/patches/expat-CVE-2024-45490.patch deleted file mode 100644 index f876e78651..0000000000 --- a/gnu/packages/patches/expat-CVE-2024-45490.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf.patch -Fixed in 2.6.3. -Takes only 1 of the 3 patches from -https://github.com/libexpat/libexpat/pull/890 to take the fix and not the -tests because that part doesn't apply cleanly. - -From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Mon, 19 Aug 2024 22:26:07 +0200 -Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer - -Reported by TaiYou - ---- - expat/lib/xmlparse.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 91682c188..ba1038119 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -2038,6 +2038,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) { - - if (parser == NULL) - return XML_STATUS_ERROR; -+ -+ if (len < 0) { -+ parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT; -+ return XML_STATUS_ERROR; -+ } -+ - switch (parser->m_parsingStatus.parsing) { - case XML_SUSPENDED: - parser->m_errorCode = XML_ERROR_SUSPENDED; diff --git a/gnu/packages/patches/expat-CVE-2024-45491.patch b/gnu/packages/patches/expat-CVE-2024-45491.patch deleted file mode 100644 index 8ff10559bf..0000000000 --- a/gnu/packages/patches/expat-CVE-2024-45491.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://github.com/libexpat/libexpat/commit/8e439a9947e9dc80a395c0c7456545d8d9d9e421.patch -Fixed in 2.6.3. - -From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Mon, 19 Aug 2024 22:34:13 +0200 -Subject: [PATCH] lib: Detect integer overflow in dtdCopy - -Reported by TaiYou ---- - expat/lib/xmlparse.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 91682c188..e2327bdcf 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd, - if (! newE) - return 0; - if (oldE->nDefaultAtts) { -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if ((size_t)oldE->nDefaultAtts -+ > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) { -+ return 0; -+ } -+#endif - newE->defaultAtts - = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE)); - if (! newE->defaultAtts) { diff --git a/gnu/packages/patches/expat-CVE-2024-45492.patch b/gnu/packages/patches/expat-CVE-2024-45492.patch deleted file mode 100644 index 852a9b3f59..0000000000 --- a/gnu/packages/patches/expat-CVE-2024-45492.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://github.com/libexpat/libexpat/commit/9bf0f2c16ee86f644dd1432507edff94c08dc232.patch -Fixed in 2.6.3. - -From 9bf0f2c16ee86f644dd1432507edff94c08dc232 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Mon, 19 Aug 2024 22:37:16 +0200 -Subject: [PATCH] lib: Detect integer overflow in function nextScaffoldPart - -Reported by TaiYou ---- - expat/lib/xmlparse.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 91682c188..f737575ea 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -7558,6 +7558,15 @@ nextScaffoldPart(XML_Parser parser) { - int next; - - if (! dtd->scaffIndex) { -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) { -+ return -1; -+ } -+#endif - dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int)); - if (! dtd->scaffIndex) - return -1; diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index f29d5d2adc..5eb9be68c7 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -127,8 +127,7 @@ (define-public libxmlb (define-public expat (package (name "expat") - (version "2.5.0") - (replacement expat/fixed) + (version "2.7.1") (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (origin (method url-fetch) @@ -140,7 +139,7 @@ (define-public expat "/expat-" version ".tar.xz"))) (sha256 (base32 - "1gnwihpfz4x18rwd6cbrdggmfqjzwsdfh1gpmc0ph21c4gq2097g"))))) + "0c3w446jrrnss3ccgx9z590lpwbpxiqdbxv2a0p036cg9da54i9m"))))) (build-system gnu-build-system) (arguments '(#:phases (modify-phases %standard-phases @@ -164,17 +163,6 @@ (define-public expat things the parser might find in the XML document (like start tags).") (license license:expat))) -(define-public expat/fixed - (hidden-package - (package - (inherit expat) - (replacement expat/fixed) - (source (origin - (inherit (package-source expat)) - (patches (search-patches "expat-CVE-2024-45490.patch" - "expat-CVE-2024-45491.patch" - "expat-CVE-2024-45492.patch"))))))) - (define-public libebml (package (name "libebml")