GNU bug report logs -
#32043
[PATCH] gnu: libgit2: Update to 0.26.4 [fixes CVE-2018-11235].
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Mon, 2 Jul 2018 22:18:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 32043 in the body.
You can then email your comments to 32043 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#32043; Package
guix-patches.
(Mon, 02 Jul 2018 22:18:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 02 Jul 2018 22:18:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/version-control.scm (libgit2): Update to 0.26.4.
(source): Adjust patch name.
* gnu/packages/patches/libgit2-0.25.1-mtime-0.patch: Rename to ...
* gnu/packages/patches/julia-libgit2-fix.patch: ... this.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
gnu/local.mk | 2 +-
gnu/packages/patches/julia-libgit2-fix.patch | 22 +++++++++++++++++++
.../patches/libgit2-0.25.1-mtime-0.patch | 14 ------------
gnu/packages/version-control.scm | 6 ++---
4 files changed, 26 insertions(+), 18 deletions(-)
create mode 100644 gnu/packages/patches/julia-libgit2-fix.patch
delete mode 100644 gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 10b61ba1b..2a1d2d42d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -860,7 +860,7 @@ dist_patch_DATA = \
%D%/packages/patches/libevent-2.1-skip-failing-test.patch \
%D%/packages/patches/libexif-CVE-2016-6328.patch \
%D%/packages/patches/libexif-CVE-2017-7544.patch \
- %D%/packages/patches/libgit2-0.25.1-mtime-0.patch \
+ %D%/packages/patches/libgit2-mtime-0.patch \
%D%/packages/patches/libgdata-fix-tests.patch \
%D%/packages/patches/libgdata-glib-duplicate-tests.patch \
%D%/packages/patches/libgnome-encoding.patch \
diff --git a/gnu/packages/patches/julia-libgit2-fix.patch b/gnu/packages/patches/julia-libgit2-fix.patch
new file mode 100644
index 000000000..599e01f4b
--- /dev/null
+++ b/gnu/packages/patches/julia-libgit2-fix.patch
@@ -0,0 +1,22 @@
+commit 782460f9bab4af35097c13c4dbab61cb263490b9
+Author: Milan Bouchet-Valat <nalimilan <at> club.fr>
+Date: Tue Jul 11 10:02:32 2017 +0200
+
+ Fix libgit2 test failure with system libgit2 and OpenSSL (#22722)
+
+ The first letter of the error message is in lowercase in some systems,
+ notably Fedora Rawhide with libgit2 0.26 and OpenSSL 1.1.0f.
+
+diff --git a/test/libgit2.jl b/test/libgit2.jl
+index d7e32d21a9..f5104e9ec7 100644
+--- a/test/libgit2.jl
++++ b/test/libgit2.jl
+@@ -1905,7 +1905,8 @@ mktempdir() do dir
+ deserialize(f)
+ end
+ @test err.code == LibGit2.Error.ECERTIFICATE
+- @test startswith(err.msg, "The SSL certificate is invalid")
++ @test startswith(lowercase(err.msg),
++ lowercase("The SSL certificate is invalid"))
+
+ rm(errfile)
diff --git a/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch b/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
deleted file mode 100644
index a6fdb50ff..000000000
--- a/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-The Clar test framework has a bug whereby it skips the parsing phase
-on files with mtime=0.
-
-Reported upstream at <https://github.com/vmg/clar/pull/78>.
-
-diff --git a/tests/generate.py b/tests/generate.py
-index b639c8f..111ca41 100644
---- a/tests/generate.py
-+++ b/tests/generate.py
-@@ -63,3 +63,3 @@ class Module(object):
-
-- self.mtime = 0
-+ self.mtime = None # Guix sets all file mtimes to '0'
- self.enabled = True
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 86d6afef3..2bd59ae95 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -419,7 +419,7 @@ everything from small to very large projects with speed and efficiency.")
(define-public libgit2
(package
(name "libgit2")
- (version "0.26.0")
+ (version "0.26.4")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/libgit2/libgit2/"
@@ -427,8 +427,8 @@ everything from small to very large projects with speed and efficiency.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1b3figbhp5l83vd37vq6j2narrq4yl9pfw6mw0px0dzb1hz3jqka"))
- (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))
+ "15ybzypyggx64ba7i0zxnnbvzh7z34fcrkwk2xj54kmv1dha4br9"))
+ (patches (search-patches "libgit2-mtime-0.patch"))
;; Remove bundled software.
(snippet '(begin
--
2.18.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#32043; Package
guix-patches.
(Mon, 02 Jul 2018 22:51:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 32043 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> * gnu/packages/version-control.scm (libgit2): Update to 0.26.4.
> (source): Adjust patch name.
> * gnu/packages/patches/libgit2-0.25.1-mtime-0.patch: Rename to ...
> * gnu/packages/patches/julia-libgit2-fix.patch: ... this.
> * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
> ---
> gnu/local.mk | 2 +-
> gnu/packages/patches/julia-libgit2-fix.patch | 22 +++++++++++++++++++
> .../patches/libgit2-0.25.1-mtime-0.patch | 14 ------------
> gnu/packages/version-control.scm | 6 ++---
> 4 files changed, 26 insertions(+), 18 deletions(-)
> create mode 100644 gnu/packages/patches/julia-libgit2-fix.patch
> delete mode 100644 gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
'libgit2-mtime-0.patch' seems to have disappeared, yet it's in the
(patches) field of libgit2. I suppose it got unstaged somehow?
'julia-libgit2-fix.patch' seems unrelated, so the commit message should
probably not say renamed. And I would guess it should be applied to the
Julia package. It would be nice with a link to the upstream commit too!
Time for a holiday perhaps? ;-)
LGTM with those adjustments!
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Mon, 02 Jul 2018 23:49:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Mon, 02 Jul 2018 23:49:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 32043-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Jul 03, 2018 at 12:50:37AM +0200, Marius Bakke wrote:
> 'libgit2-mtime-0.patch' seems to have disappeared, yet it's in the
> (patches) field of libgit2. I suppose it got unstaged somehow?
>
> 'julia-libgit2-fix.patch' seems unrelated, so the commit message should
> probably not say renamed. And I would guess it should be applied to the
> Julia package. It would be nice with a link to the upstream commit too!
>
> Time for a holiday perhaps? ;-)
Umm... perhaps too much time on holiday :/
As always, thanks for the review!
I pushed a corrected patch as 86163a017b1b16a672a202488f5bbb090e108fd1
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 31 Jul 2018 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 319 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.