From patchwork Tue May 20 02:58:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 42759 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1990E27BC4D; Tue, 20 May 2025 03:59:47 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id AED7827BC4A for ; Tue, 20 May 2025 03:59:45 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uHDC4-0006C5-Jx; Mon, 19 May 2025 22:59:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHDC2-0006BX-SL for guix-patches@gnu.org; Mon, 19 May 2025 22:59:02 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uHDC2-0005sb-IS for guix-patches@gnu.org; Mon, 19 May 2025 22:59:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=zyKSS4rIi1rg0owHCrkWT/qIp8VkGDajCWnCoR4imUk=; b=LTfzgX8Jmq7NrL4J14zTHxuU3KMhkq5yinfRAYPYwFt3e7GYzRXNATjYoyIrN2hPFiGyGDtzlG/6nhJ4jKCfKaVmjkF+ISaDKMMOIAl/Ic8Hygbc19J8KHzwGm4nk/23FumfWC2Co1CG3Ay9nje+gBPUCSHGMLOaQgkuSS9eobljR2mFlT4AJXoe/NOXsrvEzvpTcAUWIknto1sIc0XqcQuvpEzJfop+YoZBSilE55YfLrnugkQe/xfcHvVxUe7lZsENe1D9tDJpHGZH6Mi7t/D8RE830UzR3poEAPOV2QSQGu14boRjUm6Ymp1ojS+1BH+3NAOQUT8U8pLU69KSRQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uHDC2-0000UA-9D; Mon, 19 May 2025 22:59:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH v2 1/6] gnu: curl: Ungraft. References: In-Reply-To: Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: z572@z572.online, guix-patches@gnu.org Resent-Date: Tue, 20 May 2025 02:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Cc: Zheng Junjie , Maxim Cournoyer , Zheng Junjie X-Debbugs-Original-Xcc: Zheng Junjie Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099261743 (code B ref 78337); Tue, 20 May 2025 02:59:02 +0000 Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:58:46 +0000 Received: from localhost ([127.0.0.1]:50161 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHDBm-0000S3-BE for submit@debbugs.gnu.org; Mon, 19 May 2025 22:58:46 -0400 Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]:55420) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uHDBh-0000R3-7u for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:44 -0400 Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-30dfd9e7fa8so6384456a91.2 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747709915; x=1748314715; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=zyKSS4rIi1rg0owHCrkWT/qIp8VkGDajCWnCoR4imUk=; b=Jh0URjQTFRmQfeCicMQoGZn+W7ViaCYByOqxRaqiA+DT92TBEAjAYrvwALCqpZBCzn 21SarSENKtg2pGzArPMCumuTEgK4iUXBhMvAQY3My1TmAWHTrdVjNG/c62f+6xodhQ9y 6czkgzNg/nfZmF9K23MDLsc7q7rUcOELnaXf3LPlc/K3cwtCSt6RZSZqy96WGbkBj/wR LbiKwWXrd6k2tByWuZK7sO/kxoLki8idMfh8D1+5gM6v+sYiKadns5tZpS2z6sEduMiI lid4BcdGmF7QR0HJOpirwtDAnPsjTevsLiwq+5rSCBJxa4AGY7iBirLAzRWszOXYOZ77 DYVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747709915; x=1748314715; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zyKSS4rIi1rg0owHCrkWT/qIp8VkGDajCWnCoR4imUk=; b=TKmr7RrxwlylPvUANw2s0UL6uaOsObKDNDndp9W4OCFmmuR2n4NTEMb0ZpQKMha4oW zBu/xJwgtiugozTO/9aKozFXaRM+b38nDIq0RjiYPru8HtKMO9JLXvzFpSQEB5zFdEiK swZAg8TG7/HHKs04ZSoR33Qwtg3UdjO7UeR+658n8cyBmlE0IUaebTOTB+gs1ASsUMVO DjILTYpljx0JovLcmb5TvETQTJkmMepo4fDzpI+GhGF4yCNFogFKZrwzKc2rfQTdjq8y 0AWaJ1UJvsER+D8TXD34o9fepXaQ+haQPDtvpmlTZO7JhCk5o2/56o1TwZ1XR+WDJN+l Vc/A== X-Gm-Message-State: AOJu0YxH60OjQVC4jgKU8WMO2W8o4z7HuCasXo83VKV8/diEuOK3zmFm TQOT8yRn51TklRAx6+6xLzRn+pNPZ7TTkptPoy7cLtVdeQb6NBrTIg0SYiRoCw== X-Gm-Gg: ASbGncusgiRjMXW0RF5FBOOEyVhloICjRNmhyoEaoV3MWxscfyk7KJxiDMDs/JDKw/q qLHQMe3Rx8jgN9NEAWvDsKPvK+eagnnIfKuoHM1dkjDIhhoMrjjuJuY+KmqJgLKmaFD00gHWD0+ SgP5OMF/QPNunhxgyC9MGAi/4bdawcUFoicciPyqP3pkPA/SbfquKo2zIYntdOP92QEk/ia6XsK kVBCVBg8mHeab2b1wK8Goq+6ESLhDqfR/jCKp5eaai3W7C9Z9vlNJANQZdKU7Fjk9nEt5S++JvZ 68XBiZ1x1MgSWakSJM9s9VroffSrdtJGISKV3MP5Pklwtnsl9zZasuKZFenwgVlxhcA1qE8= X-Google-Smtp-Source: AGHT+IFQLKwpCGPQ73WoPzB27RurV4/P0kmbfzoo+kWIP9uK3Zp7qpQVR8EN21oHi8RzZrv2zTcxJw== X-Received: by 2002:a17:90b:3c90:b0:2ff:6af3:b5fa with SMTP id 98e67ed59e1d1-30e8322592emr19182747a91.22.1747709914502; Mon, 19 May 2025 19:58:34 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 May 2025 19:58:34 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 20 May 2025 11:58:11 +0900 Message-ID: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Zheng Junjie * gnu/packages/curl.scm (curl)[replacement]: Remove it. [source]: Add curl-CVE-2024-8096.patch. * gnu/packages/curl.scm (curl/fixed): Remove it. Change-Id: I43e6c1c0c97bc86ce0e4801559eead53a1a07d12 Signed-off-by: Maxim Cournoyer --- gnu/packages/curl.scm | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) base-commit: e7d73a08d569904f8a71db5b84f5fafaf0dff188 diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 3e9cd517a2..ded616a052 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -69,7 +69,6 @@ (define-public curl (package (name "curl") (version "8.6.0") - (replacement curl/fixed) (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" @@ -77,7 +76,8 @@ (define-public curl (sha256 (base32 "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w")) - (patches (search-patches "curl-use-ssl-cert-env.patch")))) + (patches (search-patches "curl-use-ssl-cert-env.patch" + "curl-CVE-2024-8096.patch")))) (outputs '("out" "doc")) ;1.2 MiB of man3 pages (build-system gnu-build-system) @@ -179,16 +179,6 @@ (define-public curl (license (license:non-copyleft "file://COPYING" "See COPYING in the distribution.")))) -(define-public curl/fixed - (hidden-package - (package - (inherit curl) - (replacement curl/fixed) - (source (origin - (inherit (package-source curl)) - (patches (append (origin-patches (package-source curl)) - (search-patches "curl-CVE-2024-8096.patch")))))))) - (define-public gnurl (deprecated-package "gnurl" curl)) (define-public curl-ssh From patchwork Tue May 20 02:58:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 42763 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id BD41F27BC4B; Tue, 20 May 2025 03:59:55 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED,URI_NOVOWEL autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id D81FF27BC49 for ; Tue, 20 May 2025 03:59:54 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uHDC6-0006Cy-3p; Mon, 19 May 2025 22:59:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHDC3-0006Bq-Ni for guix-patches@gnu.org; Mon, 19 May 2025 22:59:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uHDC3-0005su-F1 for guix-patches@gnu.org; Mon, 19 May 2025 22:59:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=3LKtslSuKjcXw/cKfb1KPcSthVdNMItZ4JyC3P/0Bxg=; b=GlkSLPaoEbaMMORckwDApwl/ninZRl5xP6EsVljFIAzplfXC2gu9ftSqpzG55aWW16Gx8kk6b3GrJE6ADSbR0boTkKq8sfoG+k/mV9gvtzoP1LmxTmLIIKtbb5h033BIAaIVXzdwiC17uhavAkRpyIMRB583gk/oo9Y0foFEv2EHuRM/Dg6uc7C8LVxjzEhd8EEQbpjrKQJGbQyzdpL5tlPRGTt6oLQSxSKxbpQ0MGHVEGdI0JFAWPIVT+gF4ifuILBq9XU47HF72Xk/oZcLM3ys5atyEzTwQWTuNomdUN9y+pSld6MYMNU3WPb2BNeJ8dvvoMkjBFl4V4UXDXI/6Q==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uHDC3-0000UR-7p; Mon, 19 May 2025 22:59:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH v2 2/6] gnu: curl: Update to 8.13.0 and ungraft [fixes CVE-2025-0725]. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: z572@z572.online, guix-patches@gnu.org Resent-Date: Tue, 20 May 2025 02:59:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Cc: Maxim Cournoyer , Zheng Junjie X-Debbugs-Original-Xcc: Zheng Junjie Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099341800 (code B ref 78337); Tue, 20 May 2025 02:59:03 +0000 Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:58:54 +0000 Received: from localhost ([127.0.0.1]:50170 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHDBs-0000Sk-FU for submit@debbugs.gnu.org; Mon, 19 May 2025 22:58:54 -0400 Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]:47498) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uHDBk-0000RO-Df for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:48 -0400 Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-30e542e4187so3769399a91.3 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747709917; x=1748314717; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3LKtslSuKjcXw/cKfb1KPcSthVdNMItZ4JyC3P/0Bxg=; b=HSHUjvUdmOIr/HeRL7fv9OnqKJcN4am5U7njOiivzK7GELtM9zij2Jog1w7oVqG6i5 ctgxEd2IK6X52+c+5Uhmdfq0kIh7eo+zOJy0/haHZwc0HlBQYf9NJDH2KLVXNVqPKHuW w4PUrSfvB4iscr2CBnxkiR2BZvqpvTdKUtCSg3fQSq/WjGxZtdG5NI5IeS9bApN5iFo0 C1anUCL2wguF7MCOF4VrCtSHRsZngi65GTDurJjrQ9inqtPvgXLocVqoHGiyJwD0Cn8h hqYVpu3VElOqe1eZNRuJBWCOdAmRrJx2ySfeH2/FZf/MLlkFNm+JrmeQIYy4CmqUd4p0 q3gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747709917; x=1748314717; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3LKtslSuKjcXw/cKfb1KPcSthVdNMItZ4JyC3P/0Bxg=; b=ZxKH1cOFEE6lodE51N8iX229L9p+0n2KT9rKF3p5YRbZUzzBsgTfeG39D0ySk02TO/ t/6DR/qkG7w2HzC9qDH0wEQDkTIKUHl9Nu0A7B4j4Z6aOj4IQEozuLoTHWFra4UEuITM 1L/TOIvVmUIO4xNMIo30vf4Z8SCE1wp23VrbdeLdZiRHXcucJ4bs0WtHnxHlBr9u/VPN CuMXF3+y0tgvG6NStAvoiiEUHTZ1CZ0OaCRQn/fDM8s0+5F0l9nBIlD1KF3pvIh7i4Sx 076+3h1t5M2tsr1iNlQuHKSuxyN3YxsML3YZRE7x97aH7x7VZhxnn9KC5dL4vfkR6wQS sgmQ== X-Gm-Message-State: AOJu0Yys8OcmY3Ml2+UnxwZbYMIw4x7hQBCcRlnLNytlTfRJRFdGSGH1 ws1kHNANEDNevS3Sny2WO+u8zslMYiV8MR9w7s9fYPZZ2Y3PeohMzqMPRmhfZw== X-Gm-Gg: ASbGncvcqB/CcFOkHZxvv+PvoDhfmNE7bd+bHNw3B6zStOcqYm13VmaxhyAfZCuJPf4 Vj1ptQq7hqBflnLL4L+tH3QIbtHcUVWqP2LJPMCt33t2hvQVC4ZM3mBQ88bqkN4YjsEHRfv5N1c KX912ZEVxEdtF0BvyyDqBo/6WFsSjgCbODnXPpOWQypOlcEUXiKO3Vo3tk9oVoCpeJPE00UK8lR vjdGwFhnFZNR8YY0grT9uluDpj3jH3PjX/54K65kYFmbrzrFpR4u5sc1yGqM1fssn5jla+I37Bk 5xSqKczIPbRmzf6+jmJjSA7PrNmp/lCWaJdEuCp3V8ujPV5umfWfaL3HZnjfBvnxT5bFx7poYWF DZgmLCQ== X-Google-Smtp-Source: AGHT+IHqbY0VMrgiyJ76QDeNzrvIcCbUW6KbnxrzhvzVd8qTkSyO4TjGpldjBI3ymp3sTTpiqoGiyQ== X-Received: by 2002:a17:90b:1648:b0:2ff:698d:ef7c with SMTP id 98e67ed59e1d1-30e7d5bd935mr23452181a91.29.1747709917404; Mon, 19 May 2025 19:58:37 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 May 2025 19:58:36 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 20 May 2025 11:58:12 +0900 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/curl.scm (curl): Update to 8.13.0. [replacement]: Delete field. [arguments] <#:configure-flags>: Add --with-libssh2. <#:phases>: Streamline check phase override, and newly skip a few new tests. [native-inputs]: Add libssh2. (curl/fixed): Delete variable. * gnu/packages/patches/curl-CVE-2024-8096.patch: Delete file. * gnu/local.mk (dist_patch_DATA): De-register it. Change-Id: I8e1a8516e78370645e4148d33e57114f98a26404 --- gnu/local.mk | 1 - gnu/packages/curl.scm | 39 ++-- gnu/packages/patches/curl-CVE-2024-8096.patch | 200 ------------------ 3 files changed, 20 insertions(+), 220 deletions(-) delete mode 100644 gnu/packages/patches/curl-CVE-2024-8096.patch diff --git a/gnu/local.mk b/gnu/local.mk index 3730d272ea..0cbe521c73 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1158,7 +1158,6 @@ dist_patch_DATA = \ %D%/packages/patches/csvkit-set-locale-for-tests.patch \ %D%/packages/patches/cube-nocheck.patch \ %D%/packages/patches/cups-minimal-Address-PPD-injection-issues.patch \ - %D%/packages/patches/curl-CVE-2024-8096.patch \ %D%/packages/patches/curl-use-ssl-cert-env.patch \ %D%/packages/patches/curlftpfs-fix-error-closing-file.patch \ %D%/packages/patches/curlftpfs-fix-file-names.patch \ diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index ded616a052..caeefd9168 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -17,6 +17,7 @@ ;;; Copyright © 2023 Sharlatan Hellseher ;;; Copyright © 2023 John Kehayias ;;; Copyright © 2024 Ashish SHUKLA +;;; Copyright © 2024, 2025 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -68,21 +69,22 @@ (define-module (gnu packages curl) (define-public curl (package (name "curl") - (version "8.6.0") + (version "8.13.0") (source (origin (method url-fetch) (uri (string-append "https://curl.se/download/curl-" version ".tar.xz")) (sha256 (base32 - "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w")) - (patches (search-patches "curl-use-ssl-cert-env.patch" - "curl-CVE-2024-8096.patch")))) + "09902ng7lbydbsm6yb03g0p7y03i4yilj1f0zgi2vl62ldwkj2aa")) + (patches (search-patches "curl-use-ssl-cert-env.patch")))) (outputs '("out" "doc")) ;1.2 MiB of man3 pages (build-system gnu-build-system) (arguments (list + #:modules `((ice-9 format) + ,@%default-gnu-modules) #:disallowed-references '("doc") #:configure-flags #~(list "--with-gnutls" @@ -90,6 +92,7 @@ (define-public curl (dirname (dirname (search-input-file %build-inputs "lib/libgssrpc.so")))) + "--with-libssh2" "--disable-static") #:test-target "test-nonflaky" ;avoid tests marked as "flaky" #:phases @@ -116,20 +119,18 @@ (define-public curl (if parallel-tests? (number->string (parallel-job-count)) "1"))) - ;; Ignore test 1477 due to a missing file in the 8.5.0 - ;; release. See - ;; . - (arguments `("-C" "tests" "test" - ,@make-flags - ,(if #$(or (system-hurd?) - (target-arm32?) - (target-aarch64?)) - ;; protocol FAIL - (string-append "TFLAGS=~1474 " - "!1477 " - job-count) - (string-append "TFLAGS=\"~1477 " - job-count "\""))))) + (failing-tests + '( 962 963 964 965 966 967 1474 ;protocol FAIL + ;; Unknown reason. + 165 1448 2046 2047 + ;; Mismatch in expected output, perhaps + ;; caused by different nginx version used. + 1700 1701 1702 2402 2403 2404 2405)) + (arguments + `("-C" "tests" "test" + ,@make-flags + ,(format #f "TFLAGS=~a ~{~~~a ~}" + job-count failing-tests)))) ;; The top-level "make check" does "make -C tests quiet-test", which ;; is too quiet. Use the "test" target instead, which is more ;; verbose. @@ -153,7 +154,7 @@ (define-public curl (native-inputs (list nghttp2 perl pkg-config python-minimal-wrapper)) (inputs - (list gnutls libidn libpsl mit-krb5 `(,nghttp2 "lib") zlib)) + (list gnutls libidn libpsl libssh2 mit-krb5 `(,nghttp2 "lib") zlib)) (native-search-paths ;; These variables are introduced by curl-use-ssl-cert-env.patch. (list $SSL_CERT_DIR diff --git a/gnu/packages/patches/curl-CVE-2024-8096.patch b/gnu/packages/patches/curl-CVE-2024-8096.patch deleted file mode 100644 index 0f780f08c3..0000000000 --- a/gnu/packages/patches/curl-CVE-2024-8096.patch +++ /dev/null @@ -1,200 +0,0 @@ -From aeb1a281cab13c7ba791cb104e556b20e713941f Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Tue, 20 Aug 2024 16:14:39 +0200 -Subject: [PATCH] gtls: fix OCSP stapling management - -Reported-by: Hiroki Kurosawa -Closes #14642 ---- - lib/vtls/gtls.c | 146 ++++++++++++++++++++++++------------------------ - 1 file changed, 73 insertions(+), 73 deletions(-) - -diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c -index 03d6fcc038aac3..c7589d9d39bc81 100644 ---- a/lib/vtls/gtls.c -+++ b/lib/vtls/gtls.c -@@ -850,6 +850,13 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf, - init_flags |= GNUTLS_NO_TICKETS; - #endif - -+#if defined(GNUTLS_NO_STATUS_REQUEST) -+ if(!config->verifystatus) -+ /* Disable the "status_request" TLS extension, enabled by default since -+ GnuTLS 3.8.0. */ -+ init_flags |= GNUTLS_NO_STATUS_REQUEST; -+#endif -+ - rc = gnutls_init(>ls->session, init_flags); - if(rc != GNUTLS_E_SUCCESS) { - failf(data, "gnutls_init() failed: %d", rc); -@@ -1321,104 +1328,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data, - infof(data, " server certificate verification SKIPPED"); - - if(config->verifystatus) { -- if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { -- gnutls_datum_t status_request; -- gnutls_ocsp_resp_t ocsp_resp; -+ gnutls_datum_t status_request; -+ gnutls_ocsp_resp_t ocsp_resp; -+ gnutls_ocsp_cert_status_t status; -+ gnutls_x509_crl_reason_t reason; - -- gnutls_ocsp_cert_status_t status; -- gnutls_x509_crl_reason_t reason; -+ rc = gnutls_ocsp_status_request_get(session, &status_request); - -- rc = gnutls_ocsp_status_request_get(session, &status_request); -+ if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { -+ failf(data, "No OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- infof(data, " server certificate status verification FAILED"); -+ if(rc < 0) { -+ failf(data, "Invalid OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { -- failf(data, "No OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ gnutls_ocsp_resp_init(&ocsp_resp); - -- if(rc < 0) { -- failf(data, "Invalid OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); -+ if(rc < 0) { -+ failf(data, "Invalid OCSP response received"); -+ return CURLE_SSL_INVALIDCERTSTATUS; -+ } - -- gnutls_ocsp_resp_init(&ocsp_resp); -+ (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, -+ &status, NULL, NULL, NULL, &reason); - -- rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); -- if(rc < 0) { -- failf(data, "Invalid OCSP response received"); -- return CURLE_SSL_INVALIDCERTSTATUS; -- } -+ switch(status) { -+ case GNUTLS_OCSP_CERT_GOOD: -+ break; - -- (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, -- &status, NULL, NULL, NULL, &reason); -+ case GNUTLS_OCSP_CERT_REVOKED: { -+ const char *crl_reason; - -- switch(status) { -- case GNUTLS_OCSP_CERT_GOOD: -+ switch(reason) { -+ default: -+ case GNUTLS_X509_CRLREASON_UNSPECIFIED: -+ crl_reason = "unspecified reason"; - break; - -- case GNUTLS_OCSP_CERT_REVOKED: { -- const char *crl_reason; -- -- switch(reason) { -- default: -- case GNUTLS_X509_CRLREASON_UNSPECIFIED: -- crl_reason = "unspecified reason"; -- break; -- -- case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: -- crl_reason = "private key compromised"; -- break; -- -- case GNUTLS_X509_CRLREASON_CACOMPROMISE: -- crl_reason = "CA compromised"; -- break; -- -- case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: -- crl_reason = "affiliation has changed"; -- break; -+ case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: -+ crl_reason = "private key compromised"; -+ break; - -- case GNUTLS_X509_CRLREASON_SUPERSEDED: -- crl_reason = "certificate superseded"; -- break; -+ case GNUTLS_X509_CRLREASON_CACOMPROMISE: -+ crl_reason = "CA compromised"; -+ break; - -- case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: -- crl_reason = "operation has ceased"; -- break; -+ case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: -+ crl_reason = "affiliation has changed"; -+ break; - -- case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: -- crl_reason = "certificate is on hold"; -- break; -+ case GNUTLS_X509_CRLREASON_SUPERSEDED: -+ crl_reason = "certificate superseded"; -+ break; - -- case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: -- crl_reason = "will be removed from delta CRL"; -- break; -+ case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: -+ crl_reason = "operation has ceased"; -+ break; - -- case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: -- crl_reason = "privilege withdrawn"; -- break; -+ case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: -+ crl_reason = "certificate is on hold"; -+ break; - -- case GNUTLS_X509_CRLREASON_AACOMPROMISE: -- crl_reason = "AA compromised"; -- break; -- } -+ case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: -+ crl_reason = "will be removed from delta CRL"; -+ break; - -- failf(data, "Server certificate was revoked: %s", crl_reason); -+ case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: -+ crl_reason = "privilege withdrawn"; - break; -- } - -- default: -- case GNUTLS_OCSP_CERT_UNKNOWN: -- failf(data, "Server certificate status is unknown"); -+ case GNUTLS_X509_CRLREASON_AACOMPROMISE: -+ crl_reason = "AA compromised"; - break; - } - -- gnutls_ocsp_resp_deinit(ocsp_resp); -+ failf(data, "Server certificate was revoked: %s", crl_reason); -+ break; -+ } - -- return CURLE_SSL_INVALIDCERTSTATUS; -+ default: -+ case GNUTLS_OCSP_CERT_UNKNOWN: -+ failf(data, "Server certificate status is unknown"); -+ break; - } -- else -- infof(data, " server certificate status verification OK"); -+ -+ gnutls_ocsp_resp_deinit(ocsp_resp); -+ if(status != GNUTLS_OCSP_CERT_GOOD) -+ return CURLE_SSL_INVALIDCERTSTATUS; - } - else - infof(data, " server certificate status verification SKIPPED"); From patchwork Tue May 20 02:58:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 42760 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 58CA727BC4B; Tue, 20 May 2025 03:59:47 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id AE12D27BC49 for ; Tue, 20 May 2025 03:59:45 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uHDC5-0006CH-14; Mon, 19 May 2025 22:59:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHDC3-0006Be-6E for guix-patches@gnu.org; Mon, 19 May 2025 22:59:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uHDC2-0005sj-TL for guix-patches@gnu.org; Mon, 19 May 2025 22:59:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=8A78zwhd7cCGVb5R8Hx7HZogHtXwo2AOs59mAGiwYPA=; b=fKMv7fuYQo78VT0vRBR55gl81R7WDXlFyy20jncjn1QxG2qW0P162jwVb5oV+FJiBv6Hr90d1jcApkpPYfInlowk0aex3cDHxZnK6aSs36gkfjwb7KDlqv++Djt3qiipBQU5cMrDc0GvNGH4jQiUxdyrNOLQy2pwBro63n7UQUaCUYP959NVMWTN1eH7OwDWIW1AqDTUy415wILlb+lfGwAuX772SExS5mLIyVFCs2PHfwyVqLvkB2E5ZraTf96nZt72mD0S/uynB4aXuLh3bS5W7UXdGLv2vhG1A8+Yvc2AyXmhdHR+iUmQOk3hObOFy7kOwpit1p++YSA4jQ/JdA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uHDC2-0000UJ-OH; Mon, 19 May 2025 22:59:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH v2 3/6] gnu: curl: Enable zstd support. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: z572@z572.online, guix-patches@gnu.org Resent-Date: Tue, 20 May 2025 02:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Cc: Maxim Cournoyer , Zheng Junjie X-Debbugs-Original-Xcc: Zheng Junjie Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099321785 (code B ref 78337); Tue, 20 May 2025 02:59:02 +0000 Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:58:52 +0000 Received: from localhost ([127.0.0.1]:50168 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHDBr-0000Sd-SC for submit@debbugs.gnu.org; Mon, 19 May 2025 22:58:52 -0400 Received: from mail-pf1-x431.google.com ([2607:f8b0:4864:20::431]:61867) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uHDBn-0000Rm-GL for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:47 -0400 Received: by mail-pf1-x431.google.com with SMTP id d2e1a72fcca58-73972a54919so4847407b3a.3 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747709920; x=1748314720; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8A78zwhd7cCGVb5R8Hx7HZogHtXwo2AOs59mAGiwYPA=; b=IoQ6eui+jrwMOiZ3IoAR6HYemeANlEWB9KWtH9/Rqc5ef6nFLjc+fuy322KLuwDVUH +Gt0zvMw9JEqdgFJyZMESfUtgzZO+oGJwa7ii4DRMggY4wAi0RN5jegkd2SGBZqkRDym gJfQYs3qS0O34i7VHH3dDDH2yJ/I/DPCXkJ5tgsMxow1DEX9+N3m1LLfFRQTljIn1C6E OPvbfgNccY1hJDcR1nkjt/bPzEA9IuGC/jpDydopUtKKklosSv/iYv7BcdulVNwmW19E QWyQ7Yw9NmgkbI6AL81dxetj+L8hN6PBKCYd8PShuW2c6hsJbHaT+/XlewXOqi0GOqgM VCTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747709920; x=1748314720; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8A78zwhd7cCGVb5R8Hx7HZogHtXwo2AOs59mAGiwYPA=; b=Yum0cAsk70NHgB3K4wN8Hq/nGlIaMG/VTEw6bS88XIFCyhn5zq3W2KZbDUeqHfw5TR PkoaEtVGBL/CezFTbmGu5mmi+5vjB6c3Hj/l9oO8werht9FJHChaWrs68Isfn9prfZeo gH13W47sZFw7SJUpMnAaIbzge42AMSefFDywdLmBLrH5Z7TwsPGWnD6u0gbE0I3AUlbY 8ZXbDlYsK+rM3sm4FRaQgeqxmvxpYbN2TPTdZKmc99Yrh8w8lw48WpK+vdiPkORoJyPQ KAMpth4IlKii5gyMzQ3W3WImSwZ7skivkdSYWtO385JNifL0lzW3ja7DiTVWUk+hT9lU bzng== X-Gm-Message-State: AOJu0YxmGHWZ/712Eo+1Ebs0O9evEL9f+7PIN35vcwvTDW6tpNceSPfU 0hanq0mpViQkvyAOCYD8nRnQn88FHR965VgbGLD0TsrVWSsp/tIIofsCAioE4A== X-Gm-Gg: ASbGncsBrTcQCtlqk23XNr8GZ1bO7SKzUDOhF1Yra92b6nyTcWTiAC8uzf3eUYftSmi NiEfZjp6Nu/YOFEr/65cmRc7PTsROgy8+Yu94irOgjvsuNArq7rH56iwDCPLUXPU3fUD3T5oIU1 76EBcOpSvkhcHQDAJYvG5PoFWVQ6sj7iEIEL+mFMjlMVziZ3EBSvuRJKwOBjp7YYa3dZeSzLwfj 3mKlDD8WgdKngMOsiMn+7P79geH/i2tWLmKIXqUhp/r01v5ema2nGoMPnjtdvNrm8NwYGmGYYt7 C8i0GzJkbeYH4wYatFgEkMNZLNDOM8ZAWS5c1gxQNEqOEGeTY3XOlVgDtbViN8qSZnzFz2g= X-Google-Smtp-Source: AGHT+IEFUlxlIzxFcGqsfS97mqM9tp5Oj5RHwBfB/jCFC2o7bYxiGrpEL3/Va6AU5HnGn3hR+yZ74w== X-Received: by 2002:a05:6a21:8883:b0:217:feb5:631d with SMTP id adf61e73a8af0-217feb5636amr16783116637.26.1747709920317; Mon, 19 May 2025 19:58:40 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 May 2025 19:58:39 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 20 May 2025 11:58:13 +0900 Message-ID: <3fd60a1b3610e350ba274911fa830812e95f80a8.1747709896.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/curl.scm [inputs]: Add zstd:lib. Change-Id: I48e1099c3a445bcbdeaf16c5a79d956bd1b51307 --- gnu/packages/curl.scm | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index caeefd9168..2b90759bf4 100644 --- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -152,9 +152,19 @@ (define-public curl (close port))))) #~())))) (native-inputs - (list nghttp2 perl pkg-config python-minimal-wrapper)) + (list nghttp2 + perl + pkg-config + python-minimal-wrapper)) (inputs - (list gnutls libidn libpsl libssh2 mit-krb5 `(,nghttp2 "lib") zlib)) + (list gnutls + libidn + libpsl + libssh2 + mit-krb5 + `(,nghttp2 "lib") + zlib + `(,zstd "lib"))) (native-search-paths ;; These variables are introduced by curl-use-ssl-cert-env.patch. (list $SSL_CERT_DIR From patchwork Tue May 20 02:58:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 42761 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id ADD3F27BC49; Tue, 20 May 2025 03:59:48 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id B7CBE27BC4E for ; Tue, 20 May 2025 03:59:45 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uHDC9-0006Dt-9G; Mon, 19 May 2025 22:59:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHDC4-0006C3-7s for guix-patches@gnu.org; Mon, 19 May 2025 22:59:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uHDC3-0005t5-TU for guix-patches@gnu.org; Mon, 19 May 2025 22:59:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=xDtUNxLHWt/JnnSn/nqr6EPx3Y8T3FsVUBk8e4QZWRo=; b=okHWKeeq8GB+y+UYLqXbA813KJJU/EAXbhU5JfkucXJUY/S9e8SlDkQaSrzTS5pXGCF5Ibn70frxsrm/sgiNfM7mZ6xTfEWQduaaKPhWtqPaIhpgj4RcR/8fn+YJCzaz9PlIyz9r5C2FxA+vAr2OkTed7VR/EJiP9tJn3iX7NfNOdmz4z7XSAPBEE5kFxgeFumxO6Eyq2DjInqg0wlkje3V1yeCkyuQFrUBa4ovIk9/VSN1+VVs03zzFlesK81RJiyyDgXpaJsb+2Pc073LE7DsZoaiXDueec10B3sbwLtOuwA3QgUlkmyTdefHse7WP8RMwRy7phE9H+YRpK6v6gw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uHDC3-0000Ua-Ov; Mon, 19 May 2025 22:59:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH v2 4/6] gnu: cups-minimal: Ungraft. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: z572@z572.online, guix-patches@gnu.org Resent-Date: Tue, 20 May 2025 02:59:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Cc: Zheng Junjie , Maxim Cournoyer , Zheng Junjie X-Debbugs-Original-Xcc: Zheng Junjie Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099391836 (code B ref 78337); Tue, 20 May 2025 02:59:03 +0000 Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:58:59 +0000 Received: from localhost ([127.0.0.1]:50174 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHDBz-0000TX-9w for submit@debbugs.gnu.org; Mon, 19 May 2025 22:58:59 -0400 Received: from mail-pg1-x532.google.com ([2607:f8b0:4864:20::532]:48626) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uHDBq-0000Ru-Cb for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:50 -0400 Received: by mail-pg1-x532.google.com with SMTP id 41be03b00d2f7-b26ef4791a5so3690434a12.1 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747709923; x=1748314723; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xDtUNxLHWt/JnnSn/nqr6EPx3Y8T3FsVUBk8e4QZWRo=; b=cliQfSH1QEG74jOPGBOxb19YuCVkP+i5qn/I9yCxoCzVQWn8lEfU3lzSq353ENGeUA nifSCwvvKDN/CjSvCcNd0h/m3e1fOCI/spS3a1Ovu0K0fYjR+8RaQ7eru20p7Sv9XUUL laPMb+1YNSmJKXgWsGygGwttkex2XmKK47pyneTzm9IvF2Rm8e+dvRr60CQH8ek9onz+ vTDZ4rZ71UPIInwxq4JCt+c1sAUs89qNQIDUv7Bbd4u2MYP7VRKL860PM41SibvRXzZk LlELBm6uZ7qqmixd0gJiK/HhzMW7wh7AqWRq+wNeDbEhUFmOwbrLIgrSykqN308yDhQU 667g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747709923; x=1748314723; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xDtUNxLHWt/JnnSn/nqr6EPx3Y8T3FsVUBk8e4QZWRo=; b=uSPvodMNchnwqU22eP3mJOJdte0Zt1gKgoN+l+Ft5+jzfG0B5vl70LCtQr66xrLY63 GT2TceYNfrW+r7HFuh2QisspRkSi4kkPVJGJlQ5MpNpCYY1UnN5vC11ZCQb87fUoGd9W NWCCnve0x+0BaPTsHoaH4SuW3yzmAwoRY6b//50iHFKE6pZ4JVIgbSnh9nPEvBwDGrrY 9u6qgpeB09YVLuFTASacT0JbLYB7jfago2uhqI0RgSgeZWu9u5u/5gyAVUaE6LnSO1/H 9Pc4INdspVLoGT2oO1yBb35UaemWuFwBsENb3j0k+sovjG81ApcCpOILfDARgqnwUg7n 7auQ== X-Gm-Message-State: AOJu0YxgRIvDFOT6XID8M1psOOj/+phmfMsydffY6lXmGFoOLrhjJuXf Gf0AXcjbKzjdpGmF7Jl0Y/id1+nlA1JLegWj73fUl4OjH2aIp+XbnDwFQWoFGg== X-Gm-Gg: ASbGncuDaNZEEqSAEZ4XXD2MjgTZC/OaaO11Y/gTUYWR+BZn4K78LuXVzijQ6ZrP3U9 6FeQ1XRqEIOpBdUmt264U73fzb52+seM6f7KfZQMiDrBp+lQjFuBpKTD4LvLVteZZ3C9cOej44/ N8gKqPWdjFtT7CddDs1pqSiM/LtrpS75zhF+83+7tHDr7RXPxtyCgB2RSH+zS5dGJGFMx4j6boI v31m/bN8GvKAbeF9Wn5yW1T/guo+C5QNWwEaJJFGjV8IhX5uaNLNFrv1IBFY4ifY0lx1TB+Vf4h yMTsUulPgHU58QKD5lX5mwZDtoSmYOqx4cWuyM1p6syzPwLAAKteDL1VJJAp1CBbRePE2436y5U eJi/RBQ== X-Google-Smtp-Source: AGHT+IE0b8x1sHma4vuVPZVnOaRJxtjyZ9YBIgFpIq30PTpM0elkIQmi2AzdoUttExWkqox5k2G2sA== X-Received: by 2002:a17:90b:3b46:b0:30a:204e:3271 with SMTP id 98e67ed59e1d1-30e7d5564e7mr28200588a91.17.1747709923308; Mon, 19 May 2025 19:58:43 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 May 2025 19:58:42 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 20 May 2025 11:58:14 +0900 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Zheng Junjie * gnu/packages/cups.scm (cups-minimal)[replacement]: Remove it. [source]: Add cups-minimal-Address-PPD-injection-issues.patch. * gnu/packages/cups.scm (cups-minimal/fixed): Remove it. Change-Id: Icb5295af42b5a84741a73ed4b662bc8736ab6b2b Signed-off-by: Maxim Cournoyer --- gnu/packages/cups.scm | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm index 41c3f0af45..847fc29a9a 100644 --- a/gnu/packages/cups.scm +++ b/gnu/packages/cups.scm @@ -265,7 +265,6 @@ (define-public cups-minimal (package (name "cups-minimal") (version "2.4.9") - (replacement cups-minimal/fixed) (source (origin (method git-fetch) @@ -275,7 +274,8 @@ (define-public cups-minimal ;; Avoid NAME confusion: these are the complete CUPS sources. (file-name (git-file-name "cups" version)) (sha256 - (base32 "08wjd1flyaslhnwvxl39403qi3g675rk532ysiyk6cda4r8ks1g1")))) + (base32 "08wjd1flyaslhnwvxl39403qi3g675rk532ysiyk6cda4r8ks1g1")) + (patches (search-patches "cups-minimal-Address-PPD-injection-issues.patch")))) (build-system gnu-build-system) (arguments (list #:configure-flags @@ -355,15 +355,6 @@ (define-public cups-minimal ;; CUPS is Apache 2.0 with exceptions, see the NOTICE file. (license license:asl2.0))) -(define cups-minimal/fixed - (package - (inherit cups-minimal) - (source - (origin - (inherit (package-source cups-minimal)) - (patches - (search-patches "cups-minimal-Address-PPD-injection-issues.patch")))))) - (define-public cups (package/inherit cups-minimal (name "cups") From patchwork Tue May 20 02:58:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 42762 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D12B327BC49; Tue, 20 May 2025 03:59:49 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id CF7E327BC4A for ; Tue, 20 May 2025 03:59:48 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uHDC6-0006D6-BQ; Mon, 19 May 2025 22:59:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHDC4-0006CG-QC for guix-patches@gnu.org; Mon, 19 May 2025 22:59:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uHDC4-0005tB-Gi for guix-patches@gnu.org; Mon, 19 May 2025 22:59:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=VLW4XEfGm0Iqej8OIAUuSyG9zccZMvgoY6rkDt8nwuM=; b=WCwS9MHSjCms42yViZeyVuEy1Yg7vqw2uIIOgdxwrhQTJVO7UurFXXpdZ3YHzRazB+711k7B8QoSM7hBFpqhPS4KfwcPVkxVjwNeLNOq3DzHV7Rcw43lAQ/nk5gOGzKZPIeQvKXShbWEglFJ7c3DzQaRMBOfrrUpNhm4OBWLb8V5ocSRC2HrmC63ggaFrVFU86xh0ktEwtdDKpgQlfCXdn4eg9dZviqiqqauqdNZdX6gFej77DK/VuEciVfMChdqQ4X/GSEX+N5GiwuXU/7VlVOx47DIVftWhkF62ARgGD7JOLQGbRFCQ+jgTTQgf3Xht96XHEZz6QkNbwBVxUsuZA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uHDC4-0000Ul-CC; Mon, 19 May 2025 22:59:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH v2 5/6] gnu: libarchive: Update to 3.7.7. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: z572@z572.online, guix-patches@gnu.org Resent-Date: Tue, 20 May 2025 02:59:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Cc: Zheng Junjie , Maxim Cournoyer , Zheng Junjie X-Debbugs-Original-Xcc: Zheng Junjie Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099401849 (code B ref 78337); Tue, 20 May 2025 02:59:04 +0000 Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:59:00 +0000 Received: from localhost ([127.0.0.1]:50176 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHDBz-0000Te-Mn for submit@debbugs.gnu.org; Mon, 19 May 2025 22:59:00 -0400 Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]:44302) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uHDBt-0000SB-5e for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:54 -0400 Received: by mail-pj1-x1030.google.com with SMTP id 98e67ed59e1d1-30e7bfef364so3686389a91.1 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747709927; x=1748314727; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=VLW4XEfGm0Iqej8OIAUuSyG9zccZMvgoY6rkDt8nwuM=; b=GDeArT9ee17oYBmxrq32S6vhXQ8Wk1rzTSrC+PxIAH+mXQmBZGy4Fpx2R4i43X9U7s WFPpJxuDCQtRHtd3ikeVO8CIwSEtndPoxJ1B124uDCFJ9V8cDir49eCli3vT08j+mcMi w7TOPRt5mLHYQ3hpNI9mtO6/+t0pZBUCD4hP4cwLocEsmev5onUFRirRvNDsNiN/o8qJ M+jCj4zjvGKs/A4vxsS9/J13xe/c9rwcsLq7zsE66OC2C01lLnUE6T1JVmCyF8m1B0S0 6pEmE3mhAYrNTMMP5n80cVtqZjHZ/EAYY0P53r07JXnSHB0/qXDoRXQk94ZPC95NbE1B qu7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747709927; x=1748314727; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VLW4XEfGm0Iqej8OIAUuSyG9zccZMvgoY6rkDt8nwuM=; b=TJDRlIF56rbdWA0p+Ns1w/LWuSM/N/RV41QW5eoySpifVz5H9/4PTiRmCVH470laTq jqEQzMPcaRqSl8OHDhrXeUcHHdPTjQbhc5eWsBLm+Qb3sfI4E0LgHRvC5VnhgcAjCAVc ZY4mljOxRtaL+6dUhQ3sY4YU2clpQAC9QsRHkuAgeQLNaXJf0719zs5mEITAdUPaEmQw 4xxEnhiIsAPLERiAmmPbCsUvYkAF48vvBjKOwfge3klNTqjHsLBfHubMKfslJBz9/OBh U3Wp1N6F5YklB+BEDFTCtX/1JZKeDju/FrHXOsh4If46YJH2dc0Cu7YuQlqT0yHhqNJt RpWQ== X-Gm-Message-State: AOJu0YyaFsPxTPMCCCGNKn+hCiUPrG6+a3JTM/pwN6o7DxgBW1EBldeM pLkD64vFYXW878dZv2k58RYP23sOd43ypGZw2pqQ1q0JRqw8gRX/2QSq02bflw== X-Gm-Gg: ASbGnctwqB/unAtF8XXJkhFlkA4rzSZvFbYiJr5B/PrTgiFyYg137McSJ0vl2Uz9kHn 7qOxBBbpExMXzYV6+PLH+82qh5Pkgz27QRDbNmDIknzpiq5+O/DTPAUxPOwk06NZZDgAMVSb9HO M0RfootcVFVuyrRlZB+eIZ7BXJ4afHejs8TkNJsKLjECgTR6iPQDOE6ZCVMvw0ZixX6WuGpVNBR /eZtmcu+yLUZYra2WBK4/8qHFpEs381+McdEG+P7WLaOtNrF+4g5R0wFtteWjq6pRRaLK+FAqi6 N73TPuZnq5NHEcq29coJSzjh6Z+NM2Oyomlr+HORPPrK9Rt0qkgQuMZPXBXRib7erzEs4Zk= X-Google-Smtp-Source: AGHT+IHZadErGXSrKP65bpMsKXE20NTgU6KfLKT2XQBqg4KKfyoLeyiXaFPiyNt/UGT8PtLoXVY2Aw== X-Received: by 2002:a17:90b:3905:b0:305:2d27:7ba5 with SMTP id 98e67ed59e1d1-30e7d4ebda4mr21460156a91.6.1747709926667; Mon, 19 May 2025 19:58:46 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 May 2025 19:58:46 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 20 May 2025 11:58:15 +0900 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Zheng Junjie * gnu/packages/backup.scm (libarchive): Update to 3.7.7. * gnu/packages/backup.scm (libarchive/fixed): Delete variable. * gnu/packages/patches/libarchive-remove-potential-backdoor.patch: Remove it * gnu/local.mk (dist_patch_DATA): Unregister it. Change-Id: Ia6474f9dae9a3d1a707d94fcace9bd50b2e3ac4c Signed-off-by: Maxim Cournoyer --- gnu/local.mk | 1 - gnu/packages/backup.scm | 22 +-------- ...libarchive-remove-potential-backdoor.patch | 47 ------------------- 3 files changed, 2 insertions(+), 68 deletions(-) delete mode 100644 gnu/packages/patches/libarchive-remove-potential-backdoor.patch diff --git a/gnu/local.mk b/gnu/local.mk index 0cbe521c73..d561d5ea5d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1719,7 +1719,6 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ %D%/packages/patches/libaio-32bit-test.patch \ %D%/packages/patches/libaio-riscv-test5.patch \ - %D%/packages/patches/libarchive-remove-potential-backdoor.patch \ %D%/packages/patches/libbase-fix-includes.patch \ %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index b4aca86774..876167898b 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -263,8 +263,7 @@ (define-public hdup (define-public libarchive (package (name "libarchive") - (replacement libarchive/fixed) - (version "3.6.1") + (version "3.7.7") (source (origin (method url-fetch) @@ -273,10 +272,9 @@ (define-public libarchive (string-append "https://github.com/libarchive/libarchive" "/releases/download/v" version "/libarchive-" version ".tar.xz"))) - (patches (search-patches "libarchive-remove-potential-backdoor.patch")) (sha256 (base32 - "1rj8q5v26lxxr8x4b4nqbrj7p06qvl91hb8cdxi3xx3qp771lhas")))) + "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7")))) (build-system gnu-build-system) (inputs (list bzip2 @@ -353,22 +351,6 @@ (define-public libarchive @command{bsdcat}, @command{bsdcpio} and @command{bsdtar} commands.") (license license:bsd-2))) -(define libarchive/fixed - (package - (inherit libarchive) - (version "3.7.7") - (source - (origin - (method url-fetch) - (uri (list (string-append "https://libarchive.org/downloads/libarchive-" - version ".tar.xz") - (string-append "https://github.com/libarchive/libarchive" - "/releases/download/v" version "/libarchive-" - version ".tar.xz"))) - (sha256 - (base32 - "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7")))))) - (define-public rdup (package (name "rdup") diff --git a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch deleted file mode 100644 index 2b9a9e2ffe..0000000000 --- a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch +++ /dev/null @@ -1,47 +0,0 @@ -Remove code added by 'JiaT75', the malicious actor that backdoored `xz`: - -https://github.com/libarchive/libarchive/pull/2101 - -At libarchive, they are reviewing all code contributed by this actor: - -https://github.com/libarchive/libarchive/issues/2103 - -See the original disclosure and subsequent discussion for more -information about this incident: - -https://seclists.org/oss-sec/2024/q1/268 - -Patch copied from upstream source repository: - -https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942 - -From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001 -From: Ed Maste -Date: Fri, 29 Mar 2024 18:02:06 -0400 -Subject: [PATCH] tar: make error reporting more robust and use correct errno - (#2101) - -As discussed in #1609. ---- - tar/read.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/tar/read.c b/tar/read.c -index af3d3f42..a7f14a07 100644 ---- a/tar/read.c -+++ b/tar/read.c -@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer) - if (r != ARCHIVE_OK) { - if (!bsdtar->verbose) - safe_fprintf(stderr, "%s", archive_entry_pathname(entry)); -- fprintf(stderr, ": %s: ", archive_error_string(a)); -- fprintf(stderr, "%s", strerror(errno)); -+ safe_fprintf(stderr, ": %s: %s", -+ archive_error_string(a), -+ strerror(archive_errno(a))); - if (!bsdtar->verbose) - fprintf(stderr, "\n"); - bsdtar->return_value = 1; --- -2.41.0 - From patchwork Tue May 20 02:58:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 42764 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 576F827BC49; Tue, 20 May 2025 03:59:48 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id BA70227BC4F for ; Tue, 20 May 2025 03:59:45 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uHDC6-0006DG-RU; Mon, 19 May 2025 22:59:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uHDC5-0006Co-Ao for guix-patches@gnu.org; Mon, 19 May 2025 22:59:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uHDC5-0005tK-21 for guix-patches@gnu.org; Mon, 19 May 2025 22:59:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=N8R2cdNGlAfm/xZPZYFk77yKco3WVhCjmF279bpZD2I=; b=qTbw8LHuMg13OrLEuhiUTGYqPIspcxUvYnSdFX5BK/O0oGpH4zl6svXHDk2IXuka7ytzXkoLvN7EA7EZrvhQ223wyKDK6pjNcbcXJMQZTVuKWcL/VN3Y4JkkyqkXn6u+TOcycPI7D3BAggTncuE5mZkEmq/v8ZH6VaK3013eURbcKmVwzKHHnniiPsP0eV1Im8UsIFdmpCaSkV6CqEAd3WpE70wuxOwiiYG0e0mcMOZEAof6le0k24feGSVBPf22CZh6l3gWhVPq3EIwHweQYAVrdArmeI0YdeM2fIOSrLo1O1aN6k+kW0k3w42NdELEsOs4EWIWYbVbdlDsP/iztQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uHDC4-0000Uw-SR; Mon, 19 May 2025 22:59:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH v2 6/6] gnu: expat: Update to 2.7.1. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: z572@z572.online, guix-patches@gnu.org Resent-Date: Tue, 20 May 2025 02:59:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Cc: Zheng Junjie , Maxim Cournoyer , Zheng Junjie X-Debbugs-Original-Xcc: Zheng Junjie Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099411859 (code B ref 78337); Tue, 20 May 2025 02:59:04 +0000 Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:59:01 +0000 Received: from localhost ([127.0.0.1]:50178 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uHDC0-0000Tl-Ez for submit@debbugs.gnu.org; Mon, 19 May 2025 22:59:01 -0400 Received: from mail-pj1-x102a.google.com ([2607:f8b0:4864:20::102a]:45302) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uHDBw-0000SV-Cs for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:57 -0400 Received: by mail-pj1-x102a.google.com with SMTP id 98e67ed59e1d1-30e57a373c9so5053995a91.2 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1747709930; x=1748314730; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=N8R2cdNGlAfm/xZPZYFk77yKco3WVhCjmF279bpZD2I=; b=S2J/WbbITTrwLRl6P+EPGNtctl1zqaJft32ZT7s722h8vHUGd857/Mav1qNhufNJRX 6fo3NRqv9m+4V3en96H8ySJ+N+VPBKrBEB+0mE2JYsSaTRCGKmMGxbM2HQHPEjbSNIYY luZeUSwc0DTCkCQzPGJo4q6XCbH8F6Bcj6mB0gRxmc46YEp0nHVWTvfpQC/zR6dvUnGJ /S5h5Yvw52VDhql+BCenaW28BPCpge3TV1ZzRu5XPNWyo57pDDQ756MP26Rp0H42KDfC vd79AiiZ8eLmHoaXtXmunrhQcj50Itq8BaBYZuF6Sf4D4VS3qet81E8va3VQOk87iKJq P98Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747709930; x=1748314730; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N8R2cdNGlAfm/xZPZYFk77yKco3WVhCjmF279bpZD2I=; b=Yw7nG2799Dg0HdKGrSnLtrsvI1iN+1m3U8mCzf+fyZNLtWHJFJne0Wek4TxvV0chdY z6qmllrRGEkvcABwUwjqdpf3hPSUJoPtiMca3ozwb3J2416sWFOzN44+Avk8NRgGUbM5 oUcdu8pNGRSpgLACC3VDNHErb1V6Q2iVgFWOo5LESJxjkVMOivA4EqhjMLwG01ZSsptG 2M8lF/xCq0AZJM29M/dYsGfMxMBfOJj5nrtab+Jm1sASrHc3Oe9mdsiYW70+u8soI7Yh DzUHEgpWkCjjx4zRKWC7IlZd57+kN2jzUKl4mhZZobclIJiJKweq5wqezdjVBw52gBq2 ZuYw== X-Gm-Message-State: AOJu0Yyiuzio1v6gdaCxV/HVJpwbhMQe2USj9KM6CeEYt3nnSvmX/SNh /tvEgVZGYg2sztU+widfTfUu5PFJLXBDzvH+xhqiHoVs1Z7Eab08Ch7kKXqlpw== X-Gm-Gg: ASbGncutNgQfkAvfQmogC/C93Bo8DKEbVZRDHRPi8ngaIYQPmg+T1ToR9GKRTLtzeRi uySYGgetAtuSyCymZkWkhSN7PYBpxdKS+B/7CSplFPcRqwNAQ1/FloCXiJx0NjnxzZcoPWVMDhs WYyLycR6X4lf/iavstnpZSjeYIZggIyRxKRVOcHPSshztxP+FXJCTp8Ty07xmJdjCtl9pp85p3U 08s6q5RGLF+gScK1bwL8jEu66+BYz5zo8lIJtTzlIrm3qLPZmHrzBtTAW89VF0n2tteyJdte3lR 3nMI7FXBOYpvz6goPVt1Nob61ycjDEGepUAP1avQLVBvbKX5wGwuaOk0KkerzaEP+BkB/JE= X-Google-Smtp-Source: AGHT+IG4fSRsU20Ug3nI40fOO81SvFJfORCR2Oe/7I50Wh6/03UzcYCfIflfCwvglC/LBgqrhcjONQ== X-Received: by 2002:a17:90b:1c05:b0:30c:5617:7475 with SMTP id 98e67ed59e1d1-30e7d53ff83mr26599396a91.18.1747709929644; Mon, 19 May 2025 19:58:49 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 May 2025 19:58:49 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 20 May 2025 11:58:16 +0900 Message-ID: <5b99b0aa419d655e4c376aef28b57f228f761cf5.1747709896.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches From: Zheng Junjie * gnu/packages/xml.scm (expat): Update to 2.7.1. (expat/fixed): Remove it. * gnu/packages/patches/expat-CVE-2024-45490.patch: Remove it. * gnu/packages/patches/expat-CVE-2024-45491.patch: Remove it. * gnu/packages/patches/expat-CVE-2024-45492.patch: Remove it. * gnu/local.mk (dist_patch_DATA): Unregister them. Change-Id: Ia0bc5da202afba0636032e4f4e10051778214944 Signed-off-by: Maxim Cournoyer --- gnu/local.mk | 3 -- .../patches/expat-CVE-2024-45490.patch | 34 ------------------- .../patches/expat-CVE-2024-45491.patch | 34 ------------------- .../patches/expat-CVE-2024-45492.patch | 33 ------------------ gnu/packages/xml.scm | 16 ++------- 5 files changed, 2 insertions(+), 118 deletions(-) delete mode 100644 gnu/packages/patches/expat-CVE-2024-45490.patch delete mode 100644 gnu/packages/patches/expat-CVE-2024-45491.patch delete mode 100644 gnu/packages/patches/expat-CVE-2024-45492.patch diff --git a/gnu/local.mk b/gnu/local.mk index d561d5ea5d..c9b70349ce 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1256,9 +1256,6 @@ dist_patch_DATA = \ %D%/packages/patches/esmini-use-pkgconfig.patch \ %D%/packages/patches/esmtp-add-lesmtp.patch \ %D%/packages/patches/exercism-disable-self-update.patch \ - %D%/packages/patches/expat-CVE-2024-45490.patch \ - %D%/packages/patches/expat-CVE-2024-45491.patch \ - %D%/packages/patches/expat-CVE-2024-45492.patch \ %D%/packages/patches/extempore-unbundle-external-dependencies.patch \ %D%/packages/patches/extundelete-e2fsprogs-1.44.patch \ %D%/packages/patches/fail2ban-paths-guix-conf.patch \ diff --git a/gnu/packages/patches/expat-CVE-2024-45490.patch b/gnu/packages/patches/expat-CVE-2024-45490.patch deleted file mode 100644 index f876e78651..0000000000 --- a/gnu/packages/patches/expat-CVE-2024-45490.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf.patch -Fixed in 2.6.3. -Takes only 1 of the 3 patches from -https://github.com/libexpat/libexpat/pull/890 to take the fix and not the -tests because that part doesn't apply cleanly. - -From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Mon, 19 Aug 2024 22:26:07 +0200 -Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer - -Reported by TaiYou - ---- - expat/lib/xmlparse.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 91682c188..ba1038119 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -2038,6 +2038,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) { - - if (parser == NULL) - return XML_STATUS_ERROR; -+ -+ if (len < 0) { -+ parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT; -+ return XML_STATUS_ERROR; -+ } -+ - switch (parser->m_parsingStatus.parsing) { - case XML_SUSPENDED: - parser->m_errorCode = XML_ERROR_SUSPENDED; diff --git a/gnu/packages/patches/expat-CVE-2024-45491.patch b/gnu/packages/patches/expat-CVE-2024-45491.patch deleted file mode 100644 index 8ff10559bf..0000000000 --- a/gnu/packages/patches/expat-CVE-2024-45491.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://github.com/libexpat/libexpat/commit/8e439a9947e9dc80a395c0c7456545d8d9d9e421.patch -Fixed in 2.6.3. - -From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Mon, 19 Aug 2024 22:34:13 +0200 -Subject: [PATCH] lib: Detect integer overflow in dtdCopy - -Reported by TaiYou ---- - expat/lib/xmlparse.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 91682c188..e2327bdcf 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd, - if (! newE) - return 0; - if (oldE->nDefaultAtts) { -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if ((size_t)oldE->nDefaultAtts -+ > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) { -+ return 0; -+ } -+#endif - newE->defaultAtts - = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE)); - if (! newE->defaultAtts) { diff --git a/gnu/packages/patches/expat-CVE-2024-45492.patch b/gnu/packages/patches/expat-CVE-2024-45492.patch deleted file mode 100644 index 852a9b3f59..0000000000 --- a/gnu/packages/patches/expat-CVE-2024-45492.patch +++ /dev/null @@ -1,33 +0,0 @@ -https://github.com/libexpat/libexpat/commit/9bf0f2c16ee86f644dd1432507edff94c08dc232.patch -Fixed in 2.6.3. - -From 9bf0f2c16ee86f644dd1432507edff94c08dc232 Mon Sep 17 00:00:00 2001 -From: Sebastian Pipping -Date: Mon, 19 Aug 2024 22:37:16 +0200 -Subject: [PATCH] lib: Detect integer overflow in function nextScaffoldPart - -Reported by TaiYou ---- - expat/lib/xmlparse.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/lib/xmlparse.c b/lib/xmlparse.c -index 91682c188..f737575ea 100644 ---- a/lib/xmlparse.c -+++ b/lib/xmlparse.c -@@ -7558,6 +7558,15 @@ nextScaffoldPart(XML_Parser parser) { - int next; - - if (! dtd->scaffIndex) { -+ /* Detect and prevent integer overflow. -+ * The preprocessor guard addresses the "always false" warning -+ * from -Wtype-limits on platforms where -+ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */ -+#if UINT_MAX >= SIZE_MAX -+ if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) { -+ return -1; -+ } -+#endif - dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int)); - if (! dtd->scaffIndex) - return -1; diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm index 10cd6d98fa..33c409212f 100644 --- a/gnu/packages/xml.scm +++ b/gnu/packages/xml.scm @@ -127,8 +127,7 @@ (define-public libxmlb (define-public expat (package (name "expat") - (version "2.5.0") - (replacement expat/fixed) + (version "2.7.1") (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c)))) (origin (method url-fetch) @@ -140,7 +139,7 @@ (define-public expat "/expat-" version ".tar.xz"))) (sha256 (base32 - "1gnwihpfz4x18rwd6cbrdggmfqjzwsdfh1gpmc0ph21c4gq2097g"))))) + "0c3w446jrrnss3ccgx9z590lpwbpxiqdbxv2a0p036cg9da54i9m"))))) (build-system gnu-build-system) (arguments '(#:phases (modify-phases %standard-phases @@ -164,17 +163,6 @@ (define-public expat things the parser might find in the XML document (like start tags).") (license license:expat))) -(define-public expat/fixed - (hidden-package - (package - (inherit expat) - (replacement expat/fixed) - (source (origin - (inherit (package-source expat)) - (patches (search-patches "expat-CVE-2024-45490.patch" - "expat-CVE-2024-45491.patch" - "expat-CVE-2024-45492.patch"))))))) - (define-public libebml (package (name "libebml")