GNU bug report logs -
#74035
[PATCH 00/24] [security fixes] for near-leaf packages
Previous Next
Reported by: Nicolas Graves <ngraves <at> ngraves.fr>
Date: Sat, 26 Oct 2024 22:34:02 UTC
Severity: normal
Tags: patch
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 74035 in the body.
You can then email your comments to 74035 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:34:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Sat, 26 Oct 2024 22:34:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This patch series adds updates and security fixes for packages that
have less than 10 dependent packages.
Nicolas Graves (24):
gnu: python-django-4.2: Update to 4.2.16. [security fixes]
gnu: maradns: Update to 3.5.0036. [security fixes]
gnu: maradns: Improve style.
gnu: libmobi: Update to 0.12. [security fixes]
gnu: bart: Update to 0.9.00. [security fixes]
gnu: wireshark: Update to 4.4.1. [security fixes]
gnu: pam-u2f: Update to 1.3.0. [security fixes]
gnu: darkhttpd: Update to 1.16. [security fixes]
gnu: xlsxio: Update to 0.2.35. [security fixes]
gnu: pypy: Update to 7.3.17. [security fixes]
gnu: indent: Remove uneeded arguments.
gnu: indent: Add patch for CVE-2024-0911. [security fixes]
gnu: squashfs-tools: Update to 4.6.1. [security fixes]
gnu: shapelib: Update to 1.6.1. [security fixes]
gnu: libzapojit: Update to 0.0.3-1.99d49ba. [security fixes]
gnu: gifsicle: Update to 1.95. [security fixes]
gnu: sendmail: Update to 8.18.1. [security fixes]
gnu: openvpn: Update to 2.6.12. [security fixes]
gnu: youtube-dl: Deprecate package.
gnu: liblouis: Update to 3.31.0. [security fixes]
gnu: unicorn: Update to 2.1.1. [security fixes]
gnu: Add sexpp.
gnu: rnp: Update to 0.17.1. [security fixes]
gnu: cjson: Update to 1.7.18. [security fixes]
gnu/local.mk | 1 +
gnu/packages/code.scm | 31 +-------
gnu/packages/compression.scm | 52 ++++++-------
gnu/packages/django.scm | 8 +-
gnu/packages/dns.scm | 64 ++++++++--------
gnu/packages/ebook.scm | 4 +-
gnu/packages/emulators.scm | 9 ++-
gnu/packages/geo.scm | 8 +-
gnu/packages/gnome.scm | 45 ++++++-----
gnu/packages/image-processing.scm | 8 +-
gnu/packages/image.scm | 4 +-
gnu/packages/javascript.scm | 4 +-
gnu/packages/language.scm | 47 ++++++------
gnu/packages/mail.scm | 5 +-
gnu/packages/networking.scm | 4 +-
gnu/packages/openpgp.scm | 76 +++++++++++++------
.../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++
gnu/packages/pypy.scm | 4 +-
gnu/packages/security-token.scm | 9 +--
gnu/packages/video.scm | 3 +-
gnu/packages/vpn.scm | 4 +-
gnu/packages/web.scm | 24 +++---
gnu/packages/xml.scm | 4 +-
23 files changed, 278 insertions(+), 201 deletions(-)
create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:44:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
CVE-2023-43665 and CVE-2023-46695.
* gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
[properties]: Add lint-hidden-cve property.
---
gnu/packages/django.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 4404c8368d..4cf043f7c1 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -57,13 +57,13 @@ (define-module (gnu packages django)
(define-public python-django-4.2
(package
(name "python-django")
- (version "4.2.5")
+ (version "4.2.16")
(source (origin
(method url-fetch)
(uri (pypi-uri "Django" version))
(sha256
(base32
- "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
+ "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
(build-system pyproject-build-system)
(arguments
'(#:test-flags
@@ -140,7 +140,9 @@ (define-public python-django-4.2
any Web site. Django focuses on automating as much as possible and adhering
to the @dfn{don't repeat yourself} (DRY) principle.")
(license license:bsd-3)
- (properties `((cpe-name . "django")))))
+ (properties `((cpe-name . "django")
+ ;; This CVE seems fixed since 4.2.1.
+ (lint-hidden-cve . ("CVE-2023-31047"))))))
(define-public python-django-3.2
(package
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:44:03 GMT)
Full text and
rfc822 format available.
Message #11 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-31137.
* gnu/packages/dns.scm (maradns): Update to 3.5.0036.
[properties]: Add release-monitoring-url property.
---
gnu/packages/dns.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e911a142ef..bd2df30f01 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1181,7 +1181,7 @@ (define-public public-suffix-list
(define-public maradns
(package
(name "maradns")
- (version "3.5.0022")
+ (version "3.5.0036")
(source
(origin
(method url-fetch)
@@ -1189,7 +1189,7 @@ (define-public maradns
(version-major+minor version) "/"
version "/maradns-" version ".tar.xz"))
(sha256
- (base32 "1sw267jxxxngjcar8cj3jpxnpiz0szgkhlz5l46c67qs690w9kdi"))))
+ (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; need to be root to run tests
@@ -1226,6 +1226,8 @@ (define-public maradns
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
and TCP-capable recursive DNS server for finding domains on the internet.")
+ (properties '((release-monitoring-url
+ . "https://maradns.samiam.org/download.html")))
(license license:bsd-2)))
(define-public openresolv
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:44:04 GMT)
Full text and
rfc822 format available.
Message #14 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/dns.scm (maradns)[arguments]: Use gexps.
---
gnu/packages/dns.scm | 58 ++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 29 deletions(-)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index bd2df30f01..7a78fb0308 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1192,35 +1192,35 @@ (define-public maradns
(base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; need to be root to run tests
- #:make-flags
- (list
- ,(string-append "CC=" (cc-for-target))
- (string-append "PREFIX=" %output)
- (string-append "RPM_BUILD_ROOT=" %output))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda* (#:key native-inputs target #:allow-other-keys)
- ;; make_32bit_tables generates a header file that is used during
- ;; compilation. Hence, during cross compilation, it should be
- ;; built for the host system.
- (when target
- (substitute* "rng/Makefile"
- (("\\$\\(CC\\) -o make_32bit_tables")
- (string-append (assoc-ref native-inputs "gcc")
- "/bin/gcc -o make_32bit_tables"))))
- (invoke "./configure")))
- (add-before 'install 'create-install-directories
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (for-each (lambda (dir)
- (mkdir-p (string-append out dir)))
- (list "/bin" "/sbin" "/etc"
- "/share/man/man1"
- "/share/man/man5"
- "/share/man/man8"))
- #t))))))
+ (list
+ #:tests? #f ; need to be root to run tests
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ (string-append "PREFIX=" #$output)
+ (string-append "RPM_BUILD_ROOT=" #$output))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key native-inputs target #:allow-other-keys)
+ ;; make_32bit_tables generates a header file that is used during
+ ;; compilation. Hence, during cross compilation, it should be
+ ;; built for the host system.
+ (when target
+ (substitute* "rng/Makefile"
+ (("\\$\\(CC\\) -o make_32bit_tables")
+ (string-append (search-input-file native-inputs "/bin/gcc")
+ " -o make_32bit_tables"))))
+ ;; ./configure doesn't support default flags
+ (invoke "./configure")))
+ (add-before 'install 'create-install-directories
+ (lambda _
+ (for-each (lambda (dir)
+ (mkdir-p (string-append #$output dir)))
+ (list "/bin" "/sbin" "/etc"
+ "/share/man/man1"
+ "/share/man/man5"
+ "/share/man/man8")))))))
(home-page "https://maradns.samiam.org")
(synopsis "Small lightweight DNS server")
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:44:04 GMT)
Full text and
rfc822 format available.
Message #17 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908,
CVE-2022-1987, CVE-2022-2279, CVE-2022-29788, CVE-2021-3751,
CVE-2021-3881, CVE-2021-3888 and CVE-2021-3889.
* gnu/packages/ebook.scm (libmobi): Update to 0.12.
---
gnu/packages/ebook.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
index dc30c98fdf..bf8dcfad09 100644
--- a/gnu/packages/ebook.scm
+++ b/gnu/packages/ebook.scm
@@ -648,7 +648,7 @@ (define-public xchm
(define-public libmobi
(package
(name "libmobi")
- (version "0.6")
+ (version "0.12")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -657,7 +657,7 @@ (define-public libmobi
(file-name (git-file-name name version))
(sha256
(base32
- "0yps72cm609xn2k7alflkdhp9kgr1w7zzyxjygz0n1kqrdcplihh"))))
+ "0cwya9n0rd97ai0fcqjwq7b3sjzigf3ywp7bnkbbw541f3knpds9"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:44:05 GMT)
Full text and
rfc822 format available.
Message #20 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes bart reproducibility and CVE-2022-45387.
* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:44:06 GMT)
Full text and
rfc822 format available.
Message #23 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2024-9780.
* gnu/packages/networking.scm (wireshark): Update to 4.4.1.
---
gnu/packages/networking.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 7ed011a7f4..31b72f1104 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -1805,14 +1805,14 @@ (define-public whois
(define-public wireshark
(package
(name "wireshark")
- (version "4.4.0")
+ (version "4.4.1")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.wireshark.org/download/src/wireshark-"
version ".tar.xz"))
(sha256
- (base32 "0s8jqxcvq7ibfsq8v4scl8dq7y5hqgpivq4iw9y2x6jj136cvmga"))))
+ (base32 "1v2nflm8rdifc6pwlzn1ciz22wl15zwkqs3r7gjw60kh59brd7ib"))))
(build-system qt-build-system)
(arguments
(list
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:44:07 GMT)
Full text and
rfc822 format available.
Message #26 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-31924.
* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:44:07 GMT)
Full text and
rfc822 format available.
Message #29 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2024-23770 and CVE-2024-23771.
* gnu/packages/web.scm (darkhttpd): Update to 1.16.
[arguments]: Improve style.
---
gnu/packages/web.scm | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 34739bf088..eb27d3448c 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6417,7 +6417,7 @@ (define-public surfraw
(define-public darkhttpd
(package
(name "darkhttpd")
- (version "1.13")
+ (version "1.16")
(source
(origin
(method git-fetch)
@@ -6426,20 +6426,18 @@ (define-public darkhttpd
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk"))))
+ (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm"))))
(build-system gnu-build-system)
(arguments
- `(#:make-flags
- (list (string-append "CC=" ,(cc-for-target)))
- #:tests? #f ; No test suite
- #:phases
- (modify-phases %standard-phases
- (delete 'configure) ; no configure script
- (replace 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (install-file "darkhttpd"
- (string-append (assoc-ref outputs "out")
- "/bin")))))))
+ (list
+ #:make-flags #~(list (string-append "CC=" #$(cc-for-target)))
+ #:tests? #f ; No test suite
+ #:phases
+ #~(modify-phases %standard-phases
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda _
+ (install-file "darkhttpd" (string-append #$output "/bin")))))))
(synopsis "Simple static web server")
(description "darkhttpd is a simple static web server. It is
standalone and does not need inetd or ucspi-tcp. It does not need any
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:02 GMT)
Full text and
rfc822 format available.
Message #32 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-34795.
* gnu/packages/xml.scm (xlsxio): Update to 0.2.35.
---
gnu/packages/xml.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index cfd53a291a..4a3936b66d 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -1545,7 +1545,7 @@ (define-public xerces-c
(define-public xlsxio
(package
(name "xlsxio")
- (version "0.2.33")
+ (version "0.2.35")
(source
(origin
(method git-fetch)
@@ -1554,7 +1554,7 @@ (define-public xlsxio
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "16i3yd168kb63za7jpycpb2by4831gz7wi90vzifdf85csc8c70s"))))
+ (base32 "140ap2l3qy27z1fhqpkq3a44aikhr3v5zlnm9m8vag42qiagiznx"))))
(native-inputs
(list expat gnu-make minizip which))
(build-system gnu-build-system)
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-37454.
* gnu/packages/pypy.scm (pypy): Update to 7.3.17.
---
gnu/packages/pypy.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/pypy.scm b/gnu/packages/pypy.scm
index a39621b5ad..90986ac096 100644
--- a/gnu/packages/pypy.scm
+++ b/gnu/packages/pypy.scm
@@ -42,14 +42,14 @@ (define-module (gnu packages pypy)
(define-public pypy
(package
(name "pypy")
- (version "7.3.13")
+ (version "7.3.17")
(source (origin
(method url-fetch)
(uri (string-append "https://downloads.python.org/pypy/"
"pypy3.10-v" version "-src.tar.bz2"))
(sha256
(base32
- "0v9s6pwrnaxqi5h1pvmaphj6kgyczx07ykl07hcx656h34y77haa"))))
+ "1xsbn9mbxi2kai4gg1nz6n6cbqsq60qh65f5l6ld7ip9g32lpmva"))))
(build-system gnu-build-system)
(arguments
(list
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:03 GMT)
Full text and
rfc822 format available.
Message #38 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/code.scm (indent)
[arguments]: Remove field.
[native-inputs]: Remove automake.
---
gnu/packages/code.scm | 27 +--------------------------
1 file changed, 1 insertion(+), 26 deletions(-)
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index bbf10be987..094dd32982 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -881,33 +881,8 @@ (define-public indent
(sha256
(base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
(build-system gnu-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'fix-docdir
- (lambda _
- ;; Although indent uses a modern autoconf in which docdir
- ;; defaults to PREFIX/share/doc, the doc/Makefile.am
- ;; overrides this to be in PREFIX/doc. Fix this.
- (substitute* "doc/Makefile.in"
- (("^docdir = .*$") "docdir = @docdir@\n"))
- #t))
- (add-after 'unpack 'fix-configure
- (lambda* (#:key inputs native-inputs #:allow-other-keys)
- ;; Replace outdated config.sub and config.guess:
- (with-directory-excursion "config"
- (for-each (lambda (file)
- (install-file
- (string-append (assoc-ref
- (or native-inputs inputs) "automake")
- "/share/automake-"
- ,(version-major+minor
- (package-version automake))
- "/" file) "."))
- '("config.sub" "config.guess")))
- #t)))))
(native-inputs
- (list texinfo automake)) ; For up to date 'config.guess' and 'config.sub'.
+ (list texinfo))
(synopsis "Code reformatter")
(description
"Indent is a program that makes source code easier to read by
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:03 GMT)
Full text and
rfc822 format available.
Message #41 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/patches/indent-CVE-2024-0911.patch: Add patch here...
* gnu/local.mk: ...here...
* gnu/packages/code.scm (indent)[source]<origin>: ...and here.
---
gnu/local.mk | 1 +
gnu/packages/code.scm | 4 +-
.../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++++++
3 files changed, 65 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index d253b424bb..1a69a22aba 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1559,6 +1559,7 @@ dist_patch_DATA = \
%D%/packages/patches/idris-test-ffi008.patch \
%D%/packages/patches/igraph-fix-varargs-integer-size.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
+ %D%/packages/patches/indent-CVE-2024-0911.patch \
%D%/packages/patches/instead-use-games-path.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 094dd32982..dda37528b8 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -879,7 +879,9 @@ (define-public indent
(uri (string-append "mirror://gnu/indent/indent-" version
".tar.gz"))
(sha256
- (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
+ (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))
+ ;; Remove patch when updating.
+ (patches (search-patches "indent-CVE-2024-0911.patch"))))
(build-system gnu-build-system)
(native-inputs
(list texinfo))
diff --git a/gnu/packages/patches/indent-CVE-2024-0911.patch b/gnu/packages/patches/indent-CVE-2024-0911.patch
new file mode 100644
index 0000000000..4687d3f59a
--- /dev/null
+++ b/gnu/packages/patches/indent-CVE-2024-0911.patch
@@ -0,0 +1,61 @@
+Upstream issue: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
+Signed-off-by: Petr Písař <ppisar <at> redhat.com>
+---
+ regression/TEST | 2 +-
+ regression/input/comment-parent-heap-underread.c | 3 +++
+ regression/standard/comment-parent-heap-underread.c | 5 +++++
+ src/output.c | 2 +-
+ 4 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 regression/input/comment-parent-heap-underread.c
+ create mode 100644 regression/standard/comment-parent-heap-underread.c
+
+diff --git a/regression/TEST b/regression/TEST
+index 7c07c2e..951b1a2 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -40,6 +40,7 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
+ macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
+ bug-gnu-33364.c float-constant-suffix.c block-comments.c \
+- no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c"
++ no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c \
++ comment-parent-heap-underread.c"
+
+ INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
+ indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
+diff --git a/regression/input/comment-parent-heap-underread.c
+b/regression/input/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..68e13cf
+--- /dev/null
++++ b/regression/input/comment-parent-heap-underread.c
+@@ -0,0 +1,3 @@
++void foo(void) {
++/*a*/(1);
++}
+diff --git a/regression/standard/comment-parent-heap-underread.c
+b/regression/standard/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..9a1c6e3
+--- /dev/null
++++ b/regression/standard/comment-parent-heap-underread.c
+@@ -0,0 +1,5 @@
++void
++foo (void)
++{
++/*a*/ (1);
++}
+diff --git a/src/output.c b/src/output.c
+index ee01bcc..17eee6e 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -290,7 +290,7 @@ void set_buf_break (
+ /* Did we just parse a bracket that will be put on the next line
+ * by this line break? */
+
+- if ((*token == '(') || (*token == '['))
++ if (level > 0 && ((*token == '(') || (*token == '[')))
+ {
+ --level; /* then don't take it into account */
+ }
+--
+2.43.0
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:04 GMT)
Full text and
rfc822 format available.
Message #44 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-40153 and CVE-2021-41072.
* gnu/packages/compression.scm (squashfs-tools): Update to 4.6.1.
[arguments]: Improve style.
<#:make-flags>: Add INSTALL_MANPAGES_DIR value.
<#:phases>: Remove phase 'install-documentation. Add phase
'patch-generated-source-shebangs.
[native-inputs]: Add coreutils-minimal, help2man, which.
[inputs]: Rewrite.
---
gnu/packages/compression.scm | 52 ++++++++++++++++++------------------
1 file changed, 26 insertions(+), 26 deletions(-)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index a32b15a64a..b3eca16191 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1023,7 +1023,7 @@ (define-public lz4
(define-public squashfs-tools
(package
(name "squashfs-tools")
- (version "4.5")
+ (version "4.6.1")
(source
(origin
(method git-fetch)
@@ -1032,34 +1032,34 @@ (define-public squashfs-tools
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "18d4nwa22vgb8j2badngjngw63f0lj501cvlh3920wqy2mqxwav6"))))
+ (base32 "14nisidxx2d2qivyv7xfcg59qkj4fjiniir7nvymazdsng63gcr1"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; no check target
- #:make-flags
- (list (string-append "CC=" ,(cc-for-target))
- "XZ_SUPPORT=1"
- "LZO_SUPPORT=1"
- "LZ4_SUPPORT=1"
- "ZSTD_SUPPORT=1"
- (string-append "INSTALL_DIR=" (assoc-ref %outputs "out") "/bin"))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda _
- (chdir "squashfs-tools")))
- (add-after 'install 'install-documentation
- ;; Install what very little usage documentation is provided.
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (doc (string-append out "/share/doc/" ,name)))
- (install-file "../USAGE" doc)))))))
+ (list
+ #:tests? #f ; no check target
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ "XZ_SUPPORT=1"
+ "LZO_SUPPORT=1"
+ "LZ4_SUPPORT=1"
+ "ZSTD_SUPPORT=1"
+ (string-append "INSTALL_DIR=" #$output "/bin")
+ (string-append "INSTALL_MANPAGES_DIR=" #$output "/share/man/man1"))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda _
+ (chdir "squashfs-tools")))
+ (add-after 'patch-source-shebangs 'patch-generated-source-shebangs
+ (lambda _
+ (substitute* (find-files "generate-manpages" "\\.sh")
+ (("print \"#!/bin/sh")
+ (string-append "print \"#!" (which "sh")))))))))
+ (native-inputs
+ (list coreutils-minimal help2man which))
(inputs
- `(("lz4" ,lz4)
- ("lzo" ,lzo)
- ("xz" ,xz)
- ("zlib" ,zlib)
- ("zstd:lib" ,zstd "lib")))
+ (list lz4 lzo xz zlib `(,zstd "lib")))
(home-page "https://github.com/plougher/squashfs-tools")
(synopsis "Tools to create and extract squashfs file systems")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:04 GMT)
Full text and
rfc822 format available.
Message #47 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-0699.
* gnu/packages/geo.scm (shapelib): Update to 1.6.1.
---
gnu/packages/geo.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 5d120b3c98..affa50c515 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -2574,7 +2574,7 @@ (define-public readosm
(define-public shapelib
(package
(name "shapelib")
- (version "1.5.0")
+ (version "1.6.1")
(source
(origin
(method git-fetch)
@@ -2583,7 +2583,7 @@ (define-public shapelib
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1lzch0jf6yqhw391phhafzw4ghmiz98zkf698h4fmq109fa2vhqd"))))
+ (base32 "0l67gp1618lcw7fg2iclbh016cqyw85s3cmd3qzx6aw0jq19hj8n"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
@@ -2591,8 +2591,8 @@ (define-public shapelib
(synopsis "Provides C library to write and update ESRI Shapefiles")
(description
"The Shapefile C Library provides the ability to write simple C programs
-for reading, writing and updating (to a limited extent) ESRI Shapefiles, and the
-associated attribute file (@file{.dbf}).")
+for reading, writing and updating (to a limited extent) ESRI Shapefiles, and
+the associated attribute file (@file{.dbf}).")
(license license:gpl2+)))
(define-public spatialite-tools
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:05 GMT)
Full text and
rfc822 format available.
Message #50 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-39360.
* gnu/packages/gnome.scm (libzapojit): Update to 0.0.3-1.99d49ba.
---
gnu/packages/gnome.scm | 45 ++++++++++++++++++++++--------------------
1 file changed, 24 insertions(+), 21 deletions(-)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 9b26819261..9abe433aa4 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -10591,28 +10591,31 @@ (define-public gsound
(license license:lgpl2.1+)))
(define-public libzapojit
- (package
- (name "libzapojit")
- (version "0.0.3")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnome/sources/" name "/"
- (version-major+minor version) "/"
- name "-" version ".tar.xz"))
- (sha256
- (base32
- "0zn3s7ryjc3k1abj4k55dr2na844l451nrg9s6cvnnhh569zj99x"))))
- (build-system gnu-build-system)
- (native-inputs
- (list gobject-introspection intltool pkg-config))
- (inputs
- (list gnome-online-accounts json-glib rest))
- (home-page "https://wiki.gnome.org/Projects/Zapojit")
- (synopsis "Library for accessing SkyDrive and Hotmail")
- (description
- "Libzapojit is a GLib-based library for accessing online service APIs of
+ (let ((revision "1")
+ (commit "99d49bac5edc4afdcac742a0a142908e405597b0"))
+ (package
+ (name "libzapojit")
+ (version (git-version "0.0.3" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.gnome.org/Archive/libzapojit")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "12frqg925rmic3rf37h5vs48xdy3mfi4ip24v0bl73h5sxy8n828"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ (list gobject-introspection intltool pkg-config))
+ (inputs
+ (list gnome-online-accounts json-glib rest))
+ (home-page "https://wiki.gnome.org/Projects/Zapojit")
+ (synopsis "Library for accessing SkyDrive and Hotmail")
+ (description
+ "Libzapojit is a GLib-based library for accessing online service APIs of
Microsoft SkyDrive and Hotmail, using their REST protocols.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+))))
(define-public gnome-clocks
(package
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:05 GMT)
Full text and
rfc822 format available.
Message #53 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-44821 and CVE-2023-46009.
* gnu/packages/image.scm (gifsicle): Update to 1.95.
---
gnu/packages/image.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 7f17c71aef..0d6593dc21 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -2172,14 +2172,14 @@ (define-public swappy
(define-public gifsicle
(package
(name "gifsicle")
- (version "1.94")
+ (version "1.95")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.lcdf.org/gifsicle/gifsicle-"
version ".tar.gz"))
(sha256
- (base32 "16zq5wd6fyjgy0p0mak15k3mh1zpqb9rg6gqfpg215kqq02p1jab"))))
+ (base32 "0l69gn562l7a1l10zz1bfs756ipd682idgpk60qs3llz013icwdj"))))
(build-system gnu-build-system)
(arguments
'(#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:06 GMT)
Full text and
rfc822 format available.
Message #56 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-51765 and CVE-2021-3618.
* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 77be7626a9..63e0f24534 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:06 GMT)
Full text and
rfc822 format available.
Message #59 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Thix fixes CVE-2024-24974, CVE-2024-27459 and CVE-2024-27903.
* gnu/packages/vpn.scm (openvpn): Update to 2.6.12.
---
gnu/packages/vpn.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 9f36595bfd..193b247779 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -867,7 +867,7 @@ (define-public openfortivpn
(define-public openvpn
(package
(name "openvpn")
- (version "2.6.7")
+ (version "2.6.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -875,7 +875,7 @@ (define-public openvpn
version ".tar.gz"))
(sha256
(base32
- "04wr0g97nmv81javym8r99mglmb86v1i49xmnmzf938x1cs7g67f"))))
+ "0a8r3bvg4aic9b7dix0h7990g3j1gq17wd3w6vqk8vk8xgfhyq8w"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-iproute2=yes")))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:07 GMT)
Full text and
rfc822 format available.
Message #62 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This package is not developped anymore.
* gnu/packages/video.scm (youtube-dl): Deprecate package.
---
gnu/packages/video.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 92c0acef3c..9fca994b54 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -93,6 +93,7 @@ (define-module (gnu packages video)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix packages)
+ #:use-module (guix deprecation)
#:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix git-download)
@@ -3084,7 +3085,7 @@ (define-public yle-dl
video streaming services of the Finnish national broadcasting company Yle.")
(license license:gpl3+)))
-(define-public youtube-dl
+(define-deprecated/public youtube-dl #f
(package
(name "youtube-dl")
(version "2021.12.17")
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:07 GMT)
Full text and
rfc822 format available.
Message #65 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-26981.
* gnu/packages/language.scm (liblouis): Update to 3.31.0.
[arguments]: Improve style using gexps.
[native-inputs]: Rewrite and replace python-wrapper by python.
---
gnu/packages/language.scm | 47 ++++++++++++++++++---------------------
1 file changed, 22 insertions(+), 25 deletions(-)
diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
index 78fcba4287..6a5e7927b4 100644
--- a/gnu/packages/language.scm
+++ b/gnu/packages/language.scm
@@ -10,6 +10,7 @@
;;; Copyright © 2023 gemmaro <gemmaro.dev <at> gmail.com>
;;; Copyright © 2024 Efraim Flashner <efraim <at> flashner.co.il>
;;; Copyright © 2024 Charles <charles <at> charje.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -338,7 +339,7 @@ (define-public libchewing
(define-public liblouis
(package
(name "liblouis")
- (version "3.15.0")
+ (version "3.31.0")
(source
(origin
(method git-fetch)
@@ -348,34 +349,30 @@ (define-public liblouis
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1ljy5xsy7vf2r0ix0d7bqcr6qvr6897f8madsx9zlm1mrj31n5px"))))
+ (base32 "02bga2l4jiyrgfqdl27wszz5yd6h80n2dmq3p6nb2br83jywisfh"))))
(build-system gnu-build-system)
(outputs '("out" "bin" "doc" "python"))
(arguments
- `(#:configure-flags
- (list
- "--disable-static"
- "--enable-ucs4")
- #:phases
- (modify-phases %standard-phases
- (add-after 'install 'install-python-extension
- (lambda* (#:key outputs #:allow-other-keys)
- (with-directory-excursion "python"
- (invoke "python" "setup.py" "install"
- (string-append "--prefix="
- (assoc-ref outputs "python"))
- "--root=/")))))))
+ (list
+ #:configure-flags #~(list "--disable-static" "--enable-ucs4")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'install 'install-python-extension
+ (lambda _
+ (with-directory-excursion "python"
+ (invoke "python3" "setup.py" "install" "--root=/"
+ (string-append "--prefix=" #$output:python))))))))
(native-inputs
- `(("autoconf" ,autoconf)
- ("automake" ,automake)
- ("clang-format" ,clang)
- ("help2man" ,help2man)
- ("libtool" ,libtool)
- ("libyaml" ,libyaml)
- ("makeinfo" ,texinfo)
- ("perl" ,perl)
- ("pkg-config" ,pkg-config)
- ("python" ,python-wrapper)))
+ (list autoconf
+ automake
+ clang
+ help2man
+ libtool
+ libyaml
+ texinfo
+ perl
+ pkg-config
+ python))
(synopsis "Braille translator and back-translator")
(description "Liblouis is a braille translator and back-translator named in
honor of Louis Braille. It features support for computer and literary braille,
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:08 GMT)
Full text and
rfc822 format available.
Message #68 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/openpgp.scm (sexpp): New variable.
---
gnu/packages/openpgp.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 9b6f04b407..356908ab1f 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Justus Winter <justus <at> sequoia-pgp.org>
+;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -157,3 +158,26 @@ (define-public rnp
license:asl2.0
;; Nominet UK's BSD 3-Clause License (netpgp).
license:bsd-3)))))
+
+(define-public sexpp
+ (package
+ (name "sexpp")
+ (version "0.9.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rnpgp/sexpp")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "16y9f42w6ay3w0s23xmigqm0qi1swdfvc93g2xn3xkg1r4kpmnwq"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:configure-flags '(list "-DDOWNLOAD_GTEST=off")))
+ (native-inputs (list googletest pkg-config))
+ (home-page "https://github.com/rnpgp/sexpp")
+ (synopsis "C++ library for S-expressions")
+ (description
+ "This package provides a C++ library for working with S-Expressions.")
+ (license license:expat)))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:08 GMT)
Full text and
rfc822 format available.
Message #71 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Thix fixes CVE-2021-4296.
* gnu/packages/emulators.scm (unicorn): Update to 2.1.1.
---
gnu/packages/emulators.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index f0a60c0b49..948e588c4c 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -3508,13 +3508,18 @@ (define-public zsnes
(define-public unicorn
(package
(name "unicorn")
- (version "2.0.1.post1")
+ (version "2.1.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
- (base32 "0mlfs8qfi0clyncfkbxp6in0cpl747510i6bqymwid43xcirbikz"))))
+ (base32 "18sbrycr62wcs3a68a9q76ihpahfsd4bn3mryvyhimwwn1342kwh"))
+ (modules '((guix build utils)))
+ ;; cmake files are not in the cmake dir in pypi
+ (snippet #~(substitute* "src/CMakeLists.txt"
+ (("include\\(cmake/")
+ "include(")))))
(build-system pyproject-build-system)
(native-inputs (list cmake pkg-config))
(home-page "https://www.unicorn-engine.org")
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:09 GMT)
Full text and
rfc822 format available.
Message #74 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-29479 and CVE-2023-29480.
* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.
---
gnu/packages/openpgp.scm | 52 +++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 22 deletions(-)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 356908ab1f..baf786c5ee 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -23,6 +23,7 @@ (define-module (gnu packages openpgp)
#:use-module (guix git-download)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages check)
@@ -98,10 +99,10 @@ (define-public dkgpg
(license license:gpl2+)))
(define-public rnp
- (let ((day-of-release "2022-09-22"))
+ (let ((day-of-release "2024-05-14"))
(package
(name "rnp")
- (version "0.16.2")
+ (version "0.17.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -110,33 +111,40 @@ (define-public rnp
(file-name (git-file-name name version))
(sha256
(base32
- "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8"))))
+ "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d"))))
(build-system cmake-build-system)
- (arguments `(#:configure-flags
- '("-DBUILD_SHARED_LIBS=on"
- "-DBUILD_TESTING=on"
- "-DDOWNLOAD_GTEST=off"
- "-DDOWNLOAD_RUBYRNP=off")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-tests
- (lambda _
- (substitute* "src/tests/support.cpp"
- (("\"cp\"") (search-input-file inputs "/bin/cp")))))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (when tests?
- ;; Some OpenPGP certificates used by the tests expire.
- ;; To work around that, set the time to roughly the
- ;; release date.
- (invoke "faketime" ,day-of-release "make" "test")))))))
+ (arguments
+ (list
+ #:configure-flags
+ ''("-DBUILD_SHARED_LIBS=on"
+ "-DBUILD_TESTING=on"
+ "-DDOWNLOAD_GTEST=off"
+ "-DDOWNLOAD_RUBYRNP=off")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'patch-tests
+ (lambda _
+ (substitute* "src/tests/support.cpp"
+ (("\"cp\"") (search-input-file inputs "/bin/cp")))))
+ (add-after 'unpack 'inject-sexpp-source
+ (lambda _
+ (rmdir "src/libsexpp")
+ (symlink #$(package-source (this-package-input "sexpp"))
+ "src/libsexpp")))
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ ;; Some OpenPGP certificates used by the tests expire.
+ ;; To work around that, set the time to roughly the
+ ;; release date.
+ (invoke "faketime" #$day-of-release "make" "test")))))))
(native-inputs
(list gnupg ; for tests
googletest ; for tests
libfaketime ; for tests
pkg-config
python))
- (inputs (list botan bzip2 json-c zlib))
+ (inputs (list botan bzip2 json-c sexpp zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sat, 26 Oct 2024 22:45:10 GMT)
Full text and
rfc822 format available.
Message #77 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-50471 and CVE-2023-50472.
* gnu/packages/javascript.scm (cjson): Update to 1.7.18.
---
gnu/packages/javascript.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
index 4f97dcfef6..b48acf47dc 100644
--- a/gnu/packages/javascript.scm
+++ b/gnu/packages/javascript.scm
@@ -49,7 +49,7 @@ (define-module (gnu packages javascript)
(define-public cjson
(package
(name "cjson")
- (version "1.7.16")
+ (version "1.7.18")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -57,7 +57,7 @@ (define-public cjson
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "00599lzzb0vszk317n0gln7wizdpchy4warxgpj3khrir73pphbb"))))
+ (base32 "08p37q4i3za3dgz7wynma1fh8y4rq7pyzyjzcda710nxrmsm1pyv"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags '("-DENABLE_CJSON_UTILS=On")))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:03:02 GMT)
Full text and
rfc822 format available.
Message #80 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-28902, CVE-2021-28903, CVE-2021-28904,
CVE-2021-28905 and CVE-2021-28906.
* gnu/packages/networking.scm (libyang): Update to 3.4.2.
---
gnu/packages/networking.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 8481e2d2f4..17d4072ee0 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -4238,7 +4238,7 @@ (define-public iwgtk
(define-public libyang
(package
(name "libyang")
- (version "1.0.215")
+ (version "3.4.2")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -4247,12 +4247,12 @@ (define-public libyang
(file-name (git-file-name name version))
(sha256
(base32
- "0mrs2ppmq77z8sbqgm2w0rl9bfgybd6bcxanakfww4chih6cy0dw"))))
+ "07skjr3r4na12kadca2dyk45clpcpnp4zkkwfaa8sqyslx7vhj56"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags
(list "-DENABLE_BUILD_TESTS=ON" "-DENABLE_LYD_PRIV=ON")))
- (propagated-inputs (list pcre))
+ (propagated-inputs (list pcre2))
(native-inputs (list cmocka pkg-config))
(home-page "https://github.com/CESNET/libyang")
(synopsis "YANG data modelling language library")
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:01 GMT)
Full text and
rfc822 format available.
Message #83 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
CVE-2023-43665 and CVE-2023-46695.
* gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
[properties]: Add lint-hidden-cve property.
---
gnu/packages/django.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 4404c8368d..4cf043f7c1 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -57,13 +57,13 @@ (define-module (gnu packages django)
(define-public python-django-4.2
(package
(name "python-django")
- (version "4.2.5")
+ (version "4.2.16")
(source (origin
(method url-fetch)
(uri (pypi-uri "Django" version))
(sha256
(base32
- "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
+ "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
(build-system pyproject-build-system)
(arguments
'(#:test-flags
@@ -140,7 +140,9 @@ (define-public python-django-4.2
any Web site. Django focuses on automating as much as possible and adhering
to the @dfn{don't repeat yourself} (DRY) principle.")
(license license:bsd-3)
- (properties `((cpe-name . "django")))))
+ (properties `((cpe-name . "django")
+ ;; This CVE seems fixed since 4.2.1.
+ (lint-hidden-cve . ("CVE-2023-31047"))))))
(define-public python-django-3.2
(package
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:02 GMT)
Full text and
rfc822 format available.
Message #86 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/dns.scm (maradns)[arguments]: Use gexps.
---
gnu/packages/dns.scm | 58 ++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 29 deletions(-)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index bd2df30f01..7a78fb0308 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1192,35 +1192,35 @@ (define-public maradns
(base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; need to be root to run tests
- #:make-flags
- (list
- ,(string-append "CC=" (cc-for-target))
- (string-append "PREFIX=" %output)
- (string-append "RPM_BUILD_ROOT=" %output))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda* (#:key native-inputs target #:allow-other-keys)
- ;; make_32bit_tables generates a header file that is used during
- ;; compilation. Hence, during cross compilation, it should be
- ;; built for the host system.
- (when target
- (substitute* "rng/Makefile"
- (("\\$\\(CC\\) -o make_32bit_tables")
- (string-append (assoc-ref native-inputs "gcc")
- "/bin/gcc -o make_32bit_tables"))))
- (invoke "./configure")))
- (add-before 'install 'create-install-directories
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (for-each (lambda (dir)
- (mkdir-p (string-append out dir)))
- (list "/bin" "/sbin" "/etc"
- "/share/man/man1"
- "/share/man/man5"
- "/share/man/man8"))
- #t))))))
+ (list
+ #:tests? #f ; need to be root to run tests
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ (string-append "PREFIX=" #$output)
+ (string-append "RPM_BUILD_ROOT=" #$output))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key native-inputs target #:allow-other-keys)
+ ;; make_32bit_tables generates a header file that is used during
+ ;; compilation. Hence, during cross compilation, it should be
+ ;; built for the host system.
+ (when target
+ (substitute* "rng/Makefile"
+ (("\\$\\(CC\\) -o make_32bit_tables")
+ (string-append (search-input-file native-inputs "/bin/gcc")
+ " -o make_32bit_tables"))))
+ ;; ./configure doesn't support default flags
+ (invoke "./configure")))
+ (add-before 'install 'create-install-directories
+ (lambda _
+ (for-each (lambda (dir)
+ (mkdir-p (string-append #$output dir)))
+ (list "/bin" "/sbin" "/etc"
+ "/share/man/man1"
+ "/share/man/man5"
+ "/share/man/man8")))))))
(home-page "https://maradns.samiam.org")
(synopsis "Small lightweight DNS server")
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:02 GMT)
Full text and
rfc822 format available.
Message #89 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-31137.
* gnu/packages/dns.scm (maradns): Update to 3.5.0036.
[properties]: Add release-monitoring-url property.
---
gnu/packages/dns.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e911a142ef..bd2df30f01 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1181,7 +1181,7 @@ (define-public public-suffix-list
(define-public maradns
(package
(name "maradns")
- (version "3.5.0022")
+ (version "3.5.0036")
(source
(origin
(method url-fetch)
@@ -1189,7 +1189,7 @@ (define-public maradns
(version-major+minor version) "/"
version "/maradns-" version ".tar.xz"))
(sha256
- (base32 "1sw267jxxxngjcar8cj3jpxnpiz0szgkhlz5l46c67qs690w9kdi"))))
+ (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; need to be root to run tests
@@ -1226,6 +1226,8 @@ (define-public maradns
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
and TCP-capable recursive DNS server for finding domains on the internet.")
+ (properties '((release-monitoring-url
+ . "https://maradns.samiam.org/download.html")))
(license license:bsd-2)))
(define-public openresolv
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:03 GMT)
Full text and
rfc822 format available.
Message #92 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908,
CVE-2022-1987, CVE-2022-2279, CVE-2022-29788, CVE-2021-3751,
CVE-2021-3881, CVE-2021-3888 and CVE-2021-3889.
* gnu/packages/ebook.scm (libmobi): Update to 0.12.
---
gnu/packages/ebook.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
index dc30c98fdf..bf8dcfad09 100644
--- a/gnu/packages/ebook.scm
+++ b/gnu/packages/ebook.scm
@@ -648,7 +648,7 @@ (define-public xchm
(define-public libmobi
(package
(name "libmobi")
- (version "0.6")
+ (version "0.12")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -657,7 +657,7 @@ (define-public libmobi
(file-name (git-file-name name version))
(sha256
(base32
- "0yps72cm609xn2k7alflkdhp9kgr1w7zzyxjygz0n1kqrdcplihh"))))
+ "0cwya9n0rd97ai0fcqjwq7b3sjzigf3ywp7bnkbbw541f3knpds9"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:03 GMT)
Full text and
rfc822 format available.
Message #95 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes bart reproducibility and CVE-2022-45387.
* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:04 GMT)
Full text and
rfc822 format available.
Message #98 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2024-9780.
* gnu/packages/networking.scm (wireshark): Update to 4.4.1.
---
gnu/packages/networking.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 17d4072ee0..be8b5c8e93 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -1805,14 +1805,14 @@ (define-public whois
(define-public wireshark
(package
(name "wireshark")
- (version "4.4.0")
+ (version "4.4.1")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.wireshark.org/download/src/wireshark-"
version ".tar.xz"))
(sha256
- (base32 "0s8jqxcvq7ibfsq8v4scl8dq7y5hqgpivq4iw9y2x6jj136cvmga"))))
+ (base32 "1v2nflm8rdifc6pwlzn1ciz22wl15zwkqs3r7gjw60kh59brd7ib"))))
(build-system qt-build-system)
(arguments
(list
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:04 GMT)
Full text and
rfc822 format available.
Message #101 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-31924.
* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:05 GMT)
Full text and
rfc822 format available.
Message #104 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-34795.
* gnu/packages/xml.scm (xlsxio): Update to 0.2.35.
---
gnu/packages/xml.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index cfd53a291a..4a3936b66d 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -1545,7 +1545,7 @@ (define-public xerces-c
(define-public xlsxio
(package
(name "xlsxio")
- (version "0.2.33")
+ (version "0.2.35")
(source
(origin
(method git-fetch)
@@ -1554,7 +1554,7 @@ (define-public xlsxio
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "16i3yd168kb63za7jpycpb2by4831gz7wi90vzifdf85csc8c70s"))))
+ (base32 "140ap2l3qy27z1fhqpkq3a44aikhr3v5zlnm9m8vag42qiagiznx"))))
(native-inputs
(list expat gnu-make minizip which))
(build-system gnu-build-system)
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:05 GMT)
Full text and
rfc822 format available.
Message #107 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2024-23770 and CVE-2024-23771.
* gnu/packages/web.scm (darkhttpd): Update to 1.16.
[arguments]: Improve style.
---
gnu/packages/web.scm | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 34739bf088..eb27d3448c 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6417,7 +6417,7 @@ (define-public surfraw
(define-public darkhttpd
(package
(name "darkhttpd")
- (version "1.13")
+ (version "1.16")
(source
(origin
(method git-fetch)
@@ -6426,20 +6426,18 @@ (define-public darkhttpd
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk"))))
+ (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm"))))
(build-system gnu-build-system)
(arguments
- `(#:make-flags
- (list (string-append "CC=" ,(cc-for-target)))
- #:tests? #f ; No test suite
- #:phases
- (modify-phases %standard-phases
- (delete 'configure) ; no configure script
- (replace 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (install-file "darkhttpd"
- (string-append (assoc-ref outputs "out")
- "/bin")))))))
+ (list
+ #:make-flags #~(list (string-append "CC=" #$(cc-for-target)))
+ #:tests? #f ; No test suite
+ #:phases
+ #~(modify-phases %standard-phases
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda _
+ (install-file "darkhttpd" (string-append #$output "/bin")))))))
(synopsis "Simple static web server")
(description "darkhttpd is a simple static web server. It is
standalone and does not need inetd or ucspi-tcp. It does not need any
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:06 GMT)
Full text and
rfc822 format available.
Message #110 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-37454.
* gnu/packages/pypy.scm (pypy): Update to 7.3.17.
---
gnu/packages/pypy.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/pypy.scm b/gnu/packages/pypy.scm
index a39621b5ad..90986ac096 100644
--- a/gnu/packages/pypy.scm
+++ b/gnu/packages/pypy.scm
@@ -42,14 +42,14 @@ (define-module (gnu packages pypy)
(define-public pypy
(package
(name "pypy")
- (version "7.3.13")
+ (version "7.3.17")
(source (origin
(method url-fetch)
(uri (string-append "https://downloads.python.org/pypy/"
"pypy3.10-v" version "-src.tar.bz2"))
(sha256
(base32
- "0v9s6pwrnaxqi5h1pvmaphj6kgyczx07ykl07hcx656h34y77haa"))))
+ "1xsbn9mbxi2kai4gg1nz6n6cbqsq60qh65f5l6ld7ip9g32lpmva"))))
(build-system gnu-build-system)
(arguments
(list
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:06 GMT)
Full text and
rfc822 format available.
Message #113 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/code.scm (indent)
[arguments]: Remove field.
[native-inputs]: Remove automake.
---
gnu/packages/code.scm | 27 +--------------------------
1 file changed, 1 insertion(+), 26 deletions(-)
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 3f7a6de478..b1523f5ac7 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -881,33 +881,8 @@ (define-public indent
(sha256
(base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
(build-system gnu-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'fix-docdir
- (lambda _
- ;; Although indent uses a modern autoconf in which docdir
- ;; defaults to PREFIX/share/doc, the doc/Makefile.am
- ;; overrides this to be in PREFIX/doc. Fix this.
- (substitute* "doc/Makefile.in"
- (("^docdir = .*$") "docdir = @docdir@\n"))
- #t))
- (add-after 'unpack 'fix-configure
- (lambda* (#:key inputs native-inputs #:allow-other-keys)
- ;; Replace outdated config.sub and config.guess:
- (with-directory-excursion "config"
- (for-each (lambda (file)
- (install-file
- (string-append (assoc-ref
- (or native-inputs inputs) "automake")
- "/share/automake-"
- ,(version-major+minor
- (package-version automake))
- "/" file) "."))
- '("config.sub" "config.guess")))
- #t)))))
(native-inputs
- (list texinfo automake)) ; For up to date 'config.guess' and 'config.sub'.
+ (list texinfo))
(synopsis "Code reformatter")
(description
"Indent is a program that makes source code easier to read by
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:07 GMT)
Full text and
rfc822 format available.
Message #116 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/patches/indent-CVE-2024-0911.patch: Add patch here...
* gnu/local.mk: ...here...
* gnu/packages/code.scm (indent)[source]<origin>: ...and here.
---
gnu/local.mk | 1 +
gnu/packages/code.scm | 4 +-
.../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++++++
3 files changed, 65 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 3b94e6cc7e..06e8f1363c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1562,6 +1562,7 @@ dist_patch_DATA = \
%D%/packages/patches/idris-test-ffi008.patch \
%D%/packages/patches/igraph-fix-varargs-integer-size.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
+ %D%/packages/patches/indent-CVE-2024-0911.patch \
%D%/packages/patches/instead-use-games-path.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index b1523f5ac7..04ca4dfd6b 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -879,7 +879,9 @@ (define-public indent
(uri (string-append "mirror://gnu/indent/indent-" version
".tar.gz"))
(sha256
- (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
+ (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))
+ ;; Remove patch when updating.
+ (patches (search-patches "indent-CVE-2024-0911.patch"))))
(build-system gnu-build-system)
(native-inputs
(list texinfo))
diff --git a/gnu/packages/patches/indent-CVE-2024-0911.patch b/gnu/packages/patches/indent-CVE-2024-0911.patch
new file mode 100644
index 0000000000..4687d3f59a
--- /dev/null
+++ b/gnu/packages/patches/indent-CVE-2024-0911.patch
@@ -0,0 +1,61 @@
+Upstream issue: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
+Signed-off-by: Petr Písař <ppisar <at> redhat.com>
+---
+ regression/TEST | 2 +-
+ regression/input/comment-parent-heap-underread.c | 3 +++
+ regression/standard/comment-parent-heap-underread.c | 5 +++++
+ src/output.c | 2 +-
+ 4 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 regression/input/comment-parent-heap-underread.c
+ create mode 100644 regression/standard/comment-parent-heap-underread.c
+
+diff --git a/regression/TEST b/regression/TEST
+index 7c07c2e..951b1a2 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -40,6 +40,7 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
+ macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
+ bug-gnu-33364.c float-constant-suffix.c block-comments.c \
+- no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c"
++ no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c \
++ comment-parent-heap-underread.c"
+
+ INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
+ indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
+diff --git a/regression/input/comment-parent-heap-underread.c
+b/regression/input/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..68e13cf
+--- /dev/null
++++ b/regression/input/comment-parent-heap-underread.c
+@@ -0,0 +1,3 @@
++void foo(void) {
++/*a*/(1);
++}
+diff --git a/regression/standard/comment-parent-heap-underread.c
+b/regression/standard/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..9a1c6e3
+--- /dev/null
++++ b/regression/standard/comment-parent-heap-underread.c
+@@ -0,0 +1,5 @@
++void
++foo (void)
++{
++/*a*/ (1);
++}
+diff --git a/src/output.c b/src/output.c
+index ee01bcc..17eee6e 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -290,7 +290,7 @@ void set_buf_break (
+ /* Did we just parse a bracket that will be put on the next line
+ * by this line break? */
+
+- if ((*token == '(') || (*token == '['))
++ if (level > 0 && ((*token == '(') || (*token == '[')))
+ {
+ --level; /* then don't take it into account */
+ }
+--
+2.43.0
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:07 GMT)
Full text and
rfc822 format available.
Message #119 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-40153 and CVE-2021-41072.
* gnu/packages/compression.scm (squashfs-tools): Update to 4.6.1.
[arguments]: Improve style.
<#:make-flags>: Add INSTALL_MANPAGES_DIR value.
<#:phases>: Remove phase 'install-documentation. Add phase
'patch-generated-source-shebangs.
[native-inputs]: Add coreutils-minimal, help2man, which.
[inputs]: Rewrite.
---
gnu/packages/compression.scm | 52 ++++++++++++++++++------------------
1 file changed, 26 insertions(+), 26 deletions(-)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 97696ff0ef..7627717db6 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1023,7 +1023,7 @@ (define-public lz4
(define-public squashfs-tools
(package
(name "squashfs-tools")
- (version "4.5")
+ (version "4.6.1")
(source
(origin
(method git-fetch)
@@ -1032,34 +1032,34 @@ (define-public squashfs-tools
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "18d4nwa22vgb8j2badngjngw63f0lj501cvlh3920wqy2mqxwav6"))))
+ (base32 "14nisidxx2d2qivyv7xfcg59qkj4fjiniir7nvymazdsng63gcr1"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; no check target
- #:make-flags
- (list (string-append "CC=" ,(cc-for-target))
- "XZ_SUPPORT=1"
- "LZO_SUPPORT=1"
- "LZ4_SUPPORT=1"
- "ZSTD_SUPPORT=1"
- (string-append "INSTALL_DIR=" (assoc-ref %outputs "out") "/bin"))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda _
- (chdir "squashfs-tools")))
- (add-after 'install 'install-documentation
- ;; Install what very little usage documentation is provided.
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (doc (string-append out "/share/doc/" ,name)))
- (install-file "../USAGE" doc)))))))
+ (list
+ #:tests? #f ; no check target
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ "XZ_SUPPORT=1"
+ "LZO_SUPPORT=1"
+ "LZ4_SUPPORT=1"
+ "ZSTD_SUPPORT=1"
+ (string-append "INSTALL_DIR=" #$output "/bin")
+ (string-append "INSTALL_MANPAGES_DIR=" #$output "/share/man/man1"))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda _
+ (chdir "squashfs-tools")))
+ (add-after 'patch-source-shebangs 'patch-generated-source-shebangs
+ (lambda _
+ (substitute* (find-files "generate-manpages" "\\.sh")
+ (("print \"#!/bin/sh")
+ (string-append "print \"#!" (which "sh")))))))))
+ (native-inputs
+ (list coreutils-minimal help2man which))
(inputs
- `(("lz4" ,lz4)
- ("lzo" ,lzo)
- ("xz" ,xz)
- ("zlib" ,zlib)
- ("zstd:lib" ,zstd "lib")))
+ (list lz4 lzo xz zlib `(,zstd "lib")))
(home-page "https://github.com/plougher/squashfs-tools")
(synopsis "Tools to create and extract squashfs file systems")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:08 GMT)
Full text and
rfc822 format available.
Message #122 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-0699.
* gnu/packages/geo.scm (shapelib): Update to 1.6.1.
---
gnu/packages/geo.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 5d120b3c98..affa50c515 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -2574,7 +2574,7 @@ (define-public readosm
(define-public shapelib
(package
(name "shapelib")
- (version "1.5.0")
+ (version "1.6.1")
(source
(origin
(method git-fetch)
@@ -2583,7 +2583,7 @@ (define-public shapelib
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1lzch0jf6yqhw391phhafzw4ghmiz98zkf698h4fmq109fa2vhqd"))))
+ (base32 "0l67gp1618lcw7fg2iclbh016cqyw85s3cmd3qzx6aw0jq19hj8n"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
@@ -2591,8 +2591,8 @@ (define-public shapelib
(synopsis "Provides C library to write and update ESRI Shapefiles")
(description
"The Shapefile C Library provides the ability to write simple C programs
-for reading, writing and updating (to a limited extent) ESRI Shapefiles, and the
-associated attribute file (@file{.dbf}).")
+for reading, writing and updating (to a limited extent) ESRI Shapefiles, and
+the associated attribute file (@file{.dbf}).")
(license license:gpl2+)))
(define-public spatialite-tools
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:08 GMT)
Full text and
rfc822 format available.
Message #125 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-39360.
* gnu/packages/gnome.scm (libzapojit): Update to 0.0.3-1.99d49ba.
---
gnu/packages/gnome.scm | 45 ++++++++++++++++++++++--------------------
1 file changed, 24 insertions(+), 21 deletions(-)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 77a0633b50..82ea9d6699 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -10591,28 +10591,31 @@ (define-public gsound
(license license:lgpl2.1+)))
(define-public libzapojit
- (package
- (name "libzapojit")
- (version "0.0.3")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnome/sources/" name "/"
- (version-major+minor version) "/"
- name "-" version ".tar.xz"))
- (sha256
- (base32
- "0zn3s7ryjc3k1abj4k55dr2na844l451nrg9s6cvnnhh569zj99x"))))
- (build-system gnu-build-system)
- (native-inputs
- (list gobject-introspection intltool pkg-config))
- (inputs
- (list gnome-online-accounts json-glib rest))
- (home-page "https://wiki.gnome.org/Projects/Zapojit")
- (synopsis "Library for accessing SkyDrive and Hotmail")
- (description
- "Libzapojit is a GLib-based library for accessing online service APIs of
+ (let ((revision "1")
+ (commit "99d49bac5edc4afdcac742a0a142908e405597b0"))
+ (package
+ (name "libzapojit")
+ (version (git-version "0.0.3" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.gnome.org/Archive/libzapojit")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "12frqg925rmic3rf37h5vs48xdy3mfi4ip24v0bl73h5sxy8n828"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ (list gobject-introspection intltool pkg-config))
+ (inputs
+ (list gnome-online-accounts json-glib rest))
+ (home-page "https://wiki.gnome.org/Projects/Zapojit")
+ (synopsis "Library for accessing SkyDrive and Hotmail")
+ (description
+ "Libzapojit is a GLib-based library for accessing online service APIs of
Microsoft SkyDrive and Hotmail, using their REST protocols.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+))))
(define-public gnome-clocks
(package
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:09 GMT)
Full text and
rfc822 format available.
Message #128 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-44821 and CVE-2023-46009.
* gnu/packages/image.scm (gifsicle): Update to 1.95.
---
gnu/packages/image.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 7f17c71aef..0d6593dc21 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -2172,14 +2172,14 @@ (define-public swappy
(define-public gifsicle
(package
(name "gifsicle")
- (version "1.94")
+ (version "1.95")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.lcdf.org/gifsicle/gifsicle-"
version ".tar.gz"))
(sha256
- (base32 "16zq5wd6fyjgy0p0mak15k3mh1zpqb9rg6gqfpg215kqq02p1jab"))))
+ (base32 "0l69gn562l7a1l10zz1bfs756ipd682idgpk60qs3llz013icwdj"))))
(build-system gnu-build-system)
(arguments
'(#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:09 GMT)
Full text and
rfc822 format available.
Message #131 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-51765 and CVE-2021-3618.
* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2c69a7b818..ca1a55818e 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:10 GMT)
Full text and
rfc822 format available.
Message #134 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Thix fixes CVE-2024-24974, CVE-2024-27459 and CVE-2024-27903.
* gnu/packages/vpn.scm (openvpn): Update to 2.6.12.
---
gnu/packages/vpn.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 9f36595bfd..193b247779 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -867,7 +867,7 @@ (define-public openfortivpn
(define-public openvpn
(package
(name "openvpn")
- (version "2.6.7")
+ (version "2.6.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -875,7 +875,7 @@ (define-public openvpn
version ".tar.gz"))
(sha256
(base32
- "04wr0g97nmv81javym8r99mglmb86v1i49xmnmzf938x1cs7g67f"))))
+ "0a8r3bvg4aic9b7dix0h7990g3j1gq17wd3w6vqk8vk8xgfhyq8w"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-iproute2=yes")))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:10 GMT)
Full text and
rfc822 format available.
Message #137 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-26981.
* gnu/packages/language.scm (liblouis): Update to 3.31.0.
[arguments]: Improve style using gexps.
[native-inputs]: Rewrite and replace python-wrapper by python.
---
gnu/packages/language.scm | 47 ++++++++++++++++++---------------------
1 file changed, 22 insertions(+), 25 deletions(-)
diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
index 78fcba4287..6a5e7927b4 100644
--- a/gnu/packages/language.scm
+++ b/gnu/packages/language.scm
@@ -10,6 +10,7 @@
;;; Copyright © 2023 gemmaro <gemmaro.dev <at> gmail.com>
;;; Copyright © 2024 Efraim Flashner <efraim <at> flashner.co.il>
;;; Copyright © 2024 Charles <charles <at> charje.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -338,7 +339,7 @@ (define-public libchewing
(define-public liblouis
(package
(name "liblouis")
- (version "3.15.0")
+ (version "3.31.0")
(source
(origin
(method git-fetch)
@@ -348,34 +349,30 @@ (define-public liblouis
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1ljy5xsy7vf2r0ix0d7bqcr6qvr6897f8madsx9zlm1mrj31n5px"))))
+ (base32 "02bga2l4jiyrgfqdl27wszz5yd6h80n2dmq3p6nb2br83jywisfh"))))
(build-system gnu-build-system)
(outputs '("out" "bin" "doc" "python"))
(arguments
- `(#:configure-flags
- (list
- "--disable-static"
- "--enable-ucs4")
- #:phases
- (modify-phases %standard-phases
- (add-after 'install 'install-python-extension
- (lambda* (#:key outputs #:allow-other-keys)
- (with-directory-excursion "python"
- (invoke "python" "setup.py" "install"
- (string-append "--prefix="
- (assoc-ref outputs "python"))
- "--root=/")))))))
+ (list
+ #:configure-flags #~(list "--disable-static" "--enable-ucs4")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'install 'install-python-extension
+ (lambda _
+ (with-directory-excursion "python"
+ (invoke "python3" "setup.py" "install" "--root=/"
+ (string-append "--prefix=" #$output:python))))))))
(native-inputs
- `(("autoconf" ,autoconf)
- ("automake" ,automake)
- ("clang-format" ,clang)
- ("help2man" ,help2man)
- ("libtool" ,libtool)
- ("libyaml" ,libyaml)
- ("makeinfo" ,texinfo)
- ("perl" ,perl)
- ("pkg-config" ,pkg-config)
- ("python" ,python-wrapper)))
+ (list autoconf
+ automake
+ clang
+ help2man
+ libtool
+ libyaml
+ texinfo
+ perl
+ pkg-config
+ python))
(synopsis "Braille translator and back-translator")
(description "Liblouis is a braille translator and back-translator named in
honor of Louis Braille. It features support for computer and literary braille,
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:11 GMT)
Full text and
rfc822 format available.
Message #140 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Thix fixes CVE-2021-4296.
* gnu/packages/emulators.scm (unicorn): Update to 2.1.1.
---
gnu/packages/emulators.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index f0a60c0b49..948e588c4c 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -3508,13 +3508,18 @@ (define-public zsnes
(define-public unicorn
(package
(name "unicorn")
- (version "2.0.1.post1")
+ (version "2.1.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
- (base32 "0mlfs8qfi0clyncfkbxp6in0cpl747510i6bqymwid43xcirbikz"))))
+ (base32 "18sbrycr62wcs3a68a9q76ihpahfsd4bn3mryvyhimwwn1342kwh"))
+ (modules '((guix build utils)))
+ ;; cmake files are not in the cmake dir in pypi
+ (snippet #~(substitute* "src/CMakeLists.txt"
+ (("include\\(cmake/")
+ "include(")))))
(build-system pyproject-build-system)
(native-inputs (list cmake pkg-config))
(home-page "https://www.unicorn-engine.org")
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:11 GMT)
Full text and
rfc822 format available.
Message #143 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This package is not developped anymore.
* gnu/packages/video.scm (youtube-dl): Deprecate package.
---
gnu/packages/video.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index ff5dcd8daa..74cfabf6e7 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -93,6 +93,7 @@ (define-module (gnu packages video)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix packages)
+ #:use-module (guix deprecation)
#:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix git-download)
@@ -3085,7 +3086,7 @@ (define-public yle-dl
video streaming services of the Finnish national broadcasting company Yle.")
(license license:gpl3+)))
-(define-public youtube-dl
+(define-deprecated/public youtube-dl #f
(package
(name "youtube-dl")
(version "2021.12.17")
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:12 GMT)
Full text and
rfc822 format available.
Message #146 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/openpgp.scm (sexpp): New variable.
---
gnu/packages/openpgp.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 9b6f04b407..356908ab1f 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Justus Winter <justus <at> sequoia-pgp.org>
+;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -157,3 +158,26 @@ (define-public rnp
license:asl2.0
;; Nominet UK's BSD 3-Clause License (netpgp).
license:bsd-3)))))
+
+(define-public sexpp
+ (package
+ (name "sexpp")
+ (version "0.9.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rnpgp/sexpp")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "16y9f42w6ay3w0s23xmigqm0qi1swdfvc93g2xn3xkg1r4kpmnwq"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:configure-flags '(list "-DDOWNLOAD_GTEST=off")))
+ (native-inputs (list googletest pkg-config))
+ (home-page "https://github.com/rnpgp/sexpp")
+ (synopsis "C++ library for S-expressions")
+ (description
+ "This package provides a C++ library for working with S-Expressions.")
+ (license license:expat)))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:13 GMT)
Full text and
rfc822 format available.
Message #149 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-29479 and CVE-2023-29480.
* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.
---
gnu/packages/openpgp.scm | 52 +++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 22 deletions(-)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 356908ab1f..baf786c5ee 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -23,6 +23,7 @@ (define-module (gnu packages openpgp)
#:use-module (guix git-download)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages check)
@@ -98,10 +99,10 @@ (define-public dkgpg
(license license:gpl2+)))
(define-public rnp
- (let ((day-of-release "2022-09-22"))
+ (let ((day-of-release "2024-05-14"))
(package
(name "rnp")
- (version "0.16.2")
+ (version "0.17.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -110,33 +111,40 @@ (define-public rnp
(file-name (git-file-name name version))
(sha256
(base32
- "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8"))))
+ "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d"))))
(build-system cmake-build-system)
- (arguments `(#:configure-flags
- '("-DBUILD_SHARED_LIBS=on"
- "-DBUILD_TESTING=on"
- "-DDOWNLOAD_GTEST=off"
- "-DDOWNLOAD_RUBYRNP=off")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-tests
- (lambda _
- (substitute* "src/tests/support.cpp"
- (("\"cp\"") (search-input-file inputs "/bin/cp")))))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (when tests?
- ;; Some OpenPGP certificates used by the tests expire.
- ;; To work around that, set the time to roughly the
- ;; release date.
- (invoke "faketime" ,day-of-release "make" "test")))))))
+ (arguments
+ (list
+ #:configure-flags
+ ''("-DBUILD_SHARED_LIBS=on"
+ "-DBUILD_TESTING=on"
+ "-DDOWNLOAD_GTEST=off"
+ "-DDOWNLOAD_RUBYRNP=off")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'patch-tests
+ (lambda _
+ (substitute* "src/tests/support.cpp"
+ (("\"cp\"") (search-input-file inputs "/bin/cp")))))
+ (add-after 'unpack 'inject-sexpp-source
+ (lambda _
+ (rmdir "src/libsexpp")
+ (symlink #$(package-source (this-package-input "sexpp"))
+ "src/libsexpp")))
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ ;; Some OpenPGP certificates used by the tests expire.
+ ;; To work around that, set the time to roughly the
+ ;; release date.
+ (invoke "faketime" #$day-of-release "make" "test")))))))
(native-inputs
(list gnupg ; for tests
googletest ; for tests
libfaketime ; for tests
pkg-config
python))
- (inputs (list botan bzip2 json-c zlib))
+ (inputs (list botan bzip2 json-c sexpp zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:13 GMT)
Full text and
rfc822 format available.
Message #152 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-50471 and CVE-2023-50472.
* gnu/packages/javascript.scm (cjson): Update to 1.7.18.
---
gnu/packages/javascript.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
index 4f97dcfef6..b48acf47dc 100644
--- a/gnu/packages/javascript.scm
+++ b/gnu/packages/javascript.scm
@@ -49,7 +49,7 @@ (define-module (gnu packages javascript)
(define-public cjson
(package
(name "cjson")
- (version "1.7.16")
+ (version "1.7.18")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -57,7 +57,7 @@ (define-public cjson
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "00599lzzb0vszk317n0gln7wizdpchy4warxgpj3khrir73pphbb"))))
+ (base32 "08p37q4i3za3dgz7wynma1fh8y4rq7pyzyjzcda710nxrmsm1pyv"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags '("-DENABLE_CJSON_UTILS=On")))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Sun, 03 Nov 2024 16:04:14 GMT)
Full text and
rfc822 format available.
Message #155 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-36177.
* gnu/packages/audio.scm (snapcast): Update to 0.29.0.
---
gnu/packages/audio.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index eaffa0842d..467dc4a74f 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -1567,7 +1567,7 @@ (define-public omins-lv2
(define-public snapcast
(package
(name "snapcast")
- (version "0.27.0")
+ (version "0.29.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -1576,7 +1576,7 @@ (define-public snapcast
(file-name (git-file-name name version))
(sha256
(base32
- "10l5hvmaqr9ykipsnzl95wqg19ff36rhpa1q88axxcia0k2valkn"))))
+ "1960xp54vsndj9vvc03kx9kg9phdchdgrfghhvcp2b0nfq2qcqqm"))))
(build-system cmake-build-system)
(arguments
'(#:tests? #f)) ; no included tests
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 09:39:02 GMT)
Full text and
rfc822 format available.
Message #158 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2024-9780.
>
> * gnu/packages/networking.scm (wireshark): Update to 4.4.1.
> ---
> gnu/packages/networking.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
> index 17d4072ee0..be8b5c8e93 100644
> --- a/gnu/packages/networking.scm
> +++ b/gnu/packages/networking.scm
> @@ -1805,14 +1805,14 @@ (define-public whois
> (define-public wireshark
> (package
> (name "wireshark")
> - (version "4.4.0")
> + (version "4.4.1")
> (source
> (origin
> (method url-fetch)
> (uri (string-append "https://www.wireshark.org/download/src/wireshark-"
> version ".tar.xz"))
> (sha256
> - (base32 "0s8jqxcvq7ibfsq8v4scl8dq7y5hqgpivq4iw9y2x6jj136cvmga"))))
> + (base32 "1v2nflm8rdifc6pwlzn1ciz22wl15zwkqs3r7gjw60kh59brd7ib"))))
> (build-system qt-build-system)
> (arguments
> (list
apply, and switch to git-fetch.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 09:39:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 09:40:02 GMT)
Full text and
rfc822 format available.
Message #164 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2023-50471 and CVE-2023-50472.
>
> * gnu/packages/javascript.scm (cjson): Update to 1.7.18.
> ---
> gnu/packages/javascript.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
> index 4f97dcfef6..b48acf47dc 100644
> --- a/gnu/packages/javascript.scm
> +++ b/gnu/packages/javascript.scm
> @@ -49,7 +49,7 @@ (define-module (gnu packages javascript)
> (define-public cjson
> (package
> (name "cjson")
> - (version "1.7.16")
> + (version "1.7.18")
> (source (origin
> (method git-fetch)
> (uri (git-reference
> @@ -57,7 +57,7 @@ (define-public cjson
> (commit (string-append "v" version))))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "00599lzzb0vszk317n0gln7wizdpchy4warxgpj3khrir73pphbb"))))
> + (base32 "08p37q4i3za3dgz7wynma1fh8y4rq7pyzyjzcda710nxrmsm1pyv"))))
> (build-system cmake-build-system)
> (arguments
> `(#:configure-flags '("-DENABLE_CJSON_UTILS=On")))
apply
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 09:40:03 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 09:41:02 GMT)
Full text and
rfc822 format available.
Message #170 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2022-37454.
>
> * gnu/packages/pypy.scm (pypy): Update to 7.3.17.
> ---
> gnu/packages/pypy.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/pypy.scm b/gnu/packages/pypy.scm
> index a39621b5ad..90986ac096 100644
> --- a/gnu/packages/pypy.scm
> +++ b/gnu/packages/pypy.scm
> @@ -42,14 +42,14 @@ (define-module (gnu packages pypy)
> (define-public pypy
> (package
> (name "pypy")
> - (version "7.3.13")
> + (version "7.3.17")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://downloads.python.org/pypy/"
> "pypy3.10-v" version "-src.tar.bz2"))
> (sha256
> (base32
> - "0v9s6pwrnaxqi5h1pvmaphj6kgyczx07ykl07hcx656h34y77haa"))))
> + "1xsbn9mbxi2kai4gg1nz6n6cbqsq60qh65f5l6ld7ip9g32lpmva"))))
> (build-system gnu-build-system)
> (arguments
> (list
apply
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 09:41:02 GMT)
Full text and
rfc822 format available.
Message #173 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2024-23770 and CVE-2024-23771.
>
> * gnu/packages/web.scm (darkhttpd): Update to 1.16.
> [arguments]: Improve style.
> ---
> gnu/packages/web.scm | 24 +++++++++++-------------
> 1 file changed, 11 insertions(+), 13 deletions(-)
>
> diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
> index 34739bf088..eb27d3448c 100644
> --- a/gnu/packages/web.scm
> +++ b/gnu/packages/web.scm
> @@ -6417,7 +6417,7 @@ (define-public surfraw
> (define-public darkhttpd
> (package
> (name "darkhttpd")
> - (version "1.13")
> + (version "1.16")
> (source
> (origin
> (method git-fetch)
> @@ -6426,20 +6426,18 @@ (define-public darkhttpd
> (commit (string-append "v" version))))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk"))))
> + (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm"))))
> (build-system gnu-build-system)
> (arguments
> - `(#:make-flags
> - (list (string-append "CC=" ,(cc-for-target)))
> - #:tests? #f ; No test suite
> - #:phases
> - (modify-phases %standard-phases
> - (delete 'configure) ; no configure script
> - (replace 'install
> - (lambda* (#:key outputs #:allow-other-keys)
> - (install-file "darkhttpd"
> - (string-append (assoc-ref outputs "out")
> - "/bin")))))))
> + (list
> + #:make-flags #~(list (string-append "CC=" #$(cc-for-target)))
> + #:tests? #f ; No test suite
> + #:phases
> + #~(modify-phases %standard-phases
> + (delete 'configure) ; no configure script
> + (replace 'install
> + (lambda _
> + (install-file "darkhttpd" (string-append #$output "/bin")))))))
> (synopsis "Simple static web server")
> (description "darkhttpd is a simple static web server. It is
> standalone and does not need inetd or ucspi-tcp. It does not need any
apply, and enable tests.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 09:41:03 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 09:41:03 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 11:58:02 GMT)
Full text and
rfc822 format available.
Message #182 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908,
> CVE-2022-1987, CVE-2022-2279, CVE-2022-29788, CVE-2021-3751,
> CVE-2021-3881, CVE-2021-3888 and CVE-2021-3889.
>
> * gnu/packages/ebook.scm (libmobi): Update to 0.12.
> ---
> gnu/packages/ebook.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
> index dc30c98fdf..bf8dcfad09 100644
> --- a/gnu/packages/ebook.scm
> +++ b/gnu/packages/ebook.scm
> @@ -648,7 +648,7 @@ (define-public xchm
> (define-public libmobi
> (package
> (name "libmobi")
> - (version "0.6")
> + (version "0.12")
> (source (origin
> (method git-fetch)
> (uri (git-reference
> @@ -657,7 +657,7 @@ (define-public libmobi
> (file-name (git-file-name name version))
> (sha256
> (base32
> - "0yps72cm609xn2k7alflkdhp9kgr1w7zzyxjygz0n1kqrdcplihh"))))
> + "0cwya9n0rd97ai0fcqjwq7b3sjzigf3ywp7bnkbbw541f3knpds9"))))
> (build-system gnu-build-system)
> (native-inputs
> (list autoconf automake libtool))
apply.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 11:58:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 11:59:02 GMT)
Full text and
rfc822 format available.
Message #188 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2022-26981.
>
> * gnu/packages/language.scm (liblouis): Update to 3.31.0.
> [arguments]: Improve style using gexps.
> [native-inputs]: Rewrite and replace python-wrapper by python.
> ---
> gnu/packages/language.scm | 47 ++++++++++++++++++---------------------
> 1 file changed, 22 insertions(+), 25 deletions(-)
>
> diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
> index 78fcba4287..6a5e7927b4 100644
> --- a/gnu/packages/language.scm
> +++ b/gnu/packages/language.scm
> @@ -10,6 +10,7 @@
> ;;; Copyright © 2023 gemmaro <gemmaro.dev <at> gmail.com>
> ;;; Copyright © 2024 Efraim Flashner <efraim <at> flashner.co.il>
> ;;; Copyright © 2024 Charles <charles <at> charje.net>
> +;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -338,7 +339,7 @@ (define-public libchewing
> (define-public liblouis
> (package
> (name "liblouis")
> - (version "3.15.0")
> + (version "3.31.0")
> (source
> (origin
> (method git-fetch)
> @@ -348,34 +349,30 @@ (define-public liblouis
> (commit (string-append "v" version))))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "1ljy5xsy7vf2r0ix0d7bqcr6qvr6897f8madsx9zlm1mrj31n5px"))))
> + (base32 "02bga2l4jiyrgfqdl27wszz5yd6h80n2dmq3p6nb2br83jywisfh"))))
> (build-system gnu-build-system)
> (outputs '("out" "bin" "doc" "python"))
> (arguments
> - `(#:configure-flags
> - (list
> - "--disable-static"
> - "--enable-ucs4")
> - #:phases
> - (modify-phases %standard-phases
> - (add-after 'install 'install-python-extension
> - (lambda* (#:key outputs #:allow-other-keys)
> - (with-directory-excursion "python"
> - (invoke "python" "setup.py" "install"
> - (string-append "--prefix="
> - (assoc-ref outputs "python"))
> - "--root=/")))))))
> + (list
> + #:configure-flags #~(list "--disable-static" "--enable-ucs4")
> + #:phases
> + #~(modify-phases %standard-phases
> + (add-after 'install 'install-python-extension
> + (lambda _
> + (with-directory-excursion "python"
> + (invoke "python3" "setup.py" "install" "--root=/"
> + (string-append "--prefix=" #$output:python))))))))
> (native-inputs
> - `(("autoconf" ,autoconf)
> - ("automake" ,automake)
> - ("clang-format" ,clang)
> - ("help2man" ,help2man)
> - ("libtool" ,libtool)
> - ("libyaml" ,libyaml)
> - ("makeinfo" ,texinfo)
> - ("perl" ,perl)
> - ("pkg-config" ,pkg-config)
> - ("python" ,python-wrapper)))
> + (list autoconf
> + automake
> + clang
> + help2man
> + libtool
> + libyaml
> + texinfo
> + perl
> + pkg-config
> + python))
> (synopsis "Braille translator and back-translator")
> (description "Liblouis is a braille translator and back-translator named in
> honor of Louis Braille. It features support for computer and literary braille,
apply, adjust message and use python-minimal, not python.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 11:59:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 12:00:02 GMT)
Full text and
rfc822 format available.
Message #194 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2023-44821 and CVE-2023-46009.
>
> * gnu/packages/image.scm (gifsicle): Update to 1.95.
> ---
> gnu/packages/image.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
> index 7f17c71aef..0d6593dc21 100644
> --- a/gnu/packages/image.scm
> +++ b/gnu/packages/image.scm
> @@ -2172,14 +2172,14 @@ (define-public swappy
> (define-public gifsicle
> (package
> (name "gifsicle")
> - (version "1.94")
> + (version "1.95")
> (source
> (origin
> (method url-fetch)
> (uri (string-append "https://www.lcdf.org/gifsicle/gifsicle-"
> version ".tar.gz"))
> (sha256
> - (base32 "16zq5wd6fyjgy0p0mak15k3mh1zpqb9rg6gqfpg215kqq02p1jab"))))
> + (base32 "0l69gn562l7a1l10zz1bfs756ipd682idgpk60qs3llz013icwdj"))))
> (build-system gnu-build-system)
> (arguments
> '(#:phases
apply, and build from git source, use g-expressions.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 12:00:03 GMT)
Full text and
rfc822 format available.
Message #197 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2021-40153 and CVE-2021-41072.
>
> * gnu/packages/compression.scm (squashfs-tools): Update to 4.6.1.
> [arguments]: Improve style.
> <#:make-flags>: Add INSTALL_MANPAGES_DIR value.
> <#:phases>: Remove phase 'install-documentation. Add phase
> 'patch-generated-source-shebangs.
> [native-inputs]: Add coreutils-minimal, help2man, which.
> [inputs]: Rewrite.
> ---
> gnu/packages/compression.scm | 52 ++++++++++++++++++------------------
> 1 file changed, 26 insertions(+), 26 deletions(-)
>
> diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
> index 97696ff0ef..7627717db6 100644
> --- a/gnu/packages/compression.scm
> +++ b/gnu/packages/compression.scm
> @@ -1023,7 +1023,7 @@ (define-public lz4
> (define-public squashfs-tools
> (package
> (name "squashfs-tools")
> - (version "4.5")
> + (version "4.6.1")
> (source
> (origin
> (method git-fetch)
> @@ -1032,34 +1032,34 @@ (define-public squashfs-tools
> (commit version)))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "18d4nwa22vgb8j2badngjngw63f0lj501cvlh3920wqy2mqxwav6"))))
> + (base32 "14nisidxx2d2qivyv7xfcg59qkj4fjiniir7nvymazdsng63gcr1"))))
> (build-system gnu-build-system)
> (arguments
> - `(#:tests? #f ; no check target
> - #:make-flags
> - (list (string-append "CC=" ,(cc-for-target))
> - "XZ_SUPPORT=1"
> - "LZO_SUPPORT=1"
> - "LZ4_SUPPORT=1"
> - "ZSTD_SUPPORT=1"
> - (string-append "INSTALL_DIR=" (assoc-ref %outputs "out") "/bin"))
> - #:phases
> - (modify-phases %standard-phases
> - (replace 'configure
> - (lambda _
> - (chdir "squashfs-tools")))
> - (add-after 'install 'install-documentation
> - ;; Install what very little usage documentation is provided.
> - (lambda* (#:key outputs #:allow-other-keys)
> - (let* ((out (assoc-ref outputs "out"))
> - (doc (string-append out "/share/doc/" ,name)))
> - (install-file "../USAGE" doc)))))))
> + (list
> + #:tests? #f ; no check target
> + #:make-flags
> + #~(list
> + (string-append "CC=" #$(cc-for-target))
> + "XZ_SUPPORT=1"
> + "LZO_SUPPORT=1"
> + "LZ4_SUPPORT=1"
> + "ZSTD_SUPPORT=1"
> + (string-append "INSTALL_DIR=" #$output "/bin")
> + (string-append "INSTALL_MANPAGES_DIR=" #$output "/share/man/man1"))
> + #:phases
> + #~(modify-phases %standard-phases
> + (replace 'configure
> + (lambda _
> + (chdir "squashfs-tools")))
> + (add-after 'patch-source-shebangs 'patch-generated-source-shebangs
> + (lambda _
> + (substitute* (find-files "generate-manpages" "\\.sh")
> + (("print \"#!/bin/sh")
> + (string-append "print \"#!" (which "sh")))))))))
> + (native-inputs
> + (list coreutils-minimal help2man which))
> (inputs
> - `(("lz4" ,lz4)
> - ("lzo" ,lzo)
> - ("xz" ,xz)
> - ("zlib" ,zlib)
> - ("zstd:lib" ,zstd "lib")))
> + (list lz4 lzo xz zlib `(,zstd "lib")))
> (home-page "https://github.com/plougher/squashfs-tools")
> (synopsis "Tools to create and extract squashfs file systems")
> (description
apply
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 12:00:04 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 12:00:04 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:07:02 GMT)
Full text and
rfc822 format available.
Message #206 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2021-39360.
>
> * gnu/packages/gnome.scm (libzapojit): Update to 0.0.3-1.99d49ba.
> ---
> gnu/packages/gnome.scm | 45 ++++++++++++++++++++++--------------------
> 1 file changed, 24 insertions(+), 21 deletions(-)
>
> diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
> index 77a0633b50..82ea9d6699 100644
> --- a/gnu/packages/gnome.scm
> +++ b/gnu/packages/gnome.scm
> @@ -10591,28 +10591,31 @@ (define-public gsound
> (license license:lgpl2.1+)))
>
> (define-public libzapojit
> - (package
> - (name "libzapojit")
> - (version "0.0.3")
> - (source (origin
> - (method url-fetch)
> - (uri (string-append "mirror://gnome/sources/" name "/"
> - (version-major+minor version) "/"
> - name "-" version ".tar.xz"))
> - (sha256
> - (base32
> - "0zn3s7ryjc3k1abj4k55dr2na844l451nrg9s6cvnnhh569zj99x"))))
> - (build-system gnu-build-system)
> - (native-inputs
> - (list gobject-introspection intltool pkg-config))
> - (inputs
> - (list gnome-online-accounts json-glib rest))
> - (home-page "https://wiki.gnome.org/Projects/Zapojit")
> - (synopsis "Library for accessing SkyDrive and Hotmail")
> - (description
> - "Libzapojit is a GLib-based library for accessing online service APIs of
> + (let ((revision "1")
> + (commit "99d49bac5edc4afdcac742a0a142908e405597b0"))
> + (package
> + (name "libzapojit")
> + (version (git-version "0.0.3" revision commit))
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://gitlab.gnome.org/Archive/libzapojit")
> + (commit commit)))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32 "12frqg925rmic3rf37h5vs48xdy3mfi4ip24v0bl73h5sxy8n828"))))
> + (build-system gnu-build-system)
> + (native-inputs
> + (list gobject-introspection intltool pkg-config))
> + (inputs
> + (list gnome-online-accounts json-glib rest))
> + (home-page "https://wiki.gnome.org/Projects/Zapojit")
> + (synopsis "Library for accessing SkyDrive and Hotmail")
> + (description
> + "Libzapojit is a GLib-based library for accessing online service APIs of
> Microsoft SkyDrive and Hotmail, using their REST protocols.")
> - (license license:lgpl2.1+)))
> + (license license:lgpl2.1+))))
>
> (define-public gnome-clocks
> (package
apply, and add autoconf, autoconf-archive, automake, glib:bin and
libtool to fix build.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:07:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:09:01 GMT)
Full text and
rfc822 format available.
Message #212 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2021-28902, CVE-2021-28903, CVE-2021-28904,
> CVE-2021-28905 and CVE-2021-28906.
>
> * gnu/packages/networking.scm (libyang): Update to 3.4.2.
> ---
> gnu/packages/networking.scm | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
> index 8481e2d2f4..17d4072ee0 100644
> --- a/gnu/packages/networking.scm
> +++ b/gnu/packages/networking.scm
> @@ -4238,7 +4238,7 @@ (define-public iwgtk
> (define-public libyang
> (package
> (name "libyang")
> - (version "1.0.215")
> + (version "3.4.2")
> (source (origin
> (method git-fetch)
> (uri (git-reference
> @@ -4247,12 +4247,12 @@ (define-public libyang
> (file-name (git-file-name name version))
> (sha256
> (base32
> - "0mrs2ppmq77z8sbqgm2w0rl9bfgybd6bcxanakfww4chih6cy0dw"))))
> + "07skjr3r4na12kadca2dyk45clpcpnp4zkkwfaa8sqyslx7vhj56"))))
> (build-system cmake-build-system)
> (arguments
> `(#:configure-flags
> (list "-DENABLE_BUILD_TESTS=ON" "-DENABLE_LYD_PRIV=ON")))
> - (propagated-inputs (list pcre))
> + (propagated-inputs (list pcre2))
> (native-inputs (list cmocka pkg-config))
> (home-page "https://github.com/CESNET/libyang")
> (synopsis "YANG data modelling language library")
apply, and update it single dependent package: frrouting.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:09:02 GMT)
Full text and
rfc822 format available.
Message #215 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
> CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
> CVE-2023-43665 and CVE-2023-46695.
>
> * gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
> [properties]: Add lint-hidden-cve property.
> ---
> gnu/packages/django.scm | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
> index 4404c8368d..4cf043f7c1 100644
> --- a/gnu/packages/django.scm
> +++ b/gnu/packages/django.scm
> @@ -57,13 +57,13 @@ (define-module (gnu packages django)
> (define-public python-django-4.2
> (package
> (name "python-django")
> - (version "4.2.5")
> + (version "4.2.16")
> (source (origin
> (method url-fetch)
> (uri (pypi-uri "Django" version))
> (sha256
> (base32
> - "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
> + "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
> (build-system pyproject-build-system)
> (arguments
> '(#:test-flags
> @@ -140,7 +140,9 @@ (define-public python-django-4.2
> any Web site. Django focuses on automating as much as possible and adhering
> to the @dfn{don't repeat yourself} (DRY) principle.")
> (license license:bsd-3)
> - (properties `((cpe-name . "django")))))
> + (properties `((cpe-name . "django")
> + ;; This CVE seems fixed since 4.2.1.
> + (lint-hidden-cve . ("CVE-2023-31047"))))))
>
> (define-public python-django-3.2
> (package
apply.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:09:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:09:03 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:10:01 GMT)
Full text and
rfc822 format available.
Message #224 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2023-31137.
>
> * gnu/packages/dns.scm (maradns): Update to 3.5.0036.
> [properties]: Add release-monitoring-url property.
> ---
> gnu/packages/dns.scm | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
> index e911a142ef..bd2df30f01 100644
> --- a/gnu/packages/dns.scm
> +++ b/gnu/packages/dns.scm
> @@ -1181,7 +1181,7 @@ (define-public public-suffix-list
> (define-public maradns
> (package
> (name "maradns")
> - (version "3.5.0022")
> + (version "3.5.0036")
> (source
> (origin
> (method url-fetch)
> @@ -1189,7 +1189,7 @@ (define-public maradns
> (version-major+minor version) "/"
> version "/maradns-" version ".tar.xz"))
> (sha256
> - (base32 "1sw267jxxxngjcar8cj3jpxnpiz0szgkhlz5l46c67qs690w9kdi"))))
> + (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
> (build-system gnu-build-system)
> (arguments
> `(#:tests? #f ; need to be root to run tests
> @@ -1226,6 +1226,8 @@ (define-public maradns
> (description "MaraDNS is a small and lightweight DNS server. MaraDNS
> consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
> and TCP-capable recursive DNS server for finding domains on the internet.")
> + (properties '((release-monitoring-url
> + . "https://maradns.samiam.org/download.html")))
> (license license:bsd-2)))
>
> (define-public openresolv
apply.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:10:02 GMT)
Full text and
rfc822 format available.
Message #227 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> * gnu/packages/dns.scm (maradns)[arguments]: Use gexps.
> ---
> gnu/packages/dns.scm | 58 ++++++++++++++++++++++----------------------
> 1 file changed, 29 insertions(+), 29 deletions(-)
>
> diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
> index bd2df30f01..7a78fb0308 100644
> --- a/gnu/packages/dns.scm
> +++ b/gnu/packages/dns.scm
> @@ -1192,35 +1192,35 @@ (define-public maradns
> (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
> (build-system gnu-build-system)
> (arguments
> - `(#:tests? #f ; need to be root to run tests
> - #:make-flags
> - (list
> - ,(string-append "CC=" (cc-for-target))
> - (string-append "PREFIX=" %output)
> - (string-append "RPM_BUILD_ROOT=" %output))
> - #:phases
> - (modify-phases %standard-phases
> - (replace 'configure
> - (lambda* (#:key native-inputs target #:allow-other-keys)
> - ;; make_32bit_tables generates a header file that is used during
> - ;; compilation. Hence, during cross compilation, it should be
> - ;; built for the host system.
> - (when target
> - (substitute* "rng/Makefile"
> - (("\\$\\(CC\\) -o make_32bit_tables")
> - (string-append (assoc-ref native-inputs "gcc")
> - "/bin/gcc -o make_32bit_tables"))))
> - (invoke "./configure")))
> - (add-before 'install 'create-install-directories
> - (lambda* (#:key outputs #:allow-other-keys)
> - (let ((out (assoc-ref outputs "out")))
> - (for-each (lambda (dir)
> - (mkdir-p (string-append out dir)))
> - (list "/bin" "/sbin" "/etc"
> - "/share/man/man1"
> - "/share/man/man5"
> - "/share/man/man8"))
> - #t))))))
> + (list
> + #:tests? #f ; need to be root to run tests
> + #:make-flags
> + #~(list
> + (string-append "CC=" #$(cc-for-target))
> + (string-append "PREFIX=" #$output)
> + (string-append "RPM_BUILD_ROOT=" #$output))
> + #:phases
> + #~(modify-phases %standard-phases
> + (replace 'configure
> + (lambda* (#:key native-inputs target #:allow-other-keys)
> + ;; make_32bit_tables generates a header file that is used during
> + ;; compilation. Hence, during cross compilation, it should be
> + ;; built for the host system.
> + (when target
> + (substitute* "rng/Makefile"
> + (("\\$\\(CC\\) -o make_32bit_tables")
> + (string-append (search-input-file native-inputs "/bin/gcc")
> + " -o make_32bit_tables"))))
> + ;; ./configure doesn't support default flags
> + (invoke "./configure")))
> + (add-before 'install 'create-install-directories
> + (lambda _
> + (for-each (lambda (dir)
> + (mkdir-p (string-append #$output dir)))
> + (list "/bin" "/sbin" "/etc"
> + "/share/man/man1"
> + "/share/man/man5"
> + "/share/man/man8")))))))
> (home-page "https://maradns.samiam.org")
> (synopsis "Small lightweight DNS server")
> (description "MaraDNS is a small and lightweight DNS server. MaraDNS
apply.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:10:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:10:03 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:13:01 GMT)
Full text and
rfc822 format available.
Message #236 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2023-34795.
>
> * gnu/packages/xml.scm (xlsxio): Update to 0.2.35.
> ---
> gnu/packages/xml.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
> index cfd53a291a..4a3936b66d 100644
> --- a/gnu/packages/xml.scm
> +++ b/gnu/packages/xml.scm
> @@ -1545,7 +1545,7 @@ (define-public xerces-c
> (define-public xlsxio
> (package
> (name "xlsxio")
> - (version "0.2.33")
> + (version "0.2.35")
> (source
> (origin
> (method git-fetch)
> @@ -1554,7 +1554,7 @@ (define-public xlsxio
> (commit version)))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "16i3yd168kb63za7jpycpb2by4831gz7wi90vzifdf85csc8c70s"))))
> + (base32 "140ap2l3qy27z1fhqpkq3a44aikhr3v5zlnm9m8vag42qiagiznx"))))
> (native-inputs
> (list expat gnu-make minizip which))
> (build-system gnu-build-system)
apply
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 04 Nov 2024 16:13:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:13:02 GMT)
Full text and
rfc822 format available.
Message #242 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This patch series removes patches that have been built in the v2, so
that it's easier to review. It's also a bump for QA.
Nicolas Graves (8):
gnu: bart: Update to 0.9.00. [security fixes]
gnu: pam-u2f: Update to 1.3.0. [security fixes]
gnu: sendmail: Update to 8.18.1. [security fixes]
gnu: openvpn: Update to 2.6.12. [security fixes]
gnu: youtube-dl: Deprecate package.
gnu: unicorn: Update to 2.1.1. [security fixes]
gnu: Add sexpp.
gnu: rnp: Update to 0.17.1. [security fixes]
gnu/packages/emulators.scm | 9 +++-
gnu/packages/image-processing.scm | 8 ++--
gnu/packages/mail.scm | 5 +-
gnu/packages/openpgp.scm | 76 ++++++++++++++++++++++---------
gnu/packages/security-token.scm | 9 ++--
gnu/packages/video.scm | 3 +-
gnu/packages/vpn.scm | 4 +-
7 files changed, 75 insertions(+), 39 deletions(-)
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:13:02 GMT)
Full text and
rfc822 format available.
Message #245 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes bart reproducibility and CVE-2022-45387.
* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:13:03 GMT)
Full text and
rfc822 format available.
Message #248 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-31924.
* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:13:03 GMT)
Full text and
rfc822 format available.
Message #251 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-51765 and CVE-2021-3618.
* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2c69a7b818..ca1a55818e 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:14:02 GMT)
Full text and
rfc822 format available.
Message #254 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes bart reproducibility and CVE-2022-45387.
* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:15:01 GMT)
Full text and
rfc822 format available.
Message #257 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes bart reproducibility and CVE-2022-45387.
* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:15:02 GMT)
Full text and
rfc822 format available.
Message #260 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2021-31924.
* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:15:02 GMT)
Full text and
rfc822 format available.
Message #263 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-51765 and CVE-2021-3618.
* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2c69a7b818..ca1a55818e 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:15:03 GMT)
Full text and
rfc822 format available.
Message #266 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Thix fixes CVE-2024-24974, CVE-2024-27459 and CVE-2024-27903.
* gnu/packages/vpn.scm (openvpn): Update to 2.6.12.
---
gnu/packages/vpn.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 9f36595bfd..193b247779 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -867,7 +867,7 @@ (define-public openfortivpn
(define-public openvpn
(package
(name "openvpn")
- (version "2.6.7")
+ (version "2.6.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -875,7 +875,7 @@ (define-public openvpn
version ".tar.gz"))
(sha256
(base32
- "04wr0g97nmv81javym8r99mglmb86v1i49xmnmzf938x1cs7g67f"))))
+ "0a8r3bvg4aic9b7dix0h7990g3j1gq17wd3w6vqk8vk8xgfhyq8w"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-iproute2=yes")))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:15:03 GMT)
Full text and
rfc822 format available.
Message #269 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This package is not developped anymore.
* gnu/packages/video.scm (youtube-dl): Deprecate package.
---
gnu/packages/video.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index ff5dcd8daa..74cfabf6e7 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -93,6 +93,7 @@ (define-module (gnu packages video)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix packages)
+ #:use-module (guix deprecation)
#:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix git-download)
@@ -3085,7 +3086,7 @@ (define-public yle-dl
video streaming services of the Finnish national broadcasting company Yle.")
(license license:gpl3+)))
-(define-public youtube-dl
+(define-deprecated/public youtube-dl #f
(package
(name "youtube-dl")
(version "2021.12.17")
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:15:04 GMT)
Full text and
rfc822 format available.
Message #272 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Thix fixes CVE-2021-4296.
* gnu/packages/emulators.scm (unicorn): Update to 2.1.1.
---
gnu/packages/emulators.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index f0a60c0b49..948e588c4c 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -3508,13 +3508,18 @@ (define-public zsnes
(define-public unicorn
(package
(name "unicorn")
- (version "2.0.1.post1")
+ (version "2.1.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
- (base32 "0mlfs8qfi0clyncfkbxp6in0cpl747510i6bqymwid43xcirbikz"))))
+ (base32 "18sbrycr62wcs3a68a9q76ihpahfsd4bn3mryvyhimwwn1342kwh"))
+ (modules '((guix build utils)))
+ ;; cmake files are not in the cmake dir in pypi
+ (snippet #~(substitute* "src/CMakeLists.txt"
+ (("include\\(cmake/")
+ "include(")))))
(build-system pyproject-build-system)
(native-inputs (list cmake pkg-config))
(home-page "https://www.unicorn-engine.org")
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:15:04 GMT)
Full text and
rfc822 format available.
Message #275 received at 74035 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/openpgp.scm (sexpp): New variable.
---
gnu/packages/openpgp.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 9b6f04b407..356908ab1f 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Justus Winter <justus <at> sequoia-pgp.org>
+;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -157,3 +158,26 @@ (define-public rnp
license:asl2.0
;; Nominet UK's BSD 3-Clause License (netpgp).
license:bsd-3)))))
+
+(define-public sexpp
+ (package
+ (name "sexpp")
+ (version "0.9.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rnpgp/sexpp")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "16y9f42w6ay3w0s23xmigqm0qi1swdfvc93g2xn3xkg1r4kpmnwq"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:configure-flags '(list "-DDOWNLOAD_GTEST=off")))
+ (native-inputs (list googletest pkg-config))
+ (home-page "https://github.com/rnpgp/sexpp")
+ (synopsis "C++ library for S-expressions")
+ (description
+ "This package provides a C++ library for working with S-Expressions.")
+ (license license:expat)))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 05 Nov 2024 23:15:05 GMT)
Full text and
rfc822 format available.
Message #278 received at 74035 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-29479 and CVE-2023-29480.
* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.
---
gnu/packages/openpgp.scm | 52 +++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 22 deletions(-)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 356908ab1f..baf786c5ee 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -23,6 +23,7 @@ (define-module (gnu packages openpgp)
#:use-module (guix git-download)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages check)
@@ -98,10 +99,10 @@ (define-public dkgpg
(license license:gpl2+)))
(define-public rnp
- (let ((day-of-release "2022-09-22"))
+ (let ((day-of-release "2024-05-14"))
(package
(name "rnp")
- (version "0.16.2")
+ (version "0.17.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -110,33 +111,40 @@ (define-public rnp
(file-name (git-file-name name version))
(sha256
(base32
- "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8"))))
+ "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d"))))
(build-system cmake-build-system)
- (arguments `(#:configure-flags
- '("-DBUILD_SHARED_LIBS=on"
- "-DBUILD_TESTING=on"
- "-DDOWNLOAD_GTEST=off"
- "-DDOWNLOAD_RUBYRNP=off")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-tests
- (lambda _
- (substitute* "src/tests/support.cpp"
- (("\"cp\"") (search-input-file inputs "/bin/cp")))))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (when tests?
- ;; Some OpenPGP certificates used by the tests expire.
- ;; To work around that, set the time to roughly the
- ;; release date.
- (invoke "faketime" ,day-of-release "make" "test")))))))
+ (arguments
+ (list
+ #:configure-flags
+ ''("-DBUILD_SHARED_LIBS=on"
+ "-DBUILD_TESTING=on"
+ "-DDOWNLOAD_GTEST=off"
+ "-DDOWNLOAD_RUBYRNP=off")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'patch-tests
+ (lambda _
+ (substitute* "src/tests/support.cpp"
+ (("\"cp\"") (search-input-file inputs "/bin/cp")))))
+ (add-after 'unpack 'inject-sexpp-source
+ (lambda _
+ (rmdir "src/libsexpp")
+ (symlink #$(package-source (this-package-input "sexpp"))
+ "src/libsexpp")))
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ ;; Some OpenPGP certificates used by the tests expire.
+ ;; To work around that, set the time to roughly the
+ ;; release date.
+ (invoke "faketime" #$day-of-release "make" "test")))))))
(native-inputs
(list gnupg ; for tests
googletest ; for tests
libfaketime ; for tests
pkg-config
python))
- (inputs (list botan bzip2 json-c zlib))
+ (inputs (list botan bzip2 json-c sexpp zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Wed, 06 Nov 2024 16:11:01 GMT)
Full text and
rfc822 format available.
Message #281 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Hi,
Zheng Junjie <zhengjunjie <at> iscas.ac.cn> skribis:
> Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
>
>> This fixes CVE-2022-26981.
>>
>> * gnu/packages/language.scm (liblouis): Update to 3.31.0.
>> [arguments]: Improve style using gexps.
>> [native-inputs]: Rewrite and replace python-wrapper by python.
[...]
> apply, adjust message and use python-minimal, not python.
Apparently this broke liblouisutdml:
<https://ci.guix.gnu.org/build/6336033/details>.
Many test failures like this:
--8<---------------cut here---------------start------------->8---
warning: lou_getDataPath is deprecated.
../../lbu_files/wiskunde.ctb:43: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:44: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:45: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:46: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:47: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:49: warning: class is deprecated, use attribute instead
unicode.dis,../../lbu_files/wiskunde.ctb,braille-patterns.cti: 6 warnings issued
warning: lou_getDataPath is deprecated.
FAIL test_mathml_woluwe/test_045.test (exit status: 1)
--8<---------------cut here---------------end--------------->8---
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Thu, 07 Nov 2024 11:22:02 GMT)
Full text and
rfc822 format available.
Message #284 received at 74035 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hi,
>
> Zheng Junjie <zhengjunjie <at> iscas.ac.cn> skribis:
>
>> Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
>>
>>> This fixes CVE-2022-26981.
>>>
>>> * gnu/packages/language.scm (liblouis): Update to 3.31.0.
>>> [arguments]: Improve style using gexps.
>>> [native-inputs]: Rewrite and replace python-wrapper by python.
>
> [...]
>
>> apply, adjust message and use python-minimal, not python.
>
> Apparently this broke liblouisutdml:
> <https://ci.guix.gnu.org/build/6336033/details>.
>
> Many test failures like this:
>
> --8<---------------cut here---------------start------------->8---
> warning: lou_getDataPath is deprecated.
> ../../lbu_files/wiskunde.ctb:43: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:44: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:45: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:46: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:47: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:49: warning: class is deprecated, use attribute instead
> unicode.dis,../../lbu_files/wiskunde.ctb,braille-patterns.cti: 6 warnings issued
> warning: lou_getDataPath is deprecated.
> FAIL test_mathml_woluwe/test_045.test (exit status: 1)
> --8<---------------cut here---------------end--------------->8---
>
> Ludo’.
please try https://issues.guix.gnu.org/74238
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 11 Nov 2024 11:49:02 GMT)
Full text and
rfc822 format available.
Message #287 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Hi,
Nicolas Graves <ngraves <at> ngraves.fr> writes:
> This fixes bart reproducibility and CVE-2022-45387.
CVE-2022-45387 is about the Jenkins bart plugin, not this BART toolbox
software; so it's nice to update it but there's no CVE fix here.
--
Thanks,
Maxim
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 11 Nov 2024 11:50:02 GMT)
Full text and
rfc822 format available.
Message #290 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Hi Nicolas,
Nicolas Graves <ngraves <at> ngraves.fr> writes:
> This package is not developped anymore.
>
> * gnu/packages/video.scm (youtube-dl): Deprecate package.
This is maybe a bit preposterous; the repository is still alive, last
touched in August of this year [0].
[0] https://github.com/ytdl-org/youtube-dl
I've dropped this commit from my locally queued series.
--
Thanks,
Maxim
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 11 Nov 2024 13:16:02 GMT)
Full text and
rfc822 format available.
Message #293 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Hi,
Nicolas Graves <ngraves <at> ngraves.fr> writes:
> This fixes CVE-2023-29479 and CVE-2023-29480.
>
> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
> [arguments]: Improve style using gexps.
> <#:phases>: Add phase 'inject-sexpp-source.
> [inputs]: Add sexpp.
This one fails its test suite for me:
--8<---------------cut here---------------start------------->8---
Start 15: rnp_tests.s2k_iteration_tuning
16/263 Test #15: rnp_tests.s2k_iteration_tuning ................................................***Failed 8.02 sec
[...]
The following tests FAILED:
15 - rnp_tests.s2k_iteration_tuning (Failed)
--8<---------------cut here---------------end--------------->8---
It should probably be repoted upstream.
--
Thanks,
Maxim
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 11 Nov 2024 15:23:02 GMT)
Full text and
rfc822 format available.
Message #296 received at 74035 <at> debbugs.gnu.org (full text, mbox):
On 2024-11-11 20:48, Maxim Cournoyer wrote:
> Hi Nicolas,
>
> Nicolas Graves <ngraves <at> ngraves.fr> writes:
>
>> This package is not developped anymore.
>>
>> * gnu/packages/video.scm (youtube-dl): Deprecate package.
>
> This is maybe a bit preposterous; the repository is still alive, last
> touched in August of this year [0].
>
> [0] https://github.com/ytdl-org/youtube-dl
>
> I've dropped this commit from my locally queued series.
My bad, I only checked the home-page because I thought development was
halted (and basically efforts for that functionality went to yt-dlp
instead) for legal reasons. At least the home-page is indeed blocked in
France. I haven't tested the package, OK to drop this commit.
--
Best regards,
Nicolas Graves
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 11 Nov 2024 15:24:02 GMT)
Full text and
rfc822 format available.
Message #299 received at 74035 <at> debbugs.gnu.org (full text, mbox):
On 2024-11-11 22:14, Maxim Cournoyer wrote:
> Hi,
>
> Nicolas Graves <ngraves <at> ngraves.fr> writes:
>
>> This fixes CVE-2023-29479 and CVE-2023-29480.
>>
>> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
>> [arguments]: Improve style using gexps.
>> <#:phases>: Add phase 'inject-sexpp-source.
>> [inputs]: Add sexpp.
>
> This one fails its test suite for me:
>
> --8<---------------cut here---------------start------------->8---
> Start 15: rnp_tests.s2k_iteration_tuning
> 16/263 Test #15: rnp_tests.s2k_iteration_tuning ................................................***Failed 8.02 sec
> [...]
> The following tests FAILED:
> 15 - rnp_tests.s2k_iteration_tuning (Failed)
> --8<---------------cut here---------------end--------------->8---
>
> It should probably be repoted upstream.
Strange, it worked for me IIRC. Maybe tests are flaky and we should
exclude this one?
--
Best regards,
Nicolas Graves
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Mon, 11 Nov 2024 15:24:02 GMT)
Full text and
rfc822 format available.
Message #302 received at 74035 <at> debbugs.gnu.org (full text, mbox):
On 2024-11-11 20:47, Maxim Cournoyer wrote:
> Hi,
>
> Nicolas Graves <ngraves <at> ngraves.fr> writes:
>
>> This fixes bart reproducibility and CVE-2022-45387.
>
> CVE-2022-45387 is about the Jenkins bart plugin, not this BART toolbox
> software; so it's nice to update it but there's no CVE fix here.
Indeed, thanks for checking!
--
Best regards,
Nicolas Graves
Reply sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility.
(Tue, 12 Nov 2024 11:56:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
bug acknowledged by developer.
(Tue, 12 Nov 2024 11:56:02 GMT)
Full text and
rfc822 format available.
Message #307 received at 74035-done <at> debbugs.gnu.org (full text, mbox):
Hi Nicolas,
Nicolas Graves <ngraves <at> ngraves.fr> writes:
> On 2024-11-11 22:14, Maxim Cournoyer wrote:
>
>> Hi,
>>
>> Nicolas Graves <ngraves <at> ngraves.fr> writes:
>>
>>> This fixes CVE-2023-29479 and CVE-2023-29480.
>>>
>>> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
>>> [arguments]: Improve style using gexps.
>>> <#:phases>: Add phase 'inject-sexpp-source.
>>> [inputs]: Add sexpp.
>>
>> This one fails its test suite for me:
>>
>> --8<---------------cut here---------------start------------->8---
>> Start 15: rnp_tests.s2k_iteration_tuning
>> 16/263 Test #15: rnp_tests.s2k_iteration_tuning ................................................***Failed 8.02 sec
>> [...]
>> The following tests FAILED:
>> 15 - rnp_tests.s2k_iteration_tuning (Failed)
>> --8<---------------cut here---------------end--------------->8---
>>
>> It should probably be repoted upstream.
>
> Strange, it worked for me IIRC. Maybe tests are flaky and we should
> exclude this one?
The test appears to be sensitive to the CPU speed; upstream provided a
solution. I've now applied this series, culminating with commit
44b06b030d. Thank you!
--
Maxim
Information forwarded
to
guix-patches <at> gnu.org:
bug#74035; Package
guix-patches.
(Tue, 12 Nov 2024 14:14:03 GMT)
Full text and
rfc822 format available.
Message #310 received at 74035 <at> debbugs.gnu.org (full text, mbox):
Hi,
Nicolas Graves <ngraves <at> ngraves.fr> writes:
> This fixes CVE-2023-29479 and CVE-2023-29480.
>
> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
> [arguments]: Improve style using gexps.
> <#:phases>: Add phase 'inject-sexpp-source.
> [inputs]: Add sexpp.
I could work it out with this:
--8<---------------cut here---------------start------------->8---
modified gnu/packages/openpgp.scm
@@ -117,6 +117,9 @@ (define-public rnp
(list
#:configure-flags
''("-DBUILD_SHARED_LIBS=on"
+ ;; Lower the minimum tuning ratio from 6 to 4, as suggested
+ ;; upstream to avoid the s2k_iteration_tuning failing.
+ "-DS2K_MINIMUM_TUNING_RATIO=4"
"-DBUILD_TESTING=on"
"-DDOWNLOAD_GTEST=off"
"-DDOWNLOAD_RUBYRNP=off")
@@ -129,22 +132,27 @@ (define-public rnp
(add-after 'unpack 'inject-sexpp-source
(lambda _
(rmdir "src/libsexpp")
- (symlink #$(package-source (this-package-input "sexpp"))
+ (symlink #$(package-source (this-package-native-input "sexpp"))
"src/libsexpp")))
(replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
+ (lambda* (#:key tests? parallel-tests? #:allow-other-keys)
(when tests?
;; Some OpenPGP certificates used by the tests expire.
;; To work around that, set the time to roughly the
;; release date.
- (invoke "faketime" #$day-of-release "make" "test")))))))
+ (setenv "CTEST_OUTPUT_ON_FAILURE" "1")
+ (invoke "faketime" #$day-of-release "ctest"
+ "-j" (if parallel-tests?
+ (number->string (parallel-job-count))
+ "1"))))))))
(native-inputs
- (list gnupg ; for tests
- googletest ; for tests
- libfaketime ; for tests
+ (list gnupg ;for tests
+ googletest ;for tests
+ libfaketime ;for tests
pkg-config
- python))
- (inputs (list botan bzip2 json-c sexpp zlib))
+ python
+ sexpp)) ;sexpp is used as source only
+ (inputs (list botan bzip2 json-c zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description
--8<---------------cut here---------------end--------------->8---
Thanks to upstream's extreme responsiveness (answered in seconds!)
Nitpick: inline comments shouldn't have a space between the ';' and the text.
I've also made the test suite run in parallel and restored the
CTEST_OUTPUT_ON_FAILURE behavior of the stock check phase, as that's
very useful in case of problems.
--
Thanks,
Maxim
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 11 Dec 2024 12:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 192 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.