From unknown Thu Jun 19 14:20:25 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#32407] [PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].
Resent-From: Leo Famulari <leo@famulari.name>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 09 Aug 2018 12:28:02 +0000
Resent-Message-ID: <handler.32407.B.15338176247795@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 32407
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 32407@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.15338176247795
          (code B ref -1); Thu, 09 Aug 2018 12:28:02 +0000
Received: (at submit) by debbugs.gnu.org; 9 Aug 2018 12:27:04 +0000
Received: from localhost ([127.0.0.1]:45588 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fnk1w-00021f-Cn
	for submit@debbugs.gnu.org; Thu, 09 Aug 2018 08:27:04 -0400
Received: from eggs.gnu.org ([208.118.235.92]:48517)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1fnk1v-00021B-BO
 for submit@debbugs.gnu.org; Thu, 09 Aug 2018 08:27:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fnk1p-0005Xh-6S
 for submit@debbugs.gnu.org; Thu, 09 Aug 2018 08:26:58 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:53519)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1fnk1p-0005XZ-2N
 for submit@debbugs.gnu.org; Thu, 09 Aug 2018 08:26:57 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39480)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fnk1n-0006cU-Rq
 for guix-patches@gnu.org; Thu, 09 Aug 2018 08:26:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fnk1j-0005T3-TQ
 for guix-patches@gnu.org; Thu, 09 Aug 2018 08:26:55 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:47995)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1fnk1j-0005S3-9S
 for guix-patches@gnu.org; Thu, 09 Aug 2018 08:26:51 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 9E13921B36;
 Thu,  9 Aug 2018 08:26:49 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Thu, 09 Aug 2018 08:26:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:message-id:subject:to:x-me-sender:x-me-sender
 :x-sasl-enc; s=mesmtp; bh=UAsx6UgP0BVVM2f0RnJwihn+/O4QQyj2NhFGKB
 GQVlc=; b=KS4MB0HOAgZzXJsdxmxhKCt+6VdJXfJrp44ByUBkL2gxJ4zdy978/3
 HtY90GfnpnLoMMQ7AnSH/rVcRrP3YC3fw3O8766lCZCM5gIT7sIoUkh5YuZuoCD+
 RSqCbqT1vI7hvyTaIsPOIrn6dRQbNCo4RwU2RT0i+kdC3zN+6vL7w=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:message-id:subject:to
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=UAsx6UgP0BVVM2f0R
 nJwihn+/O4QQyj2NhFGKBGQVlc=; b=YRqtxl81TkEBj38brUftR0i8trlHxpDX8
 e1ws6ZnqAkMWvivSuz6Yg8wku4OdYgmF2/oIdwJTvMHg5nsiBxjVOP7l9BNsYxS2
 oSc03HYDx9mpMFBUstzlyk2KbNAD3FaAsG7B50Pbd6BiLA84Ku7zLHZM5TgQuT/I
 ln9DBwWcSXhrryzhfw2sEmyeRZOz4TAyqhgbtInaJX8VoFNTXXQ6OQMMfztf9B6F
 1fKP012+H40tSN7vWsgwXqUt38iyXEur2ZgXaFubZ/2BgyNKR6sUJo56fP+8cQX6
 /5p3EaFwLJs8AYGijZc/ZnXQ1DN1r9ge+6Y9q2474vl4/SyqivB5g==
X-ME-Proxy: <xmx:CTNsWyPiUOw4a5W2d_gpNy-WMDcvmXn5yhTlo9ydwyJ3wbOI1te7Sw>
 <xmx:CTNsW9szkeXasa_-wAdIg5a8hcZRncsotAikmoPTywrUYk2DlzkreQ>
 <xmx:CTNsW_TpECf6BIK6zvlJ2dESdmcp4ylkh3ntki9mMWr7-pfQ9g2gog>
 <xmx:CTNsW5Do-vSq1LR3ZkxKkwiFgPRIqdosXXUdX_n00oAdIa2u0sxUrA>
 <xmx:CTNsW1NSo8a4CkPEpyjtF4D-2dKc7zRF9ftZR01pKUiWcirJxF2gyg>
 <xmx:CTNsWyFnUSfewOuZwHTF7EKqHYTMRjQAB8cVqSOfBprB6dNI9p_CgA>
X-ME-Sender: <xms:CTNsW6qrfYgkFW-hyyrVoM6xTu8CY2IkNVvRfeHeVfIGuDE0MVZ66w>
Received: from jasmine.lan (unknown [128.64.129.14])
 by mail.messagingengine.com (Postfix) with ESMTPA id 2B2391025D
 for <guix-patches@gnu.org>; Thu,  9 Aug 2018 08:26:49 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
Date: Thu,  9 Aug 2018 08:26:34 -0400
Message-Id: <6524c392617ffd5cfacc8d599b9fc60f07c9d5c1.1533817593.git.leo@famulari.name>
X-Mailer: git-send-email 2.18.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.1 (----)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.1 (-----)

* gnu/packages/version-control.scm (cgit): Update to 1.2.1.
[inputs]: Use the source of GIT.
---
 gnu/packages/version-control.scm | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 3db5796b4..14e0b9d7f 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -143,8 +143,8 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
-   ;; to be updated as well.
+   ;; XXX When updating Git, check if the special 'git-source' input to cgit
+   ;; needs to be updated as well.
    (version "2.18.0")
    (source (origin
             (method url-fetch)
@@ -558,9 +558,7 @@ collaboration using typical untrusted file hosts or services.")
 (define-public cgit
   (package
     (name "cgit")
-    ;; XXX When updating cgit, try removing the special 'git:src' input and
-    ;; using the source of the git package.
-    (version "1.1")
+    (version "1.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -568,7 +566,7 @@ collaboration using typical untrusted file hosts or services.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "142qcgs8dwnzhymn0a7xx47p9fc2z5wrb86ah4a9iz0mpqlsz288"))))
+                "1gw2j5xc5qdx2hwiwkr8h6kgya7v9d9ff9j32ga1dys0cca7qm1w"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; XXX: fail to build the in-source git.
@@ -580,7 +578,7 @@ collaboration using typical untrusted file hosts or services.")
            (lambda* (#:key inputs #:allow-other-keys)
              ;; Unpack the source of git into the 'git' directory.
              (invoke "tar" "--strip-components=1" "-C" "git" "-xf"
-                     (assoc-ref inputs "git:src"))))
+                     (assoc-ref inputs "git-source"))))
          (add-after 'unpack 'patch-absolute-file-names
            (lambda* (#:key inputs #:allow-other-keys)
              (define (quoted-file-name input path)
@@ -642,16 +640,8 @@ collaboration using typical untrusted file hosts or services.")
        ("bzip2" ,bzip2)
        ("xz" ,xz)))
     (inputs
-     `(;; Cgit directly accesses some internal Git interfaces that changed in
-       ;; Git 2.12.  Try removing this special input and using the source of the
-       ;; Git package for cgit > 1.1.
-       ("git:src"
-        ,(origin
-           (method url-fetch)
-           (uri "mirror://kernel.org/software/scm/git/git-2.10.5.tar.xz")
-           (sha256
-            (base32
-             "1r2aa19gnrvm2y4fqcvpw1g9l72n48axqmpgv18s6d0y2p72vhzj"))))
+     `(;; Building cgit requires a Git source tree.
+       ("git-source" ,(package-source git))
        ("openssl" ,openssl)
        ("groff" ,groff)
        ("python" ,python)
-- 
2.18.0





From unknown Thu Jun 19 14:20:25 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#32407] [PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].
Resent-From: Marius Bakke <mbakke@fastmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 09 Aug 2018 20:31:01 +0000
Resent-Message-ID: <handler.32407.B32407.153384663730916@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 32407
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Leo Famulari <leo@famulari.name>, 32407@debbugs.gnu.org
Received: via spool by 32407-submit@debbugs.gnu.org id=B32407.153384663730916
          (code B ref 32407); Thu, 09 Aug 2018 20:31:01 +0000
Received: (at 32407) by debbugs.gnu.org; 9 Aug 2018 20:30:37 +0000
Received: from localhost ([127.0.0.1]:46178 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fnrZt-00082a-Bn
	for submit@debbugs.gnu.org; Thu, 09 Aug 2018 16:30:37 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:57971)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@fastmail.com>) id 1fnrZq-00082N-PD
 for 32407@debbugs.gnu.org; Thu, 09 Aug 2018 16:30:35 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 595C721C4F;
 Thu,  9 Aug 2018 16:30:34 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute5.internal (MEProxy); Thu, 09 Aug 2018 16:30:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm3; bh=C028q5XSl479rO4TYopLVT7AyNr37AlXilEN7ttnEIc=; b=Jf/xzhxf
 GYVwMn5fjkt+5dd4hYtDrfQ66egQXMHsKUQm4Q+fQmEGDolbqY9M41syHgFE2GBc
 UT4U5mprMR9qUT2/TO3ADzWN9lXW96MhqpssTppWkVguSKGl19IaY3XeApen6TsW
 fYHGCuIpaEkvJvWNiDCpXyWXri/QEsu1YO1UyBjfYEj3+ChrWRGgMeT6mjErb9s0
 a40mreDbJLFZuc3sTld6COaktxeNWl0OTrmvc8afx4G+VlFJPdFY/ZV3BlzHS2up
 UFaFfT/dzxjClHOXgg7cJ9VEMShOT9U2oRmixIWqz5So1bFh/MbfBWNM7LYw8Pi7
 P7QSsvq0jCxsMw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm3; bh=C028q5XSl479rO4TYopLVT7AyNr37
 AlXilEN7ttnEIc=; b=dF82Yh13ofWmlDW7B/mJHrRvnawyQEnfZZ+Gby4iNFw4a
 93xKYsLDNq66iy/2c84+ukdIXBF14XN228tURklg3YRxsf3wBMVSO9+o39qTp4d+
 c1wip9Sa5Pedqx8N2HgrEDGbSGFKvUXytT9G6olRLWJ8g7WwBXh6DpYKjpN/vPKX
 4M3GoRZpDT5KHrEbuvXSMKLIjSMJjZSx8HuFlwvH8jRRiCpdSs9TEjqLVGmgqqZy
 ahnuhUsZUz14B2+u8+w8tGtVhofxsLa4Ns/V5FV+UJy/kpV/qTKDdHFONXTbZVmp
 1qJoMZnzF68YZSsAMK+0Xpqji+VkUky3XxM6aLf1g==
X-ME-Proxy: <xmx:aaRsWyzHIPbLFTexjbELuCYXE2JS0Jcvj6EbS1YPoLBdoAlzhmRdmQ>
 <xmx:aaRsWyb4a71AXZpGBaumuPGBXahp7ecY0hw7Mmgi1pM2S7G5fnpWRQ>
 <xmx:aaRsWxWLN6iOkFAszdyYG2gpVbgvCoUqLezlam4ErdbOdD7zE4aGuA>
 <xmx:aaRsWzGy2LY4jkTVpzgy8pgNQsCdPQGZU9gojdHvNI4UoyIu4EPDTA>
 <xmx:aaRsW7C9LXAghg31LSzu3fWocXfVReakdnHfPzn_ZFrklrWdi19o8Q>
 <xmx:aqRsWw1xBJvPichPgYfDSdD4B4JFe966dC-7u-er85qasy9q8055hw>
X-ME-Sender: <xms:aaRsW-Kh5OiQH1upeIo91ecbO5L9ktML9Qhm9PUcXKomjgjkdpoBqg>
Received: from localhost (95.92-221-151.customer.lyse.net [92.221.151.95])
 by mail.messagingengine.com (Postfix) with ESMTPA id 4769CE4074;
 Thu,  9 Aug 2018 16:30:33 -0400 (EDT)
From: Marius Bakke <mbakke@fastmail.com>
In-Reply-To: <6524c392617ffd5cfacc8d599b9fc60f07c9d5c1.1533817593.git.leo@famulari.name>
References: <6524c392617ffd5cfacc8d599b9fc60f07c9d5c1.1533817593.git.leo@famulari.name>
User-Agent: Notmuch/0.27 (https://notmuchmail.org) Emacs/26.1
 (x86_64-pc-linux-gnu)
Date: Thu, 09 Aug 2018 22:30:31 +0200
Message-ID: <877ekzb7vc.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

--=-=-=
Content-Type: text/plain

Leo Famulari <leo@famulari.name> writes:

> * gnu/packages/version-control.scm (cgit): Update to 1.2.1.
> [inputs]: Use the source of GIT.

LGTM, thank you!

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAltspGcACgkQoqBt8qM6
VPp4WQf/eCoMU0XQwxvL89io16MyW3X4oXD5+2od6aC6ANyWFGLY6EZL4akBt9Te
+BcEeFEcMY9g9YBjGzI0YlJTy8Ktphf3USM1mtTDLPpi86s64BcGkKr2jAdS7eSk
hfhSNQQ57WPINgCUOeLSqYJOwY1n6vYfsNFUIZlJ+UoeXX1T3X18wxyMq6mLZU3l
B/RxlklhFxBU1YvWazGBprnS5E/FbOtMcIh1TXGLh3Ny66WvquAO6P2KyrWedyRg
lHcHQ3ZFIvP2kefwbGnAw+npy39T4PddExRwVRyRHFNdC8WhwqSWvszx0Ic4l0o8
5tnisfd9h+NFdbButa4CTLXLVWiBcg==
=/Q26
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Thu Jun 19 14:20:25 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo@famulari.name>
Subject: bug#32407: closed (Re: [bug#32407] [PATCH] gnu: cgit: Update to
 1.2.1 [fixes CVE-2018-14912].)
Message-ID: <handler.32407.D32407.15338533709492.notifdone@debbugs.gnu.org>
References: <20180809222247.GB7733@jasmine.lan>
 <6524c392617ffd5cfacc8d599b9fc60f07c9d5c1.1533817593.git.leo@famulari.name>
X-Gnu-PR-Message: they-closed 32407
X-Gnu-PR-Package: guix-patches
X-Gnu-PR-Keywords: patch
Reply-To: 32407@debbugs.gnu.org
Date: Thu, 09 Aug 2018 22:23:03 +0000
Content-Type: multipart/mixed; boundary="----------=_1533853383-9551-1"

This is a multi-part message in MIME format...

------------=_1533853383-9551-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#32407: [PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 32407@debbugs.gnu.org.

--=20
32407: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D32407
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1533853383-9551-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 32407-done) by debbugs.gnu.org; 9 Aug 2018 22:22:50 +0000
Received: from localhost ([127.0.0.1]:46222 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fntKT-0002T2-Nm
	for submit@debbugs.gnu.org; Thu, 09 Aug 2018 18:22:49 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:39119)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1fntKS-0002Sv-I1
 for 32407-done@debbugs.gnu.org; Thu, 09 Aug 2018 18:22:48 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 78134213D0;
 Thu,  9 Aug 2018 18:22:48 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Thu, 09 Aug 2018 18:22:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 mesmtp; bh=RJf7x/QLHTlrlJ6H4NXyoEo+Zc+o636psjygx52BpdA=; b=VMdkn
 rFY7ckmyBL0sC8PnSBwd7J1DRC/U80Wo+6BxwSAhSCNQwKxmfmj3EkAFWq0GmZQl
 wrd69pFUyXxATMCJwOqlkh+3Vh8PVPk8wF38K5zJgPjBRAFhmPBkGpy0XR3ATyu2
 kUH9xbse5rCAb1aSiICTj5wGqau2YYOT1+sYOQ=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm3; bh=RJf7x/QLHTlrlJ6H4NXyoEo+Zc+o6
 36psjygx52BpdA=; b=j6WICiN6t2tRHZF2ckMJy/R1vWQltdvgXjlohxgAGjgiC
 +CjGsQtew1s7Y2n66VnZL1LB4kDyewOHd5zPqWxGkykkNjYkgUkA/ZT+cYj+OenZ
 9AWTv0aDZrMlaPin/s99Grsmg4ipMObnZ5U+5Ow+lJUw14UURCUkjtxhpEnGzqlb
 h9nFRNkuL21vo44hR7NX14pTq9wBe9HOIxArGDKmnXnhJvozPZkDVFtjbQ72Ts33
 ho4Fvxjqvff3O5YeFnUkb4HUAJXl3zk70NdHLaDcGVMU+AiNUwmF5Tm/sBYHe5Rm
 CCu/BUcwOQ0MjptLtjS1B8dUfbupq7UVkEYEy1HRQ==
X-ME-Proxy: <xmx:uL5sWymfdjtR-906TfqeVXa1JqtgpvF9h8bYLVSF_-tDM6xEygXZEQ>
 <xmx:uL5sW9mr4cO9322fcuNgjwCt6M2s34W4rO_ts35MwZvPyzYtxw9S8w>
 <xmx:uL5sW2MtVmhqjeymlmEl9hpNqJ1iB7r4ntzqZt6yzm5-78rZpstrmw>
 <xmx:uL5sW5RyqjS33gotrxphL4EFKeoPHOgsobE0fpMCIhFuHCQq5autdQ>
 <xmx:uL5sW4LDVtk6huB3U566qAj73b5l-cBdG7nkRMtrEODOLveLGbl8QA>
 <xmx:uL5sWxiZ5hEOVEN0fvCQGmwfTQWFIPJVHHO6M3Zo3SHaH1HbG3lY0w>
X-ME-Sender: <xms:uL5sW90Lc4n67qHeB5GIBHfz51qn9BghyxSHAWF1YqejQ_nivtUNiA>
Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net
 [76.124.202.137])
 by mail.messagingengine.com (Postfix) with ESMTPA id 1004510261;
 Thu,  9 Aug 2018 18:22:48 -0400 (EDT)
Date: Thu, 9 Aug 2018 18:22:47 -0400
From: Leo Famulari <leo@famulari.name>
To: Marius Bakke <mbakke@fastmail.com>
Subject: Re: [bug#32407] [PATCH] gnu: cgit: Update to 1.2.1 [fixes
 CVE-2018-14912].
Message-ID: <20180809222247.GB7733@jasmine.lan>
References: <6524c392617ffd5cfacc8d599b9fc60f07c9d5c1.1533817593.git.leo@famulari.name>
 <877ekzb7vc.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="wq9mPyueHGvFACwf"
Content-Disposition: inline
In-Reply-To: <877ekzb7vc.fsf@fastmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 32407-done
Cc: 32407-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


--wq9mPyueHGvFACwf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 09, 2018 at 10:30:31PM +0200, Marius Bakke wrote:
> Leo Famulari <leo@famulari.name> writes:
>=20
> > * gnu/packages/version-control.scm (cgit): Update to 1.2.1.
> > [inputs]: Use the source of GIT.
>=20
> LGTM, thank you!

Thanks, pushed as 19a3e7f84af512fb6ae718e25977458c0cd501af

--wq9mPyueHGvFACwf
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAltsvrcACgkQJkb6MLrK
fwjiYA/9GUdhTzFIKP2JoYCjYkBUE+bxKVK4EB9iEqY0HKo+pBZIfEbQPiNvRcLv
0i57YR//UTu0ctiiayBgiPyKudl6jklKmJTggQZopFwOsAyzzuWqz2MKT+Fi8vPn
nJ+x9DapJfrllkhxL3CqXc/zAdoCxuMTVOpHCo72s4KS73DilrVhhFhQr9imFMpX
iuNnFuGgNGZ5NEZd+blwRVmNVigPYdaiEJjr9x/+DU7f6VixLeuHe5/OEZkDzPBn
ZK68brRwr+ne9y8DeaqotmnL4pJdUEEtqeX7x7a/1nvOYxDKzIpWuKDPvWkZK4oV
IcOU9krkML+gb3C1KhhnWB1djcgx6iJ6a7Yrd0H5fQPzdR8Wgrlmwrxe1O+j0Kex
4dyGpvTfwy2MdSyD3r8I6AeQJUsgQckk1z1cEZIfu3OpBcOv19UjiGSygXYyn5Y4
SaKg5y8uZtoLPFvVmW+Ayg2m/amY+YdtorlMNXYFbNNcGcfaiItdStADzQ5oTEFR
Ym3pYPue51g52kCUunIURB9x8utXLbnDDsb77itoINI3o+1B4gDhmXFG75OCj4mZ
GR/g2K8ZNN9N3ALME2IxWRAiOzH/cqRucIMzfZCxjWHx9NPcphj2qrVuZPnqzniY
yMId65OOL8KeUhm18jxw37pOfS1f8ScG8cP8mKncLwZ3kmLszSc=
=6yCm
-----END PGP SIGNATURE-----

--wq9mPyueHGvFACwf--


------------=_1533853383-9551-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 9 Aug 2018 12:27:04 +0000
Received: from localhost ([127.0.0.1]:45588 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1fnk1w-00021f-Cn
	for submit@debbugs.gnu.org; Thu, 09 Aug 2018 08:27:04 -0400
Received: from eggs.gnu.org ([208.118.235.92]:48517)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1fnk1v-00021B-BO
 for submit@debbugs.gnu.org; Thu, 09 Aug 2018 08:27:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fnk1p-0005Xh-6S
 for submit@debbugs.gnu.org; Thu, 09 Aug 2018 08:26:58 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:53519)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1fnk1p-0005XZ-2N
 for submit@debbugs.gnu.org; Thu, 09 Aug 2018 08:26:57 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39480)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fnk1n-0006cU-Rq
 for guix-patches@gnu.org; Thu, 09 Aug 2018 08:26:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@famulari.name>) id 1fnk1j-0005T3-TQ
 for guix-patches@gnu.org; Thu, 09 Aug 2018 08:26:55 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:47995)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@famulari.name>) id 1fnk1j-0005S3-9S
 for guix-patches@gnu.org; Thu, 09 Aug 2018 08:26:51 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 9E13921B36;
 Thu,  9 Aug 2018 08:26:49 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Thu, 09 Aug 2018 08:26:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:message-id:subject:to:x-me-sender:x-me-sender
 :x-sasl-enc; s=mesmtp; bh=UAsx6UgP0BVVM2f0RnJwihn+/O4QQyj2NhFGKB
 GQVlc=; b=KS4MB0HOAgZzXJsdxmxhKCt+6VdJXfJrp44ByUBkL2gxJ4zdy978/3
 HtY90GfnpnLoMMQ7AnSH/rVcRrP3YC3fw3O8766lCZCM5gIT7sIoUkh5YuZuoCD+
 RSqCbqT1vI7hvyTaIsPOIrn6dRQbNCo4RwU2RT0i+kdC3zN+6vL7w=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=date:from:message-id:subject:to
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=UAsx6UgP0BVVM2f0R
 nJwihn+/O4QQyj2NhFGKBGQVlc=; b=YRqtxl81TkEBj38brUftR0i8trlHxpDX8
 e1ws6ZnqAkMWvivSuz6Yg8wku4OdYgmF2/oIdwJTvMHg5nsiBxjVOP7l9BNsYxS2
 oSc03HYDx9mpMFBUstzlyk2KbNAD3FaAsG7B50Pbd6BiLA84Ku7zLHZM5TgQuT/I
 ln9DBwWcSXhrryzhfw2sEmyeRZOz4TAyqhgbtInaJX8VoFNTXXQ6OQMMfztf9B6F
 1fKP012+H40tSN7vWsgwXqUt38iyXEur2ZgXaFubZ/2BgyNKR6sUJo56fP+8cQX6
 /5p3EaFwLJs8AYGijZc/ZnXQ1DN1r9ge+6Y9q2474vl4/SyqivB5g==
X-ME-Proxy: <xmx:CTNsWyPiUOw4a5W2d_gpNy-WMDcvmXn5yhTlo9ydwyJ3wbOI1te7Sw>
 <xmx:CTNsW9szkeXasa_-wAdIg5a8hcZRncsotAikmoPTywrUYk2DlzkreQ>
 <xmx:CTNsW_TpECf6BIK6zvlJ2dESdmcp4ylkh3ntki9mMWr7-pfQ9g2gog>
 <xmx:CTNsW5Do-vSq1LR3ZkxKkwiFgPRIqdosXXUdX_n00oAdIa2u0sxUrA>
 <xmx:CTNsW1NSo8a4CkPEpyjtF4D-2dKc7zRF9ftZR01pKUiWcirJxF2gyg>
 <xmx:CTNsWyFnUSfewOuZwHTF7EKqHYTMRjQAB8cVqSOfBprB6dNI9p_CgA>
X-ME-Sender: <xms:CTNsW6qrfYgkFW-hyyrVoM6xTu8CY2IkNVvRfeHeVfIGuDE0MVZ66w>
Received: from jasmine.lan (unknown [128.64.129.14])
 by mail.messagingengine.com (Postfix) with ESMTPA id 2B2391025D
 for <guix-patches@gnu.org>; Thu,  9 Aug 2018 08:26:49 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].
Date: Thu,  9 Aug 2018 08:26:34 -0400
Message-Id: <6524c392617ffd5cfacc8d599b9fc60f07c9d5c1.1533817593.git.leo@famulari.name>
X-Mailer: git-send-email 2.18.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.1 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.1 (-----)

* gnu/packages/version-control.scm (cgit): Update to 1.2.1.
[inputs]: Use the source of GIT.
---
 gnu/packages/version-control.scm | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 3db5796b4..14e0b9d7f 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -143,8 +143,8 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
-   ;; to be updated as well.
+   ;; XXX When updating Git, check if the special 'git-source' input to cgit
+   ;; needs to be updated as well.
    (version "2.18.0")
    (source (origin
             (method url-fetch)
@@ -558,9 +558,7 @@ collaboration using typical untrusted file hosts or services.")
 (define-public cgit
   (package
     (name "cgit")
-    ;; XXX When updating cgit, try removing the special 'git:src' input and
-    ;; using the source of the git package.
-    (version "1.1")
+    (version "1.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -568,7 +566,7 @@ collaboration using typical untrusted file hosts or services.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "142qcgs8dwnzhymn0a7xx47p9fc2z5wrb86ah4a9iz0mpqlsz288"))))
+                "1gw2j5xc5qdx2hwiwkr8h6kgya7v9d9ff9j32ga1dys0cca7qm1w"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; XXX: fail to build the in-source git.
@@ -580,7 +578,7 @@ collaboration using typical untrusted file hosts or services.")
            (lambda* (#:key inputs #:allow-other-keys)
              ;; Unpack the source of git into the 'git' directory.
              (invoke "tar" "--strip-components=1" "-C" "git" "-xf"
-                     (assoc-ref inputs "git:src"))))
+                     (assoc-ref inputs "git-source"))))
          (add-after 'unpack 'patch-absolute-file-names
            (lambda* (#:key inputs #:allow-other-keys)
              (define (quoted-file-name input path)
@@ -642,16 +640,8 @@ collaboration using typical untrusted file hosts or services.")
        ("bzip2" ,bzip2)
        ("xz" ,xz)))
     (inputs
-     `(;; Cgit directly accesses some internal Git interfaces that changed in
-       ;; Git 2.12.  Try removing this special input and using the source of the
-       ;; Git package for cgit > 1.1.
-       ("git:src"
-        ,(origin
-           (method url-fetch)
-           (uri "mirror://kernel.org/software/scm/git/git-2.10.5.tar.xz")
-           (sha256
-            (base32
-             "1r2aa19gnrvm2y4fqcvpw1g9l72n48axqmpgv18s6d0y2p72vhzj"))))
+     `(;; Building cgit requires a Git source tree.
+       ("git-source" ,(package-source git))
        ("openssl" ,openssl)
        ("groff" ,groff)
        ("python" ,python)
-- 
2.18.0




------------=_1533853383-9551-1--