GNU bug report logs - #74035
[PATCH 00/24] [security fixes] for near-leaf packages

Previous Next

Package: guix-patches;

Reported by: Nicolas Graves <ngraves <at> ngraves.fr>

Date: Sat, 26 Oct 2024 22:34:02 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Nicolas Graves <ngraves <at> ngraves.fr>
Subject: bug#74035: closed (Re: [bug#74035] [PATCH v4 8/8] gnu: rnp:
 Update to 0.17.1. [security fixes])
Date: Tue, 12 Nov 2024 11:56:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#74035: [PATCH 00/24] [security fixes] for near-leaf packages

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 74035 <at> debbugs.gnu.org.

-- 
74035: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=74035
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Nicolas Graves <ngraves <at> ngraves.fr>
Cc: 74035-done <at> debbugs.gnu.org
Subject: Re: [bug#74035] [PATCH v4 8/8] gnu: rnp: Update to 0.17.1.
 [security fixes]
Date: Tue, 12 Nov 2024 20:54:44 +0900

Hi Nicolas,

Nicolas Graves <ngraves <at> ngraves.fr> writes:

> On 2024-11-11 22:14, Maxim Cournoyer wrote:
>
>> Hi,
>>
>> Nicolas Graves <ngraves <at> ngraves.fr> writes:
>>
>>> This fixes CVE-2023-29479 and CVE-2023-29480.
>>>
>>> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
>>> [arguments]: Improve style using gexps.
>>> <#:phases>: Add phase 'inject-sexpp-source.
>>> [inputs]: Add sexpp.
>>
>> This one fails its test suite for me:
>>
>> --8<---------------cut here---------------start------------->8---
>>         Start  15: rnp_tests.s2k_iteration_tuning
>>  16/263 Test  #15: rnp_tests.s2k_iteration_tuning ................................................***Failed    8.02 sec
>> [...]
>> The following tests FAILED:
>> 	 15 - rnp_tests.s2k_iteration_tuning (Failed)
>> --8<---------------cut here---------------end--------------->8---
>>
>> It should probably be repoted upstream.
>
> Strange, it worked for me IIRC.  Maybe tests are flaky and we should
> exclude this one?

The test appears to be sensitive to the CPU speed; upstream provided a
solution.  I've now applied this series, culminating with commit
44b06b030d.  Thank you!

-- 
Maxim


[Message part 3 (message/rfc822, inline)]
From: Nicolas Graves <ngraves <at> ngraves.fr>
To: guix-patches <at> gnu.org
Cc: Nicolas Graves <ngraves <at> ngraves.fr>
Subject: [PATCH 00/24] [security fixes] for near-leaf packages
Date: Sun, 27 Oct 2024 00:29:48 +0200

This patch series adds updates and security fixes for packages that
have less than 10 dependent packages.

Nicolas Graves (24):
  gnu: python-django-4.2: Update to 4.2.16. [security fixes]
  gnu: maradns: Update to 3.5.0036. [security fixes]
  gnu: maradns: Improve style.
  gnu: libmobi: Update to 0.12. [security fixes]
  gnu: bart: Update to 0.9.00. [security fixes]
  gnu: wireshark: Update to 4.4.1. [security fixes]
  gnu: pam-u2f: Update to 1.3.0. [security fixes]
  gnu: darkhttpd: Update to 1.16. [security fixes]
  gnu: xlsxio: Update to 0.2.35. [security fixes]
  gnu: pypy: Update to 7.3.17. [security fixes]
  gnu: indent: Remove uneeded arguments.
  gnu: indent: Add patch for CVE-2024-0911. [security fixes]
  gnu: squashfs-tools: Update to 4.6.1. [security fixes]
  gnu: shapelib: Update to 1.6.1. [security fixes]
  gnu: libzapojit: Update to 0.0.3-1.99d49ba. [security fixes]
  gnu: gifsicle: Update to 1.95. [security fixes]
  gnu: sendmail: Update to 8.18.1. [security fixes]
  gnu: openvpn: Update to 2.6.12. [security fixes]
  gnu: youtube-dl: Deprecate package.
  gnu: liblouis: Update to 3.31.0. [security fixes]
  gnu: unicorn: Update to 2.1.1. [security fixes]
  gnu: Add sexpp.
  gnu: rnp: Update to 0.17.1. [security fixes]
  gnu: cjson: Update to 1.7.18. [security fixes]

 gnu/local.mk                                  |  1 +
 gnu/packages/code.scm                         | 31 +-------
 gnu/packages/compression.scm                  | 52 ++++++-------
 gnu/packages/django.scm                       |  8 +-
 gnu/packages/dns.scm                          | 64 ++++++++--------
 gnu/packages/ebook.scm                        |  4 +-
 gnu/packages/emulators.scm                    |  9 ++-
 gnu/packages/geo.scm                          |  8 +-
 gnu/packages/gnome.scm                        | 45 ++++++-----
 gnu/packages/image-processing.scm             |  8 +-
 gnu/packages/image.scm                        |  4 +-
 gnu/packages/javascript.scm                   |  4 +-
 gnu/packages/language.scm                     | 47 ++++++------
 gnu/packages/mail.scm                         |  5 +-
 gnu/packages/networking.scm                   |  4 +-
 gnu/packages/openpgp.scm                      | 76 +++++++++++++------
 .../patches/indent-CVE-2024-0911.patch        | 61 +++++++++++++++
 gnu/packages/pypy.scm                         |  4 +-
 gnu/packages/security-token.scm               |  9 +--
 gnu/packages/video.scm                        |  3 +-
 gnu/packages/vpn.scm                          |  4 +-
 gnu/packages/web.scm                          | 24 +++---
 gnu/packages/xml.scm                          |  4 +-
 23 files changed, 278 insertions(+), 201 deletions(-)
 create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch

-- 
2.46.0
This bug report was last modified 192 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.