GNU bug report logs - #32407
[PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 9 Aug 2018 12:28:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#32407: closed ([PATCH] gnu: cgit: Update to 1.2.1 [fixes
 CVE-2018-14912].)
Date: Thu, 09 Aug 2018 22:23:03 +0000

[Message part 1 (text/plain, inline)]
Your message dated Thu, 9 Aug 2018 18:22:47 -0400
with message-id <20180809222247.GB7733 <at> jasmine.lan>
and subject line Re: [bug#32407] [PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].
has caused the debbugs.gnu.org bug report #32407,
regarding [PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
32407: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=32407
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].
Date: Thu,  9 Aug 2018 08:26:34 -0400

* gnu/packages/version-control.scm (cgit): Update to 1.2.1.
[inputs]: Use the source of GIT.
---
 gnu/packages/version-control.scm | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 3db5796b4..14e0b9d7f 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -143,8 +143,8 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
-   ;; to be updated as well.
+   ;; XXX When updating Git, check if the special 'git-source' input to cgit
+   ;; needs to be updated as well.
    (version "2.18.0")
    (source (origin
             (method url-fetch)
@@ -558,9 +558,7 @@ collaboration using typical untrusted file hosts or services.")
 (define-public cgit
   (package
     (name "cgit")
-    ;; XXX When updating cgit, try removing the special 'git:src' input and
-    ;; using the source of the git package.
-    (version "1.1")
+    (version "1.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -568,7 +566,7 @@ collaboration using typical untrusted file hosts or services.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "142qcgs8dwnzhymn0a7xx47p9fc2z5wrb86ah4a9iz0mpqlsz288"))))
+                "1gw2j5xc5qdx2hwiwkr8h6kgya7v9d9ff9j32ga1dys0cca7qm1w"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; XXX: fail to build the in-source git.
@@ -580,7 +578,7 @@ collaboration using typical untrusted file hosts or services.")
            (lambda* (#:key inputs #:allow-other-keys)
              ;; Unpack the source of git into the 'git' directory.
              (invoke "tar" "--strip-components=1" "-C" "git" "-xf"
-                     (assoc-ref inputs "git:src"))))
+                     (assoc-ref inputs "git-source"))))
          (add-after 'unpack 'patch-absolute-file-names
            (lambda* (#:key inputs #:allow-other-keys)
              (define (quoted-file-name input path)
@@ -642,16 +640,8 @@ collaboration using typical untrusted file hosts or services.")
        ("bzip2" ,bzip2)
        ("xz" ,xz)))
     (inputs
-     `(;; Cgit directly accesses some internal Git interfaces that changed in
-       ;; Git 2.12.  Try removing this special input and using the source of the
-       ;; Git package for cgit > 1.1.
-       ("git:src"
-        ,(origin
-           (method url-fetch)
-           (uri "mirror://kernel.org/software/scm/git/git-2.10.5.tar.xz")
-           (sha256
-            (base32
-             "1r2aa19gnrvm2y4fqcvpw1g9l72n48axqmpgv18s6d0y2p72vhzj"))))
+     `(;; Building cgit requires a Git source tree.
+       ("git-source" ,(package-source git))
        ("openssl" ,openssl)
        ("groff" ,groff)
        ("python" ,python)
-- 
2.18.0




[Message part 3 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 32407-done <at> debbugs.gnu.org
Subject: Re: [bug#32407] [PATCH] gnu: cgit: Update to 1.2.1 [fixes
 CVE-2018-14912].
Date: Thu, 9 Aug 2018 18:22:47 -0400

[Message part 4 (text/plain, inline)]
On Thu, Aug 09, 2018 at 10:30:31PM +0200, Marius Bakke wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> 
> > * gnu/packages/version-control.scm (cgit): Update to 1.2.1.
> > [inputs]: Use the source of GIT.
> 
> LGTM, thank you!

Thanks, pushed as 19a3e7f84af512fb6ae718e25977458c0cd501af

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 311 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.