GNU bug report logs - #32407
[PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 9 Aug 2018 12:28:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: 32407 <at> debbugs.gnu.org
Subject: [bug#32407] [PATCH] gnu: cgit: Update to 1.2.1 [fixes CVE-2018-14912].
Date: Thu,  9 Aug 2018 08:26:34 -0400

* gnu/packages/version-control.scm (cgit): Update to 1.2.1.
[inputs]: Use the source of GIT.
---
 gnu/packages/version-control.scm | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 3db5796b4..14e0b9d7f 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -143,8 +143,8 @@ as well as the classic centralized workflow.")
 (define-public git
   (package
    (name "git")
-   ;; XXX When updating Git, check if the special 'git:src' input to cgit needs
-   ;; to be updated as well.
+   ;; XXX When updating Git, check if the special 'git-source' input to cgit
+   ;; needs to be updated as well.
    (version "2.18.0")
    (source (origin
             (method url-fetch)
@@ -558,9 +558,7 @@ collaboration using typical untrusted file hosts or services.")
 (define-public cgit
   (package
     (name "cgit")
-    ;; XXX When updating cgit, try removing the special 'git:src' input and
-    ;; using the source of the git package.
-    (version "1.1")
+    (version "1.2.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -568,7 +566,7 @@ collaboration using typical untrusted file hosts or services.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "142qcgs8dwnzhymn0a7xx47p9fc2z5wrb86ah4a9iz0mpqlsz288"))))
+                "1gw2j5xc5qdx2hwiwkr8h6kgya7v9d9ff9j32ga1dys0cca7qm1w"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; XXX: fail to build the in-source git.
@@ -580,7 +578,7 @@ collaboration using typical untrusted file hosts or services.")
            (lambda* (#:key inputs #:allow-other-keys)
              ;; Unpack the source of git into the 'git' directory.
              (invoke "tar" "--strip-components=1" "-C" "git" "-xf"
-                     (assoc-ref inputs "git:src"))))
+                     (assoc-ref inputs "git-source"))))
          (add-after 'unpack 'patch-absolute-file-names
            (lambda* (#:key inputs #:allow-other-keys)
              (define (quoted-file-name input path)
@@ -642,16 +640,8 @@ collaboration using typical untrusted file hosts or services.")
        ("bzip2" ,bzip2)
        ("xz" ,xz)))
     (inputs
-     `(;; Cgit directly accesses some internal Git interfaces that changed in
-       ;; Git 2.12.  Try removing this special input and using the source of the
-       ;; Git package for cgit > 1.1.
-       ("git:src"
-        ,(origin
-           (method url-fetch)
-           (uri "mirror://kernel.org/software/scm/git/git-2.10.5.tar.xz")
-           (sha256
-            (base32
-             "1r2aa19gnrvm2y4fqcvpw1g9l72n48axqmpgv18s6d0y2p72vhzj"))))
+     `(;; Building cgit requires a Git source tree.
+       ("git-source" ,(package-source git))
        ("openssl" ,openssl)
        ("groff" ,groff)
        ("python" ,python)
-- 
2.18.0
This bug report was last modified 6 years and 285 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.