From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH core-packages-team 0/4] ungraft curl, cups, libarchive and expat.
Resent-From: Zheng Junjie <z572@z572.online>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 09 May 2025 16:32:02 +0000
Resent-Message-ID: <handler.78337.B.174680828323780@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.174680828323780
          (code B ref -1); Fri, 09 May 2025 16:32:02 +0000
Received: (at submit) by debbugs.gnu.org; 9 May 2025 16:31:23 +0000
Received: from localhost ([127.0.0.1]:38871 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uDQd7-0006BL-Kv
	for submit@debbugs.gnu.org; Fri, 09 May 2025 12:31:22 -0400
Received: from lists.gnu.org ([2001:470:142::17]:40194)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <z572@z572.online>) id 1uDQd4-0006AQ-6A
 for submit@debbugs.gnu.org; Fri, 09 May 2025 12:31:18 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <z572@z572.online>) id 1uDQcw-0005y1-2S
 for guix-patches@gnu.org; Fri, 09 May 2025 12:31:10 -0400
Received: from mail.z572.online ([88.99.160.180])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <z572@z572.online>) id 1uDQcs-00085p-0Y
 for guix-patches@gnu.org; Fri, 09 May 2025 12:31:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me;
 t=1746808679;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=T3eiOxxLKM4tRUku4n0DsPiDCbjibw62z/oqeUumjWA=;
 b=VKxvLLNCyWWIpCVERCiuJG+FRiYWos6qlxqgebIIlg1NyyfnX2LR4cKZgJe/96KlgQ2flP
 timyT06GD5W1gSp/Re9qSe7NhPOtauYyl3hRyrXi2ITzWjEUtAopYnclDdq8+yNsX94Uxs
 jUtqigLExDRISjwl9DpAGAER8G14Zdc=
Received: from m.tailaa68d.ts.net (<unknown> [61.174.159.83])
 by mail.z572.online (OpenSMTPD) with ESMTPSA id 736bab82
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <guix-patches@gnu.org>;
 Fri, 9 May 2025 16:37:59 +0000 (UTC)
From: Zheng Junjie <z572@z572.online>
Date: Sat, 10 May 2025 00:30:57 +0800
Message-ID: <cover.1746808204.git.z572@z572.online>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=88.99.160.180; envelope-from=z572@z572.online;
 helo=mail.z572.online
X-Spam_score_int: 4
X-Spam_score: 0.4
X-Spam_bar: /
X-Spam_report: (0.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=0.5,
 FROM_SUSPICIOUS_NTLD_FP=0.001, PDS_OTHER_BAD_TLD=1.999,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 3.5 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Zheng Junjie (4): gnu: curl: Ungraft. gnu: cups-minimal:
 Ungraft.
 gnu: libarchive: Update to 3.7.7. gnu: expat: Update to 2.7.1. gnu/local.mk
 | 4 -- gnu/packages/backup.scm | 22 +-------- gnu/packages/cups.scm | 13
 +---- gnu/packages/curl.scm | 14 +----- .../patches/expat-CVE-2024-45490.patch
 | 34 .../patches/ex [...] 
 Content analysis details:   (3.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org]
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
 0.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Zheng Junjie (4): gnu: curl: Ungraft. gnu: cups-minimal: Ungraft.
    gnu: libarchive: Update to 3.7.7. gnu: expat: Update to 2.7.1. gnu/local.mk
    | 4 -- gnu/packages/backup.scm | 22 +-------- gnu/packages/cups.scm | 13
   +---- gnu/packages/curl.scm | 14 +----- .../patches/expat-CVE-2024-45490.patch
    | 34 .../patches/ex [...] 
 
 Content analysis details:   (2.5 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2001:470:142:0:0:0:0:17 listed in]
                             [list.dnswl.org]
  1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: z572.online (online)]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
  0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Zheng Junjie (4):
  gnu: curl: Ungraft.
  gnu: cups-minimal: Ungraft.
  gnu: libarchive: Update to 3.7.7.
  gnu: expat: Update to 2.7.1.

 gnu/local.mk                                  |  4 --
 gnu/packages/backup.scm                       | 22 +--------
 gnu/packages/cups.scm                         | 13 +----
 gnu/packages/curl.scm                         | 14 +-----
 .../patches/expat-CVE-2024-45490.patch        | 34 --------------
 .../patches/expat-CVE-2024-45491.patch        | 34 --------------
 .../patches/expat-CVE-2024-45492.patch        | 33 -------------
 ...libarchive-remove-potential-backdoor.patch | 47 -------------------
 gnu/packages/xml.scm                          | 16 +------
 9 files changed, 8 insertions(+), 209 deletions(-)
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45490.patch
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45491.patch
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45492.patch
 delete mode 100644 gnu/packages/patches/libarchive-remove-potential-backdoor.patch


base-commit: 397db982843779f37d540c05d390c059ab9b2549
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH core-packages-team 1/4] gnu: curl: Ungraft.
Resent-From: Zheng Junjie <z572@z572.online>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 09 May 2025 16:52:02 +0000
Resent-Message-ID: <handler.78337.B78337.174680946828381@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680946828381
          (code B ref 78337); Fri, 09 May 2025 16:52:02 +0000
Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:08 +0000
Received: from localhost ([127.0.0.1]:38973 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uDQwG-0007Ne-3f
	for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:08 -0400
Received: from mail.z572.online ([88.99.160.180]:46358)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <z572@z572.online>) id 1uDQwD-0007N1-0o
 for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me;
 t=1746809878;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=KSiag2sG21sMgtN+6va4lW6hkQB5IamyLsXU33Vq+b8=;
 b=X2XNkiwW5TIrUZzKWh4MmGm8cBzvYcGFPm8RxOikwY0j0TprSStk7Cr9vhf6MWwbTfxeqM
 iuPFwsJRTCgzc1SW3cdamgGSiV0Daz8j3jYLj5vorSbDW1o095q30qI0suBmI/Rwo+SkK8
 28grCg+G1RG5ij9ln8KL1XE6r+r9eKk=
Received: from m.tailaa68d.ts.net (<unknown> [61.174.159.83])
 by mail.z572.online (OpenSMTPD) with ESMTPSA id 9a9eb3fb
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>;
 Fri, 9 May 2025 16:57:57 +0000 (UTC)
From: Zheng Junjie <z572@z572.online>
Date: Sat, 10 May 2025 00:50:52 +0800
Message-ID: <ee56a632472701fcb5c8cade15f77676364ad6e1.1746808204.git.z572@z572.online>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1746808204.git.z572@z572.online>
References: <cover.1746808204.git.z572@z572.online>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: * gnu/packages/curl.scm (curl)[replacement]: Remove it.
 [source]:
 Add curl-CVE-2024-8096.patch. * gnu/packages/curl.scm (curl/fixed): Remove
 it. Change-Id: I43e6c1c0c97bc86ce0e4801559eead53a1a07d12 ---
 gnu/packages/curl.scm
 | 14 ++ 1 file changed, 2 insertions(+), 12 deletions(-) 
 Content analysis details:   (2.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [88.99.160.180 listed in sa-trusted.bondedsender.org]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [88.99.160.180 listed in bl.score.senderscore.com]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * gnu/packages/curl.scm (curl)[replacement]: Remove it. [source]:
    Add curl-CVE-2024-8096.patch. * gnu/packages/curl.scm (curl/fixed): Remove
    it. Change-Id: I43e6c1c0c97bc86ce0e4801559eead53a1a07d12 --- gnu/packages/curl.scm
    | 14 ++ 1 file changed, 2 insertions(+), 12 deletions(-) 
 
 Content analysis details:   (1.5 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [88.99.160.180 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                          [88.99.160.180 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: z572.online (online)]
  0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

* gnu/packages/curl.scm (curl)[replacement]: Remove it.
[source]: Add curl-CVE-2024-8096.patch.
* gnu/packages/curl.scm (curl/fixed): Remove it.

Change-Id: I43e6c1c0c97bc86ce0e4801559eead53a1a07d12
---
 gnu/packages/curl.scm | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 3e9cd517a2..ded616a052 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -69,7 +69,6 @@ (define-public curl
   (package
     (name "curl")
     (version "8.6.0")
-    (replacement curl/fixed)
     (source (origin
               (method url-fetch)
               (uri (string-append "https://curl.se/download/curl-"
@@ -77,7 +76,8 @@ (define-public curl
               (sha256
                (base32
                 "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w"))
-              (patches (search-patches "curl-use-ssl-cert-env.patch"))))
+              (patches (search-patches "curl-use-ssl-cert-env.patch"
+                                       "curl-CVE-2024-8096.patch"))))
     (outputs '("out"
                "doc"))                  ;1.2 MiB of man3 pages
     (build-system gnu-build-system)
@@ -179,16 +179,6 @@ (define-public curl
     (license (license:non-copyleft "file://COPYING"
                                    "See COPYING in the distribution."))))
 
-(define-public curl/fixed
-  (hidden-package
-   (package
-     (inherit curl)
-     (replacement curl/fixed)
-     (source (origin
-               (inherit (package-source curl))
-               (patches (append (origin-patches (package-source curl))
-                                (search-patches "curl-CVE-2024-8096.patch"))))))))
-
 (define-public gnurl (deprecated-package "gnurl" curl))
 
 (define-public curl-ssh
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH core-packages-team 2/4] gnu: cups-minimal: Ungraft.
Resent-From: Zheng Junjie <z572@z572.online>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 09 May 2025 16:52:02 +0000
Resent-Message-ID: <handler.78337.B78337.174680947328405@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680947328405
          (code B ref 78337); Fri, 09 May 2025 16:52:02 +0000
Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:13 +0000
Received: from localhost ([127.0.0.1]:38976 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uDQwK-0007O1-LU
	for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:13 -0400
Received: from mail.z572.online ([88.99.160.180]:46358)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <z572@z572.online>) id 1uDQwE-0007N1-NF
 for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me;
 t=1746809880;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=Zuaf+aaIg1TCfQXnXxVvX5fIvWVArK3dj1y7DqBMY4k=;
 b=aYEofaqOUbeUiPMsYfZhbgeRKUlS8wFV8k/UGb2/ycImzi2Sy4c1B0Id2UO8gG+8NuN+TC
 KuKymUeOfKPkN0643PWuNrUZR2VpBAPCrhM9TOlqanh0sOhhDivKfx7fCQG0wdUxtU9TXS
 EzBZIuPcV8YZScBSdFlbNHKUuRGhg1A=
Received: from m.tailaa68d.ts.net (<unknown> [61.174.159.83])
 by mail.z572.online (OpenSMTPD) with ESMTPSA id babfcb5b
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>;
 Fri, 9 May 2025 16:58:00 +0000 (UTC)
From: Zheng Junjie <z572@z572.online>
Date: Sat, 10 May 2025 00:50:53 +0800
Message-ID: <dc1b5354b4f57da1caaf10b78f1e8be92883fd5b.1746808204.git.z572@z572.online>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1746808204.git.z572@z572.online>
References: <cover.1746808204.git.z572@z572.online>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: * gnu/packages/cups.scm (cups-minimal)[replacement]: Remove
 it. [source]: Add cups-minimal-Address-PPD-injection-issues.patch. *
 gnu/packages/cups.scm
 (cups-minimal/fixed): Remove it. Change-Id:
 Icb5295af42b5a84741a73ed4b662bc8736ab6b2b
 --- gnu/packages/cups.scm | 13 ++ 1 file changed, 2 insertions(+),
 11 deletions(-)
 Content analysis details:   (2.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [88.99.160.180 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [88.99.160.180 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * gnu/packages/cups.scm (cups-minimal)[replacement]: Remove
    it. [source]: Add cups-minimal-Address-PPD-injection-issues.patch. * gnu/packages/cups.scm
    (cups-minimal/fixed): Remove it. Change-Id: Icb5295af42b5a84741a73ed4b662bc8736ab6b2b
    --- gnu/packages/cups.scm | 13 ++ 1 file changed, 2 insertions(+), 11 deletions(-)
    
 
 Content analysis details:   (1.5 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [88.99.160.180 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                          [88.99.160.180 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: z572.online (online)]
  0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

* gnu/packages/cups.scm (cups-minimal)[replacement]: Remove it.
[source]: Add cups-minimal-Address-PPD-injection-issues.patch.
* gnu/packages/cups.scm (cups-minimal/fixed): Remove it.

Change-Id: Icb5295af42b5a84741a73ed4b662bc8736ab6b2b
---
 gnu/packages/cups.scm | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 5eb45b97b5..2ef1a56b2f 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -266,7 +266,6 @@ (define-public cups-minimal
   (package
     (name "cups-minimal")
     (version "2.4.9")
-    (replacement cups-minimal/fixed)
     (source
      (origin
        (method git-fetch)
@@ -276,7 +275,8 @@ (define-public cups-minimal
        ;; Avoid NAME confusion: these are the complete CUPS sources.
        (file-name (git-file-name "cups" version))
        (sha256
-        (base32 "08wjd1flyaslhnwvxl39403qi3g675rk532ysiyk6cda4r8ks1g1"))))
+        (base32 "08wjd1flyaslhnwvxl39403qi3g675rk532ysiyk6cda4r8ks1g1"))
+       (patches (search-patches "cups-minimal-Address-PPD-injection-issues.patch"))))
     (build-system gnu-build-system)
     (arguments
      (list #:configure-flags
@@ -356,15 +356,6 @@ (define-public cups-minimal
     ;; CUPS is Apache 2.0 with exceptions, see the NOTICE file.
     (license license:asl2.0)))
 
-(define cups-minimal/fixed
-  (package
-    (inherit cups-minimal)
-    (source
-     (origin
-       (inherit (package-source cups-minimal))
-       (patches
-        (search-patches "cups-minimal-Address-PPD-injection-issues.patch"))))))
-
 (define-public cups
   (package/inherit cups-minimal
     (name "cups")
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH core-packages-team 3/4] gnu: libarchive: Update to 3.7.7.
Resent-From: Zheng Junjie <z572@z572.online>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 09 May 2025 16:52:03 +0000
Resent-Message-ID: <handler.78337.B78337.174680947328413@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680947328413
          (code B ref 78337); Fri, 09 May 2025 16:52:03 +0000
Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:13 +0000
Received: from localhost ([127.0.0.1]:38978 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uDQwL-0007O6-48
	for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:13 -0400
Received: from mail.z572.online ([88.99.160.180]:46358)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <z572@z572.online>) id 1uDQwF-0007N1-H4
 for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me;
 t=1746809882;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=RDBBdIqvqx6vIcPe9vrv9PSHt7cX1p2IY59S5U8G96g=;
 b=h90+hBffjGdnju7DMYj14KaUg7o7hx3lNQmIJg9G5On9SlmY1AUuVliEuRH7ZxRM1ppQsm
 BZfsboyrPO1F7ODGAOFP9U7G217ClPsTG+PYULGqppnPNDpI/c16K6k85Fqc+iMFHgxzRr
 lyggVoAYNXBPD8xvlgesZ0ys/bgln7o=
Received: from m.tailaa68d.ts.net (<unknown> [61.174.159.83])
 by mail.z572.online (OpenSMTPD) with ESMTPSA id 846699dd
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>;
 Fri, 9 May 2025 16:58:01 +0000 (UTC)
From: Zheng Junjie <z572@z572.online>
Date: Sat, 10 May 2025 00:50:54 +0800
Message-ID: <ed609ff8f0c904b00eaffb642b7c13d131a49a60.1746808204.git.z572@z572.online>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1746808204.git.z572@z572.online>
References: <cover.1746808204.git.z572@z572.online>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  * gnu/packages/backup.scm (libarchive): Update to 3.7.7. *
 gnu/packages/backup.scm (libarchive/fixed): Delete variable. *
 gnu/packages/patches/libarchive-remove-potential-backdoor.patch:
 Remove it * g [...] 
 Content analysis details:   (2.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [88.99.160.180 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [88.99.160.180 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * gnu/packages/backup.scm (libarchive): Update to 3.7.7. *
    gnu/packages/backup.scm (libarchive/fixed): Delete variable. * gnu/packages/patches/libarchive-remove-potential-backdoor.patch:
    Remove it * g [...] 
 
 Content analysis details:   (1.5 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [88.99.160.180 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                          [88.99.160.180 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: z572.online (online)]
  0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

* gnu/packages/backup.scm (libarchive): Update to 3.7.7.
* gnu/packages/backup.scm (libarchive/fixed): Delete variable.
* gnu/packages/patches/libarchive-remove-potential-backdoor.patch: Remove it
* gnu/local.mk (dist_patch_DATA): Unregister it.

Change-Id: Ia6474f9dae9a3d1a707d94fcace9bd50b2e3ac4c
---
 gnu/local.mk                                  |  1 -
 gnu/packages/backup.scm                       | 22 +--------
 ...libarchive-remove-potential-backdoor.patch | 47 -------------------
 3 files changed, 2 insertions(+), 68 deletions(-)
 delete mode 100644 gnu/packages/patches/libarchive-remove-potential-backdoor.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 67a41bdbf4..831939f72e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1718,7 +1718,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/liba52-use-mtune-not-mcpu.patch		\
   %D%/packages/patches/libaio-32bit-test.patch                  \
   %D%/packages/patches/libaio-riscv-test5.patch			\
-  %D%/packages/patches/libarchive-remove-potential-backdoor.patch	\
   %D%/packages/patches/libbase-fix-includes.patch		\
   %D%/packages/patches/libbase-use-own-logging.patch		\
   %D%/packages/patches/libbonobo-activation-test-race.patch	\
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index b4aca86774..876167898b 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -263,8 +263,7 @@ (define-public hdup
 (define-public libarchive
   (package
     (name "libarchive")
-    (replacement libarchive/fixed)
-    (version "3.6.1")
+    (version "3.7.7")
     (source
      (origin
        (method url-fetch)
@@ -273,10 +272,9 @@ (define-public libarchive
                   (string-append "https://github.com/libarchive/libarchive"
                                  "/releases/download/v" version "/libarchive-"
                                  version ".tar.xz")))
-       (patches (search-patches "libarchive-remove-potential-backdoor.patch"))
        (sha256
         (base32
-         "1rj8q5v26lxxr8x4b4nqbrj7p06qvl91hb8cdxi3xx3qp771lhas"))))
+         "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7"))))
     (build-system gnu-build-system)
     (inputs
      (list bzip2
@@ -353,22 +351,6 @@ (define-public libarchive
 @command{bsdcat}, @command{bsdcpio} and @command{bsdtar} commands.")
     (license license:bsd-2)))
 
-(define libarchive/fixed
-  (package
-    (inherit libarchive)
-    (version "3.7.7")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (list (string-append "https://libarchive.org/downloads/libarchive-"
-                                 version ".tar.xz")
-                  (string-append "https://github.com/libarchive/libarchive"
-                                 "/releases/download/v" version "/libarchive-"
-                                 version ".tar.xz")))
-       (sha256
-        (base32
-         "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7"))))))
-
 (define-public rdup
   (package
     (name "rdup")
diff --git a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch
deleted file mode 100644
index 2b9a9e2ffe..0000000000
--- a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Remove code added by 'JiaT75', the malicious actor that backdoored `xz`:
-
-https://github.com/libarchive/libarchive/pull/2101
-
-At libarchive, they are reviewing all code contributed by this actor:
-
-https://github.com/libarchive/libarchive/issues/2103
-
-See the original disclosure and subsequent discussion for more
-information about this incident:
-
-https://seclists.org/oss-sec/2024/q1/268
-
-Patch copied from upstream source repository:
-
-https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942
-
-From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001
-From: Ed Maste <emaste@freebsd.org>
-Date: Fri, 29 Mar 2024 18:02:06 -0400
-Subject: [PATCH] tar: make error reporting more robust and use correct errno
- (#2101)
-
-As discussed in #1609.
----
- tar/read.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/tar/read.c b/tar/read.c
-index af3d3f42..a7f14a07 100644
---- a/tar/read.c
-+++ b/tar/read.c
-@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
- 			if (r != ARCHIVE_OK) {
- 				if (!bsdtar->verbose)
- 					safe_fprintf(stderr, "%s", archive_entry_pathname(entry));
--				fprintf(stderr, ": %s: ", archive_error_string(a));
--				fprintf(stderr, "%s", strerror(errno));
-+				safe_fprintf(stderr, ": %s: %s",
-+				    archive_error_string(a),
-+				    strerror(archive_errno(a)));
- 				if (!bsdtar->verbose)
- 					fprintf(stderr, "\n");
- 				bsdtar->return_value = 1;
--- 
-2.41.0
-
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH core-packages-team 4/4] gnu: expat: Update to 2.7.1.
Resent-From: Zheng Junjie <z572@z572.online>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 09 May 2025 16:52:03 +0000
Resent-Message-ID: <handler.78337.B78337.174680947428421@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680947428421
          (code B ref 78337); Fri, 09 May 2025 16:52:03 +0000
Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:14 +0000
Received: from localhost ([127.0.0.1]:38980 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uDQwL-0007OE-O6
	for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:14 -0400
Received: from mail.z572.online ([88.99.160.180]:46358)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <z572@z572.online>) id 1uDQwI-0007N1-5o
 for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me;
 t=1746809883;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=6cHF+Flp5D97rZAupL+8xmeHR32yW+BjfPYVNRfh8HM=;
 b=PMydZL3+yDjheJNYgHEMqzv+TOclqXAjtM925ZeJvX7bf+lQVGS2jDTSdtXIJIHnKxIqP0
 rAAbpmEobifBGo5yPA+tPj96gq85pTb0WjJ0aedxa6W3bVkyCLWH15ocl05ynHcYObIctc
 5meVC74jpNz9lK12B/h4nL8PetKTe5E=
Received: from m.tailaa68d.ts.net (<unknown> [61.174.159.83])
 by mail.z572.online (OpenSMTPD) with ESMTPSA id 6f6ce7a4
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>;
 Fri, 9 May 2025 16:58:03 +0000 (UTC)
From: Zheng Junjie <z572@z572.online>
Date: Sat, 10 May 2025 00:50:55 +0800
Message-ID: <3b47e053512b58a4664503357f6a871e0c2a66e3.1746808204.git.z572@z572.online>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1746808204.git.z572@z572.online>
References: <cover.1746808204.git.z572@z572.online>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: * gnu/packages/xml.scm (expat): Update to 2.7.1.
 (expat/fixed):
 Remove it. * gnu/packages/patches/expat-CVE-2024-45490.patch: Remove it.
 * gnu/packages/patches/expat-CVE-2024-45491.patch: Remove it. * [...] 
 Content analysis details:   (2.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [88.99.160.180 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [88.99.160.180 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.5 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  * gnu/packages/xml.scm (expat): Update to 2.7.1. (expat/fixed):
    Remove it. * gnu/packages/patches/expat-CVE-2024-45490.patch: Remove it.
   * gnu/packages/patches/expat-CVE-2024-45491.patch: Remove it. * [...] 
 
 Content analysis details:   (1.5 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                             [88.99.160.180 listed in bl.score.senderscore.com]
  0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                             query to Validity was blocked.  See
                             https://knowledge.validity.com/hc/en-us/articles/20961730681243
                              for more information.
                          [88.99.160.180 listed in sa-trusted.bondedsender.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
                             [URI: z572.online (online)]
  0.5 FROM_SUSPICIOUS_NTLD   From abused NTLD
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

* gnu/packages/xml.scm (expat): Update to 2.7.1.
(expat/fixed): Remove it.
* gnu/packages/patches/expat-CVE-2024-45490.patch: Remove it.
* gnu/packages/patches/expat-CVE-2024-45491.patch: Remove it.
* gnu/packages/patches/expat-CVE-2024-45492.patch: Remove it.
* gnu/local.mk (dist_patch_DATA): Unregister them.

Change-Id: Ia0bc5da202afba0636032e4f4e10051778214944
---
 gnu/local.mk                                  |  3 --
 .../patches/expat-CVE-2024-45490.patch        | 34 -------------------
 .../patches/expat-CVE-2024-45491.patch        | 34 -------------------
 .../patches/expat-CVE-2024-45492.patch        | 33 ------------------
 gnu/packages/xml.scm                          | 16 ++-------
 5 files changed, 2 insertions(+), 118 deletions(-)
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45490.patch
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45491.patch
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45492.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 831939f72e..c15ef425ca 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1258,9 +1258,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/esmini-use-pkgconfig.patch		\
   %D%/packages/patches/esmtp-add-lesmtp.patch		\
   %D%/packages/patches/exercism-disable-self-update.patch	\
-  %D%/packages/patches/expat-CVE-2024-45490.patch	\
-  %D%/packages/patches/expat-CVE-2024-45491.patch	\
-  %D%/packages/patches/expat-CVE-2024-45492.patch	\
   %D%/packages/patches/extempore-unbundle-external-dependencies.patch	\
   %D%/packages/patches/extundelete-e2fsprogs-1.44.patch		\
   %D%/packages/patches/fail2ban-paths-guix-conf.patch		\
diff --git a/gnu/packages/patches/expat-CVE-2024-45490.patch b/gnu/packages/patches/expat-CVE-2024-45490.patch
deleted file mode 100644
index f876e78651..0000000000
--- a/gnu/packages/patches/expat-CVE-2024-45490.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf.patch
-Fixed in 2.6.3.
-Takes only 1 of the 3 patches from
-https://github.com/libexpat/libexpat/pull/890 to take the fix and not the
-tests because that part doesn't apply cleanly.
-
-From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 19 Aug 2024 22:26:07 +0200
-Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
-
-Reported by TaiYou
-
----
- expat/lib/xmlparse.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 91682c188..ba1038119 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2038,6 +2038,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) {
- 
-   if (parser == NULL)
-     return XML_STATUS_ERROR;
-+
-+  if (len < 0) {
-+    parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
-+    return XML_STATUS_ERROR;
-+  }
-+
-   switch (parser->m_parsingStatus.parsing) {
-   case XML_SUSPENDED:
-     parser->m_errorCode = XML_ERROR_SUSPENDED;
diff --git a/gnu/packages/patches/expat-CVE-2024-45491.patch b/gnu/packages/patches/expat-CVE-2024-45491.patch
deleted file mode 100644
index 8ff10559bf..0000000000
--- a/gnu/packages/patches/expat-CVE-2024-45491.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://github.com/libexpat/libexpat/commit/8e439a9947e9dc80a395c0c7456545d8d9d9e421.patch
-Fixed in 2.6.3.
-
-From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 19 Aug 2024 22:34:13 +0200
-Subject: [PATCH] lib: Detect integer overflow in dtdCopy
-
-Reported by TaiYou
----
- expat/lib/xmlparse.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 91682c188..e2327bdcf 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
-     if (! newE)
-       return 0;
-     if (oldE->nDefaultAtts) {
-+      /* Detect and prevent integer overflow.
-+       * The preprocessor guard addresses the "always false" warning
-+       * from -Wtype-limits on platforms where
-+       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
-+#if UINT_MAX >= SIZE_MAX
-+      if ((size_t)oldE->nDefaultAtts
-+          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
-+        return 0;
-+      }
-+#endif
-       newE->defaultAtts
-           = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
-       if (! newE->defaultAtts) {
diff --git a/gnu/packages/patches/expat-CVE-2024-45492.patch b/gnu/packages/patches/expat-CVE-2024-45492.patch
deleted file mode 100644
index 852a9b3f59..0000000000
--- a/gnu/packages/patches/expat-CVE-2024-45492.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://github.com/libexpat/libexpat/commit/9bf0f2c16ee86f644dd1432507edff94c08dc232.patch
-Fixed in 2.6.3.
-
-From 9bf0f2c16ee86f644dd1432507edff94c08dc232 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 19 Aug 2024 22:37:16 +0200
-Subject: [PATCH] lib: Detect integer overflow in function nextScaffoldPart
-
-Reported by TaiYou
----
- expat/lib/xmlparse.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 91682c188..f737575ea 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -7558,6 +7558,15 @@ nextScaffoldPart(XML_Parser parser) {
-   int next;
- 
-   if (! dtd->scaffIndex) {
-+    /* Detect and prevent integer overflow.
-+     * The preprocessor guard addresses the "always false" warning
-+     * from -Wtype-limits on platforms where
-+     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
-+#if UINT_MAX >= SIZE_MAX
-+    if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
-+      return -1;
-+    }
-+#endif
-     dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int));
-     if (! dtd->scaffIndex)
-       return -1;
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index f29d5d2adc..5eb9be68c7 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -127,8 +127,7 @@ (define-public libxmlb
 (define-public expat
   (package
     (name "expat")
-    (version "2.5.0")
-    (replacement expat/fixed)
+    (version "2.7.1")
     (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
               (origin
                 (method url-fetch)
@@ -140,7 +139,7 @@ (define-public expat
                             "/expat-" version ".tar.xz")))
                 (sha256
                  (base32
-                  "1gnwihpfz4x18rwd6cbrdggmfqjzwsdfh1gpmc0ph21c4gq2097g")))))
+                  "0c3w446jrrnss3ccgx9z590lpwbpxiqdbxv2a0p036cg9da54i9m")))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases
@@ -164,17 +163,6 @@ (define-public expat
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
-(define-public expat/fixed
- (hidden-package
-  (package
-    (inherit expat)
-    (replacement expat/fixed)
-    (source (origin
-              (inherit (package-source expat))
-              (patches (search-patches "expat-CVE-2024-45490.patch"
-                                       "expat-CVE-2024-45491.patch"
-                                       "expat-CVE-2024-45492.patch")))))))
-
 (define-public libebml
   (package
     (name "libebml")
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 1/6] gnu: curl: Ungraft.
References: <cover.1746808204.git.z572@z572.online>
In-Reply-To: <cover.1746808204.git.z572@z572.online>
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: z572@z572.online, guix-patches@gnu.org
Resent-Date: Tue, 20 May 2025 02:59:02 +0000
Resent-Message-ID: <handler.78337.B78337.17477099261743@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Cc: Zheng Junjie <z572@z572.online>, Maxim Cournoyer <maxim.cournoyer@gmail.com>, Zheng Junjie <z572@z572.online>
X-Debbugs-Original-Xcc: Zheng Junjie <z572@z572.online>
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099261743
          (code B ref 78337); Tue, 20 May 2025 02:59:02 +0000
Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:58:46 +0000
Received: from localhost ([127.0.0.1]:50161 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHDBm-0000S3-BE
	for submit@debbugs.gnu.org; Mon, 19 May 2025 22:58:46 -0400
Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]:55420)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1uHDBh-0000R3-7u
 for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:44 -0400
Received: by mail-pj1-x1030.google.com with SMTP id
 98e67ed59e1d1-30dfd9e7fa8so6384456a91.2
 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747709915; x=1748314715; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=zyKSS4rIi1rg0owHCrkWT/qIp8VkGDajCWnCoR4imUk=;
 b=Jh0URjQTFRmQfeCicMQoGZn+W7ViaCYByOqxRaqiA+DT92TBEAjAYrvwALCqpZBCzn
 21SarSENKtg2pGzArPMCumuTEgK4iUXBhMvAQY3My1TmAWHTrdVjNG/c62f+6xodhQ9y
 6czkgzNg/nfZmF9K23MDLsc7q7rUcOELnaXf3LPlc/K3cwtCSt6RZSZqy96WGbkBj/wR
 LbiKwWXrd6k2tByWuZK7sO/kxoLki8idMfh8D1+5gM6v+sYiKadns5tZpS2z6sEduMiI
 lid4BcdGmF7QR0HJOpirwtDAnPsjTevsLiwq+5rSCBJxa4AGY7iBirLAzRWszOXYOZ77
 DYVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747709915; x=1748314715;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=zyKSS4rIi1rg0owHCrkWT/qIp8VkGDajCWnCoR4imUk=;
 b=TKmr7RrxwlylPvUANw2s0UL6uaOsObKDNDndp9W4OCFmmuR2n4NTEMb0ZpQKMha4oW
 zBu/xJwgtiugozTO/9aKozFXaRM+b38nDIq0RjiYPru8HtKMO9JLXvzFpSQEB5zFdEiK
 swZAg8TG7/HHKs04ZSoR33Qwtg3UdjO7UeR+658n8cyBmlE0IUaebTOTB+gs1ASsUMVO
 DjILTYpljx0JovLcmb5TvETQTJkmMepo4fDzpI+GhGF4yCNFogFKZrwzKc2rfQTdjq8y
 0AWaJ1UJvsER+D8TXD34o9fepXaQ+haQPDtvpmlTZO7JhCk5o2/56o1TwZ1XR+WDJN+l
 Vc/A==
X-Gm-Message-State: AOJu0YxH60OjQVC4jgKU8WMO2W8o4z7HuCasXo83VKV8/diEuOK3zmFm
 TQOT8yRn51TklRAx6+6xLzRn+pNPZ7TTkptPoy7cLtVdeQb6NBrTIg0SYiRoCw==
X-Gm-Gg: ASbGncusgiRjMXW0RF5FBOOEyVhloICjRNmhyoEaoV3MWxscfyk7KJxiDMDs/JDKw/q
 qLHQMe3Rx8jgN9NEAWvDsKPvK+eagnnIfKuoHM1dkjDIhhoMrjjuJuY+KmqJgLKmaFD00gHWD0+
 SgP5OMF/QPNunhxgyC9MGAi/4bdawcUFoicciPyqP3pkPA/SbfquKo2zIYntdOP92QEk/ia6XsK
 kVBCVBg8mHeab2b1wK8Goq+6ESLhDqfR/jCKp5eaai3W7C9Z9vlNJANQZdKU7Fjk9nEt5S++JvZ
 68XBiZ1x1MgSWakSJM9s9VroffSrdtJGISKV3MP5Pklwtnsl9zZasuKZFenwgVlxhcA1qE8=
X-Google-Smtp-Source: AGHT+IFQLKwpCGPQ73WoPzB27RurV4/P0kmbfzoo+kWIP9uK3Zp7qpQVR8EN21oHi8RzZrv2zTcxJw==
X-Received: by 2002:a17:90b:3c90:b0:2ff:6af3:b5fa with SMTP id
 98e67ed59e1d1-30e8322592emr19182747a91.22.1747709914502; 
 Mon, 19 May 2025 19:58:34 -0700 (PDT)
Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.32
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 19 May 2025 19:58:34 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue, 20 May 2025 11:58:11 +0900
Message-ID: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Zheng Junjie <z572@z572.online> * gnu/packages/curl.scm
 (curl)[replacement]: Remove it. [source]: Add curl-CVE-2024-8096.patch. *
 gnu/packages/curl.scm (curl/fixed): Remove it. Change-Id:
 I43e6c1c0c97bc86ce0e4801559eead53a1a07d12
 Signed-off-by: Maxim Cournoyer --- gnu/packages/curl.scm | 14 ++ 1 file
 changed, 2 insertions(+), 12 deletions(-) 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:1030 listed in]
 [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (maxim.cournoyer[at]gmail.com)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

From: Zheng Junjie <z572@z572.online>

* gnu/packages/curl.scm (curl)[replacement]: Remove it.
[source]: Add curl-CVE-2024-8096.patch.
* gnu/packages/curl.scm (curl/fixed): Remove it.

Change-Id: I43e6c1c0c97bc86ce0e4801559eead53a1a07d12
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
---
 gnu/packages/curl.scm | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 3e9cd517a2..ded616a052 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -69,7 +69,6 @@ (define-public curl
   (package
     (name "curl")
     (version "8.6.0")
-    (replacement curl/fixed)
     (source (origin
               (method url-fetch)
               (uri (string-append "https://curl.se/download/curl-"
@@ -77,7 +76,8 @@ (define-public curl
               (sha256
                (base32
                 "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w"))
-              (patches (search-patches "curl-use-ssl-cert-env.patch"))))
+              (patches (search-patches "curl-use-ssl-cert-env.patch"
+                                       "curl-CVE-2024-8096.patch"))))
     (outputs '("out"
                "doc"))                  ;1.2 MiB of man3 pages
     (build-system gnu-build-system)
@@ -179,16 +179,6 @@ (define-public curl
     (license (license:non-copyleft "file://COPYING"
                                    "See COPYING in the distribution."))))
 
-(define-public curl/fixed
-  (hidden-package
-   (package
-     (inherit curl)
-     (replacement curl/fixed)
-     (source (origin
-               (inherit (package-source curl))
-               (patches (append (origin-patches (package-source curl))
-                                (search-patches "curl-CVE-2024-8096.patch"))))))))
-
 (define-public gnurl (deprecated-package "gnurl" curl))
 
 (define-public curl-ssh

base-commit: e7d73a08d569904f8a71db5b84f5fafaf0dff188
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 3/6] gnu: curl: Enable zstd support.
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: z572@z572.online, guix-patches@gnu.org
Resent-Date: Tue, 20 May 2025 02:59:02 +0000
Resent-Message-ID: <handler.78337.B78337.17477099321785@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>, Zheng Junjie <z572@z572.online>
X-Debbugs-Original-Xcc: Zheng Junjie <z572@z572.online>
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099321785
          (code B ref 78337); Tue, 20 May 2025 02:59:02 +0000
Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:58:52 +0000
Received: from localhost ([127.0.0.1]:50168 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHDBr-0000Sd-SC
	for submit@debbugs.gnu.org; Mon, 19 May 2025 22:58:52 -0400
Received: from mail-pf1-x431.google.com ([2607:f8b0:4864:20::431]:61867)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1uHDBn-0000Rm-GL
 for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:47 -0400
Received: by mail-pf1-x431.google.com with SMTP id
 d2e1a72fcca58-73972a54919so4847407b3a.3
 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747709920; x=1748314720; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=8A78zwhd7cCGVb5R8Hx7HZogHtXwo2AOs59mAGiwYPA=;
 b=IoQ6eui+jrwMOiZ3IoAR6HYemeANlEWB9KWtH9/Rqc5ef6nFLjc+fuy322KLuwDVUH
 +Gt0zvMw9JEqdgFJyZMESfUtgzZO+oGJwa7ii4DRMggY4wAi0RN5jegkd2SGBZqkRDym
 gJfQYs3qS0O34i7VHH3dDDH2yJ/I/DPCXkJ5tgsMxow1DEX9+N3m1LLfFRQTljIn1C6E
 OPvbfgNccY1hJDcR1nkjt/bPzEA9IuGC/jpDydopUtKKklosSv/iYv7BcdulVNwmW19E
 QWyQ7Yw9NmgkbI6AL81dxetj+L8hN6PBKCYd8PShuW2c6hsJbHaT+/XlewXOqi0GOqgM
 VCTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747709920; x=1748314720;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=8A78zwhd7cCGVb5R8Hx7HZogHtXwo2AOs59mAGiwYPA=;
 b=Yum0cAsk70NHgB3K4wN8Hq/nGlIaMG/VTEw6bS88XIFCyhn5zq3W2KZbDUeqHfw5TR
 PkoaEtVGBL/CezFTbmGu5mmi+5vjB6c3Hj/l9oO8werht9FJHChaWrs68Isfn9prfZeo
 gH13W47sZFw7SJUpMnAaIbzge42AMSefFDywdLmBLrH5Z7TwsPGWnD6u0gbE0I3AUlbY
 8ZXbDlYsK+rM3sm4FRaQgeqxmvxpYbN2TPTdZKmc99Yrh8w8lw48WpK+vdiPkORoJyPQ
 KAMpth4IlKii5gyMzQ3W3WImSwZ7skivkdSYWtO385JNifL0lzW3ja7DiTVWUk+hT9lU
 bzng==
X-Gm-Message-State: AOJu0YxmGHWZ/712Eo+1Ebs0O9evEL9f+7PIN35vcwvTDW6tpNceSPfU
 0hanq0mpViQkvyAOCYD8nRnQn88FHR965VgbGLD0TsrVWSsp/tIIofsCAioE4A==
X-Gm-Gg: ASbGncsBrTcQCtlqk23XNr8GZ1bO7SKzUDOhF1Yra92b6nyTcWTiAC8uzf3eUYftSmi
 NiEfZjp6Nu/YOFEr/65cmRc7PTsROgy8+Yu94irOgjvsuNArq7rH56iwDCPLUXPU3fUD3T5oIU1
 76EBcOpSvkhcHQDAJYvG5PoFWVQ6sj7iEIEL+mFMjlMVziZ3EBSvuRJKwOBjp7YYa3dZeSzLwfj
 3mKlDD8WgdKngMOsiMn+7P79geH/i2tWLmKIXqUhp/r01v5ema2nGoMPnjtdvNrm8NwYGmGYYt7
 C8i0GzJkbeYH4wYatFgEkMNZLNDOM8ZAWS5c1gxQNEqOEGeTY3XOlVgDtbViN8qSZnzFz2g=
X-Google-Smtp-Source: AGHT+IEFUlxlIzxFcGqsfS97mqM9tp5Oj5RHwBfB/jCFC2o7bYxiGrpEL3/Va6AU5HnGn3hR+yZ74w==
X-Received: by 2002:a05:6a21:8883:b0:217:feb5:631d with SMTP id
 adf61e73a8af0-217feb5636amr16783116637.26.1747709920317; 
 Mon, 19 May 2025 19:58:40 -0700 (PDT)
Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 19 May 2025 19:58:39 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue, 20 May 2025 11:58:13 +0900
Message-ID: <3fd60a1b3610e350ba274911fa830812e95f80a8.1747709896.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/curl.scm [inputs]: Add zstd:lib.

Change-Id: I48e1099c3a445bcbdeaf16c5a79d956bd1b51307
---
 gnu/packages/curl.scm | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index caeefd9168..2b90759bf4 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -152,9 +152,19 @@ (define-public curl
                           (close port)))))
                  #~()))))
     (native-inputs
-     (list nghttp2 perl pkg-config python-minimal-wrapper))
+     (list nghttp2
+           perl
+           pkg-config
+           python-minimal-wrapper))
     (inputs
-     (list gnutls libidn libpsl libssh2 mit-krb5 `(,nghttp2 "lib") zlib))
+     (list gnutls
+           libidn
+           libpsl
+           libssh2
+           mit-krb5
+           `(,nghttp2 "lib")
+           zlib
+           `(,zstd "lib")))
     (native-search-paths
      ;; These variables are introduced by curl-use-ssl-cert-env.patch.
      (list $SSL_CERT_DIR
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 2/6] gnu: curl: Update to 8.13.0 and ungraft [fixes CVE-2025-0725].
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: z572@z572.online, guix-patches@gnu.org
Resent-Date: Tue, 20 May 2025 02:59:03 +0000
Resent-Message-ID: <handler.78337.B78337.17477099341800@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>, Zheng Junjie <z572@z572.online>
X-Debbugs-Original-Xcc: Zheng Junjie <z572@z572.online>
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099341800
          (code B ref 78337); Tue, 20 May 2025 02:59:03 +0000
Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:58:54 +0000
Received: from localhost ([127.0.0.1]:50170 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHDBs-0000Sk-FU
	for submit@debbugs.gnu.org; Mon, 19 May 2025 22:58:54 -0400
Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]:47498)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1uHDBk-0000RO-Df
 for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:48 -0400
Received: by mail-pj1-x1030.google.com with SMTP id
 98e67ed59e1d1-30e542e4187so3769399a91.3
 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747709917; x=1748314717; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=3LKtslSuKjcXw/cKfb1KPcSthVdNMItZ4JyC3P/0Bxg=;
 b=HSHUjvUdmOIr/HeRL7fv9OnqKJcN4am5U7njOiivzK7GELtM9zij2Jog1w7oVqG6i5
 ctgxEd2IK6X52+c+5Uhmdfq0kIh7eo+zOJy0/haHZwc0HlBQYf9NJDH2KLVXNVqPKHuW
 w4PUrSfvB4iscr2CBnxkiR2BZvqpvTdKUtCSg3fQSq/WjGxZtdG5NI5IeS9bApN5iFo0
 C1anUCL2wguF7MCOF4VrCtSHRsZngi65GTDurJjrQ9inqtPvgXLocVqoHGiyJwD0Cn8h
 hqYVpu3VElOqe1eZNRuJBWCOdAmRrJx2ySfeH2/FZf/MLlkFNm+JrmeQIYy4CmqUd4p0
 q3gQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747709917; x=1748314717;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=3LKtslSuKjcXw/cKfb1KPcSthVdNMItZ4JyC3P/0Bxg=;
 b=ZxKH1cOFEE6lodE51N8iX229L9p+0n2KT9rKF3p5YRbZUzzBsgTfeG39D0ySk02TO/
 t/6DR/qkG7w2HzC9qDH0wEQDkTIKUHl9Nu0A7B4j4Z6aOj4IQEozuLoTHWFra4UEuITM
 1L/TOIvVmUIO4xNMIo30vf4Z8SCE1wp23VrbdeLdZiRHXcucJ4bs0WtHnxHlBr9u/VPN
 CuMXF3+y0tgvG6NStAvoiiEUHTZ1CZ0OaCRQn/fDM8s0+5F0l9nBIlD1KF3pvIh7i4Sx
 076+3h1t5M2tsr1iNlQuHKSuxyN3YxsML3YZRE7x97aH7x7VZhxnn9KC5dL4vfkR6wQS
 sgmQ==
X-Gm-Message-State: AOJu0Yys8OcmY3Ml2+UnxwZbYMIw4x7hQBCcRlnLNytlTfRJRFdGSGH1
 ws1kHNANEDNevS3Sny2WO+u8zslMYiV8MR9w7s9fYPZZ2Y3PeohMzqMPRmhfZw==
X-Gm-Gg: ASbGncvcqB/CcFOkHZxvv+PvoDhfmNE7bd+bHNw3B6zStOcqYm13VmaxhyAfZCuJPf4
 Vj1ptQq7hqBflnLL4L+tH3QIbtHcUVWqP2LJPMCt33t2hvQVC4ZM3mBQ88bqkN4YjsEHRfv5N1c
 KX912ZEVxEdtF0BvyyDqBo/6WFsSjgCbODnXPpOWQypOlcEUXiKO3Vo3tk9oVoCpeJPE00UK8lR
 vjdGwFhnFZNR8YY0grT9uluDpj3jH3PjX/54K65kYFmbrzrFpR4u5sc1yGqM1fssn5jla+I37Bk
 5xSqKczIPbRmzf6+jmJjSA7PrNmp/lCWaJdEuCp3V8ujPV5umfWfaL3HZnjfBvnxT5bFx7poYWF
 DZgmLCQ==
X-Google-Smtp-Source: AGHT+IHqbY0VMrgiyJ76QDeNzrvIcCbUW6KbnxrzhvzVd8qTkSyO4TjGpldjBI3ymp3sTTpiqoGiyQ==
X-Received: by 2002:a17:90b:1648:b0:2ff:698d:ef7c with SMTP id
 98e67ed59e1d1-30e7d5bd935mr23452181a91.29.1747709917404; 
 Mon, 19 May 2025 19:58:37 -0700 (PDT)
Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.36
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 19 May 2025 19:58:36 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue, 20 May 2025 11:58:12 +0900
Message-ID: <d8c35c9e396637c5f23c02f13e49b4f67f88584c.1747709896.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/curl.scm (curl): Update to 8.13.0.
[replacement]: Delete field.
[arguments]
<#:configure-flags>: Add --with-libssh2.
<#:phases>: Streamline check phase override, and newly skip a few new tests.
[native-inputs]: Add libssh2.
(curl/fixed): Delete variable.
* gnu/packages/patches/curl-CVE-2024-8096.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): De-register it.

Change-Id: I8e1a8516e78370645e4148d33e57114f98a26404
---
 gnu/local.mk                                  |   1 -
 gnu/packages/curl.scm                         |  39 ++--
 gnu/packages/patches/curl-CVE-2024-8096.patch | 200 ------------------
 3 files changed, 20 insertions(+), 220 deletions(-)
 delete mode 100644 gnu/packages/patches/curl-CVE-2024-8096.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 3730d272ea..0cbe521c73 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1158,7 +1158,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/csvkit-set-locale-for-tests.patch			\
   %D%/packages/patches/cube-nocheck.patch			\
   %D%/packages/patches/cups-minimal-Address-PPD-injection-issues.patch	\
-  %D%/packages/patches/curl-CVE-2024-8096.patch			\
   %D%/packages/patches/curl-use-ssl-cert-env.patch		\
   %D%/packages/patches/curlftpfs-fix-error-closing-file.patch	\
   %D%/packages/patches/curlftpfs-fix-file-names.patch		\
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index ded616a052..caeefd9168 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -17,6 +17,7 @@
 ;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com>
 ;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com>
 ;;; Copyright © 2024 Ashish SHUKLA <ashish.is@lostca.se>
+;;; Copyright © 2024, 2025 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -68,21 +69,22 @@ (define-module (gnu packages curl)
 (define-public curl
   (package
     (name "curl")
-    (version "8.6.0")
+    (version "8.13.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://curl.se/download/curl-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "05fv468yjrb7qwrxmfprxkrcckbkij0myql0vwwnalgr3bcmbk9w"))
-              (patches (search-patches "curl-use-ssl-cert-env.patch"
-                                       "curl-CVE-2024-8096.patch"))))
+                "09902ng7lbydbsm6yb03g0p7y03i4yilj1f0zgi2vl62ldwkj2aa"))
+              (patches (search-patches "curl-use-ssl-cert-env.patch"))))
     (outputs '("out"
                "doc"))                  ;1.2 MiB of man3 pages
     (build-system gnu-build-system)
     (arguments
      (list
+      #:modules `((ice-9 format)
+                  ,@%default-gnu-modules)
       #:disallowed-references '("doc")
       #:configure-flags
       #~(list "--with-gnutls"
@@ -90,6 +92,7 @@ (define-public curl
                              (dirname (dirname
                                        (search-input-file
                                         %build-inputs "lib/libgssrpc.so"))))
+              "--with-libssh2"
               "--disable-static")
       #:test-target "test-nonflaky"     ;avoid tests marked as "flaky"
       #:phases
@@ -116,20 +119,18 @@ (define-public curl
                                    (if parallel-tests?
                                        (number->string (parallel-job-count))
                                        "1")))
-                       ;; Ignore test 1477 due to a missing file in the 8.5.0
-                       ;; release.  See
-                       ;; <https://github.com/curl/curl/issues/12462>.
-                       (arguments `("-C" "tests" "test"
-                                    ,@make-flags
-                                    ,(if #$(or (system-hurd?)
-                                               (target-arm32?)
-                                               (target-aarch64?))
-                                         ;; protocol FAIL
-                                         (string-append "TFLAGS=~1474 "
-                                                        "!1477 "
-                                                        job-count)
-                                         (string-append "TFLAGS=\"~1477 "
-                                                        job-count "\"")))))
+                       (failing-tests
+                        '( 962 963 964 965 966 967 1474 ;protocol FAIL
+                           ;; Unknown reason.
+                           165 1448 2046 2047
+                           ;; Mismatch in expected output, perhaps
+                           ;; caused by different nginx version used.
+                           1700 1701 1702 2402 2403 2404 2405))
+                       (arguments
+                        `("-C" "tests" "test"
+                          ,@make-flags
+                          ,(format #f "TFLAGS=~a ~{~~~a ~}"
+                                   job-count failing-tests))))
                   ;; The top-level "make check" does "make -C tests quiet-test", which
                   ;; is too quiet.  Use the "test" target instead, which is more
                   ;; verbose.
@@ -153,7 +154,7 @@ (define-public curl
     (native-inputs
      (list nghttp2 perl pkg-config python-minimal-wrapper))
     (inputs
-     (list gnutls libidn libpsl mit-krb5 `(,nghttp2 "lib") zlib))
+     (list gnutls libidn libpsl libssh2 mit-krb5 `(,nghttp2 "lib") zlib))
     (native-search-paths
      ;; These variables are introduced by curl-use-ssl-cert-env.patch.
      (list $SSL_CERT_DIR
diff --git a/gnu/packages/patches/curl-CVE-2024-8096.patch b/gnu/packages/patches/curl-CVE-2024-8096.patch
deleted file mode 100644
index 0f780f08c3..0000000000
--- a/gnu/packages/patches/curl-CVE-2024-8096.patch
+++ /dev/null
@@ -1,200 +0,0 @@
-From aeb1a281cab13c7ba791cb104e556b20e713941f Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 20 Aug 2024 16:14:39 +0200
-Subject: [PATCH] gtls: fix OCSP stapling management
-
-Reported-by: Hiroki Kurosawa
-Closes #14642
----
- lib/vtls/gtls.c | 146 ++++++++++++++++++++++++------------------------
- 1 file changed, 73 insertions(+), 73 deletions(-)
-
-diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
-index 03d6fcc038aac3..c7589d9d39bc81 100644
---- a/lib/vtls/gtls.c
-+++ b/lib/vtls/gtls.c
-@@ -850,6 +850,13 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf,
-   init_flags |= GNUTLS_NO_TICKETS;
- #endif
- 
-+#if defined(GNUTLS_NO_STATUS_REQUEST)
-+  if(!config->verifystatus)
-+    /* Disable the "status_request" TLS extension, enabled by default since
-+       GnuTLS 3.8.0. */
-+    init_flags |= GNUTLS_NO_STATUS_REQUEST;
-+#endif
-+
-   rc = gnutls_init(&gtls->session, init_flags);
-   if(rc != GNUTLS_E_SUCCESS) {
-     failf(data, "gnutls_init() failed: %d", rc);
-@@ -1321,104 +1328,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
-     infof(data, "  server certificate verification SKIPPED");
- 
-   if(config->verifystatus) {
--    if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) {
--      gnutls_datum_t status_request;
--      gnutls_ocsp_resp_t ocsp_resp;
-+    gnutls_datum_t status_request;
-+    gnutls_ocsp_resp_t ocsp_resp;
-+    gnutls_ocsp_cert_status_t status;
-+    gnutls_x509_crl_reason_t reason;
- 
--      gnutls_ocsp_cert_status_t status;
--      gnutls_x509_crl_reason_t reason;
-+    rc = gnutls_ocsp_status_request_get(session, &status_request);
- 
--      rc = gnutls_ocsp_status_request_get(session, &status_request);
-+    if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
-+      failf(data, "No OCSP response received");
-+      return CURLE_SSL_INVALIDCERTSTATUS;
-+    }
- 
--      infof(data, " server certificate status verification FAILED");
-+    if(rc < 0) {
-+      failf(data, "Invalid OCSP response received");
-+      return CURLE_SSL_INVALIDCERTSTATUS;
-+    }
- 
--      if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
--        failf(data, "No OCSP response received");
--        return CURLE_SSL_INVALIDCERTSTATUS;
--      }
-+    gnutls_ocsp_resp_init(&ocsp_resp);
- 
--      if(rc < 0) {
--        failf(data, "Invalid OCSP response received");
--        return CURLE_SSL_INVALIDCERTSTATUS;
--      }
-+    rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
-+    if(rc < 0) {
-+      failf(data, "Invalid OCSP response received");
-+      return CURLE_SSL_INVALIDCERTSTATUS;
-+    }
- 
--      gnutls_ocsp_resp_init(&ocsp_resp);
-+    (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
-+                                      &status, NULL, NULL, NULL, &reason);
- 
--      rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
--      if(rc < 0) {
--        failf(data, "Invalid OCSP response received");
--        return CURLE_SSL_INVALIDCERTSTATUS;
--      }
-+    switch(status) {
-+    case GNUTLS_OCSP_CERT_GOOD:
-+      break;
- 
--      (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
--                                        &status, NULL, NULL, NULL, &reason);
-+    case GNUTLS_OCSP_CERT_REVOKED: {
-+      const char *crl_reason;
- 
--      switch(status) {
--      case GNUTLS_OCSP_CERT_GOOD:
-+      switch(reason) {
-+      default:
-+      case GNUTLS_X509_CRLREASON_UNSPECIFIED:
-+        crl_reason = "unspecified reason";
-         break;
- 
--      case GNUTLS_OCSP_CERT_REVOKED: {
--        const char *crl_reason;
--
--        switch(reason) {
--          default:
--          case GNUTLS_X509_CRLREASON_UNSPECIFIED:
--            crl_reason = "unspecified reason";
--            break;
--
--          case GNUTLS_X509_CRLREASON_KEYCOMPROMISE:
--            crl_reason = "private key compromised";
--            break;
--
--          case GNUTLS_X509_CRLREASON_CACOMPROMISE:
--            crl_reason = "CA compromised";
--            break;
--
--          case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED:
--            crl_reason = "affiliation has changed";
--            break;
-+      case GNUTLS_X509_CRLREASON_KEYCOMPROMISE:
-+        crl_reason = "private key compromised";
-+        break;
- 
--          case GNUTLS_X509_CRLREASON_SUPERSEDED:
--            crl_reason = "certificate superseded";
--            break;
-+      case GNUTLS_X509_CRLREASON_CACOMPROMISE:
-+        crl_reason = "CA compromised";
-+        break;
- 
--          case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION:
--            crl_reason = "operation has ceased";
--            break;
-+      case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED:
-+        crl_reason = "affiliation has changed";
-+        break;
- 
--          case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD:
--            crl_reason = "certificate is on hold";
--            break;
-+      case GNUTLS_X509_CRLREASON_SUPERSEDED:
-+        crl_reason = "certificate superseded";
-+        break;
- 
--          case GNUTLS_X509_CRLREASON_REMOVEFROMCRL:
--            crl_reason = "will be removed from delta CRL";
--            break;
-+      case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION:
-+        crl_reason = "operation has ceased";
-+        break;
- 
--          case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN:
--            crl_reason = "privilege withdrawn";
--            break;
-+      case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD:
-+        crl_reason = "certificate is on hold";
-+        break;
- 
--          case GNUTLS_X509_CRLREASON_AACOMPROMISE:
--            crl_reason = "AA compromised";
--            break;
--        }
-+      case GNUTLS_X509_CRLREASON_REMOVEFROMCRL:
-+        crl_reason = "will be removed from delta CRL";
-+        break;
- 
--        failf(data, "Server certificate was revoked: %s", crl_reason);
-+      case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN:
-+        crl_reason = "privilege withdrawn";
-         break;
--      }
- 
--      default:
--      case GNUTLS_OCSP_CERT_UNKNOWN:
--        failf(data, "Server certificate status is unknown");
-+      case GNUTLS_X509_CRLREASON_AACOMPROMISE:
-+        crl_reason = "AA compromised";
-         break;
-       }
- 
--      gnutls_ocsp_resp_deinit(ocsp_resp);
-+      failf(data, "Server certificate was revoked: %s", crl_reason);
-+      break;
-+    }
- 
--      return CURLE_SSL_INVALIDCERTSTATUS;
-+    default:
-+    case GNUTLS_OCSP_CERT_UNKNOWN:
-+      failf(data, "Server certificate status is unknown");
-+      break;
-     }
--    else
--      infof(data, "  server certificate status verification OK");
-+
-+    gnutls_ocsp_resp_deinit(ocsp_resp);
-+    if(status != GNUTLS_OCSP_CERT_GOOD)
-+      return CURLE_SSL_INVALIDCERTSTATUS;
-   }
-   else
-     infof(data, "  server certificate status verification SKIPPED");
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 4/6] gnu: cups-minimal: Ungraft.
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: z572@z572.online, guix-patches@gnu.org
Resent-Date: Tue, 20 May 2025 02:59:03 +0000
Resent-Message-ID: <handler.78337.B78337.17477099391836@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Cc: Zheng Junjie <z572@z572.online>, Maxim Cournoyer <maxim.cournoyer@gmail.com>, Zheng Junjie <z572@z572.online>
X-Debbugs-Original-Xcc: Zheng Junjie <z572@z572.online>
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099391836
          (code B ref 78337); Tue, 20 May 2025 02:59:03 +0000
Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:58:59 +0000
Received: from localhost ([127.0.0.1]:50174 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHDBz-0000TX-9w
	for submit@debbugs.gnu.org; Mon, 19 May 2025 22:58:59 -0400
Received: from mail-pg1-x532.google.com ([2607:f8b0:4864:20::532]:48626)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1uHDBq-0000Ru-Cb
 for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:50 -0400
Received: by mail-pg1-x532.google.com with SMTP id
 41be03b00d2f7-b26ef4791a5so3690434a12.1
 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747709923; x=1748314723; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=xDtUNxLHWt/JnnSn/nqr6EPx3Y8T3FsVUBk8e4QZWRo=;
 b=cliQfSH1QEG74jOPGBOxb19YuCVkP+i5qn/I9yCxoCzVQWn8lEfU3lzSq353ENGeUA
 nifSCwvvKDN/CjSvCcNd0h/m3e1fOCI/spS3a1Ovu0K0fYjR+8RaQ7eru20p7Sv9XUUL
 laPMb+1YNSmJKXgWsGygGwttkex2XmKK47pyneTzm9IvF2Rm8e+dvRr60CQH8ek9onz+
 vTDZ4rZ71UPIInwxq4JCt+c1sAUs89qNQIDUv7Bbd4u2MYP7VRKL860PM41SibvRXzZk
 LlELBm6uZ7qqmixd0gJiK/HhzMW7wh7AqWRq+wNeDbEhUFmOwbrLIgrSykqN308yDhQU
 667g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747709923; x=1748314723;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=xDtUNxLHWt/JnnSn/nqr6EPx3Y8T3FsVUBk8e4QZWRo=;
 b=uSPvodMNchnwqU22eP3mJOJdte0Zt1gKgoN+l+Ft5+jzfG0B5vl70LCtQr66xrLY63
 GT2TceYNfrW+r7HFuh2QisspRkSi4kkPVJGJlQ5MpNpCYY1UnN5vC11ZCQb87fUoGd9W
 NWCCnve0x+0BaPTsHoaH4SuW3yzmAwoRY6b//50iHFKE6pZ4JVIgbSnh9nPEvBwDGrrY
 9u6qgpeB09YVLuFTASacT0JbLYB7jfago2uhqI0RgSgeZWu9u5u/5gyAVUaE6LnSO1/H
 9Pc4INdspVLoGT2oO1yBb35UaemWuFwBsENb3j0k+sovjG81ApcCpOILfDARgqnwUg7n
 7auQ==
X-Gm-Message-State: AOJu0YxgRIvDFOT6XID8M1psOOj/+phmfMsydffY6lXmGFoOLrhjJuXf
 Gf0AXcjbKzjdpGmF7Jl0Y/id1+nlA1JLegWj73fUl4OjH2aIp+XbnDwFQWoFGg==
X-Gm-Gg: ASbGncuDaNZEEqSAEZ4XXD2MjgTZC/OaaO11Y/gTUYWR+BZn4K78LuXVzijQ6ZrP3U9
 6FeQ1XRqEIOpBdUmt264U73fzb52+seM6f7KfZQMiDrBp+lQjFuBpKTD4LvLVteZZ3C9cOej44/
 N8gKqPWdjFtT7CddDs1pqSiM/LtrpS75zhF+83+7tHDr7RXPxtyCgB2RSH+zS5dGJGFMx4j6boI
 v31m/bN8GvKAbeF9Wn5yW1T/guo+C5QNWwEaJJFGjV8IhX5uaNLNFrv1IBFY4ifY0lx1TB+Vf4h
 yMTsUulPgHU58QKD5lX5mwZDtoSmYOqx4cWuyM1p6syzPwLAAKteDL1VJJAp1CBbRePE2436y5U
 eJi/RBQ==
X-Google-Smtp-Source: AGHT+IE0b8x1sHma4vuVPZVnOaRJxtjyZ9YBIgFpIq30PTpM0elkIQmi2AzdoUttExWkqox5k2G2sA==
X-Received: by 2002:a17:90b:3b46:b0:30a:204e:3271 with SMTP id
 98e67ed59e1d1-30e7d5564e7mr28200588a91.17.1747709923308; 
 Mon, 19 May 2025 19:58:43 -0700 (PDT)
Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.41
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 19 May 2025 19:58:42 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue, 20 May 2025 11:58:14 +0900
Message-ID: <b5e15fcd2766a95c8bd3175897b5cb5eb50b2d6e.1747709896.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Zheng Junjie <z572@z572.online> * gnu/packages/cups.scm
 (cups-minimal)[replacement]: Remove it. [source]: Add
 cups-minimal-Address-PPD-injection-issues.patch.
 * gnu/packages/cups.scm (cups-minimal/fixed): Remove it. 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (maxim.cournoyer[at]gmail.com)
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:532 listed in]
 [list.dnswl.org]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

From: Zheng Junjie <z572@z572.online>

* gnu/packages/cups.scm (cups-minimal)[replacement]: Remove it.
[source]: Add cups-minimal-Address-PPD-injection-issues.patch.
* gnu/packages/cups.scm (cups-minimal/fixed): Remove it.

Change-Id: Icb5295af42b5a84741a73ed4b662bc8736ab6b2b
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
---
 gnu/packages/cups.scm | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 41c3f0af45..847fc29a9a 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -265,7 +265,6 @@ (define-public cups-minimal
   (package
     (name "cups-minimal")
     (version "2.4.9")
-    (replacement cups-minimal/fixed)
     (source
      (origin
        (method git-fetch)
@@ -275,7 +274,8 @@ (define-public cups-minimal
        ;; Avoid NAME confusion: these are the complete CUPS sources.
        (file-name (git-file-name "cups" version))
        (sha256
-        (base32 "08wjd1flyaslhnwvxl39403qi3g675rk532ysiyk6cda4r8ks1g1"))))
+        (base32 "08wjd1flyaslhnwvxl39403qi3g675rk532ysiyk6cda4r8ks1g1"))
+       (patches (search-patches "cups-minimal-Address-PPD-injection-issues.patch"))))
     (build-system gnu-build-system)
     (arguments
      (list #:configure-flags
@@ -355,15 +355,6 @@ (define-public cups-minimal
     ;; CUPS is Apache 2.0 with exceptions, see the NOTICE file.
     (license license:asl2.0)))
 
-(define cups-minimal/fixed
-  (package
-    (inherit cups-minimal)
-    (source
-     (origin
-       (inherit (package-source cups-minimal))
-       (patches
-        (search-patches "cups-minimal-Address-PPD-injection-issues.patch"))))))
-
 (define-public cups
   (package/inherit cups-minimal
     (name "cups")
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 5/6] gnu: libarchive: Update to 3.7.7.
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: z572@z572.online, guix-patches@gnu.org
Resent-Date: Tue, 20 May 2025 02:59:04 +0000
Resent-Message-ID: <handler.78337.B78337.17477099401849@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Cc: Zheng Junjie <z572@z572.online>, Maxim Cournoyer <maxim.cournoyer@gmail.com>, Zheng Junjie <z572@z572.online>
X-Debbugs-Original-Xcc: Zheng Junjie <z572@z572.online>
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099401849
          (code B ref 78337); Tue, 20 May 2025 02:59:04 +0000
Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:59:00 +0000
Received: from localhost ([127.0.0.1]:50176 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHDBz-0000Te-Mn
	for submit@debbugs.gnu.org; Mon, 19 May 2025 22:59:00 -0400
Received: from mail-pj1-x1030.google.com ([2607:f8b0:4864:20::1030]:44302)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1uHDBt-0000SB-5e
 for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:54 -0400
Received: by mail-pj1-x1030.google.com with SMTP id
 98e67ed59e1d1-30e7bfef364so3686389a91.1
 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747709927; x=1748314727; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=VLW4XEfGm0Iqej8OIAUuSyG9zccZMvgoY6rkDt8nwuM=;
 b=GDeArT9ee17oYBmxrq32S6vhXQ8Wk1rzTSrC+PxIAH+mXQmBZGy4Fpx2R4i43X9U7s
 WFPpJxuDCQtRHtd3ikeVO8CIwSEtndPoxJ1B124uDCFJ9V8cDir49eCli3vT08j+mcMi
 w7TOPRt5mLHYQ3hpNI9mtO6/+t0pZBUCD4hP4cwLocEsmev5onUFRirRvNDsNiN/o8qJ
 M+jCj4zjvGKs/A4vxsS9/J13xe/c9rwcsLq7zsE66OC2C01lLnUE6T1JVmCyF8m1B0S0
 6pEmE3mhAYrNTMMP5n80cVtqZjHZ/EAYY0P53r07JXnSHB0/qXDoRXQk94ZPC95NbE1B
 qu7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747709927; x=1748314727;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=VLW4XEfGm0Iqej8OIAUuSyG9zccZMvgoY6rkDt8nwuM=;
 b=TJDRlIF56rbdWA0p+Ns1w/LWuSM/N/RV41QW5eoySpifVz5H9/4PTiRmCVH470laTq
 jqEQzMPcaRqSl8OHDhrXeUcHHdPTjQbhc5eWsBLm+Qb3sfI4E0LgHRvC5VnhgcAjCAVc
 ZY4mljOxRtaL+6dUhQ3sY4YU2clpQAC9QsRHkuAgeQLNaXJf0719zs5mEITAdUPaEmQw
 4xxEnhiIsAPLERiAmmPbCsUvYkAF48vvBjKOwfge3klNTqjHsLBfHubMKfslJBz9/OBh
 U3Wp1N6F5YklB+BEDFTCtX/1JZKeDju/FrHXOsh4If46YJH2dc0Cu7YuQlqT0yHhqNJt
 RpWQ==
X-Gm-Message-State: AOJu0YyaFsPxTPMCCCGNKn+hCiUPrG6+a3JTM/pwN6o7DxgBW1EBldeM
 pLkD64vFYXW878dZv2k58RYP23sOd43ypGZw2pqQ1q0JRqw8gRX/2QSq02bflw==
X-Gm-Gg: ASbGnctwqB/unAtF8XXJkhFlkA4rzSZvFbYiJr5B/PrTgiFyYg137McSJ0vl2Uz9kHn
 7qOxBBbpExMXzYV6+PLH+82qh5Pkgz27QRDbNmDIknzpiq5+O/DTPAUxPOwk06NZZDgAMVSb9HO
 M0RfootcVFVuyrRlZB+eIZ7BXJ4afHejs8TkNJsKLjECgTR6iPQDOE6ZCVMvw0ZixX6WuGpVNBR
 /eZtmcu+yLUZYra2WBK4/8qHFpEs381+McdEG+P7WLaOtNrF+4g5R0wFtteWjq6pRRaLK+FAqi6
 N73TPuZnq5NHEcq29coJSzjh6Z+NM2Oyomlr+HORPPrK9Rt0qkgQuMZPXBXRib7erzEs4Zk=
X-Google-Smtp-Source: AGHT+IHZadErGXSrKP65bpMsKXE20NTgU6KfLKT2XQBqg4KKfyoLeyiXaFPiyNt/UGT8PtLoXVY2Aw==
X-Received: by 2002:a17:90b:3905:b0:305:2d27:7ba5 with SMTP id
 98e67ed59e1d1-30e7d4ebda4mr21460156a91.6.1747709926667; 
 Mon, 19 May 2025 19:58:46 -0700 (PDT)
Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 19 May 2025 19:58:46 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue, 20 May 2025 11:58:15 +0900
Message-ID: <e4e08bd54184661df492a4817f8ef97170ec0cd6.1747709896.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Zheng Junjie <z572@z572.online> *
 gnu/packages/backup.scm
 (libarchive): Update to 3.7.7. * gnu/packages/backup.scm (libarchive/fixed):
 Delete variable. *
 gnu/packages/patches/libarchive-remove-potential-backdoor.patch:
 Remove it * g [...] 
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:1030 listed in]
 [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (maxim.cournoyer[at]gmail.com)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

From: Zheng Junjie <z572@z572.online>

* gnu/packages/backup.scm (libarchive): Update to 3.7.7.
* gnu/packages/backup.scm (libarchive/fixed): Delete variable.
* gnu/packages/patches/libarchive-remove-potential-backdoor.patch: Remove it
* gnu/local.mk (dist_patch_DATA): Unregister it.

Change-Id: Ia6474f9dae9a3d1a707d94fcace9bd50b2e3ac4c
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
---
 gnu/local.mk                                  |  1 -
 gnu/packages/backup.scm                       | 22 +--------
 ...libarchive-remove-potential-backdoor.patch | 47 -------------------
 3 files changed, 2 insertions(+), 68 deletions(-)
 delete mode 100644 gnu/packages/patches/libarchive-remove-potential-backdoor.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 0cbe521c73..d561d5ea5d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1719,7 +1719,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/liba52-use-mtune-not-mcpu.patch		\
   %D%/packages/patches/libaio-32bit-test.patch                  \
   %D%/packages/patches/libaio-riscv-test5.patch			\
-  %D%/packages/patches/libarchive-remove-potential-backdoor.patch	\
   %D%/packages/patches/libbase-fix-includes.patch		\
   %D%/packages/patches/libbase-use-own-logging.patch		\
   %D%/packages/patches/libbonobo-activation-test-race.patch	\
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index b4aca86774..876167898b 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -263,8 +263,7 @@ (define-public hdup
 (define-public libarchive
   (package
     (name "libarchive")
-    (replacement libarchive/fixed)
-    (version "3.6.1")
+    (version "3.7.7")
     (source
      (origin
        (method url-fetch)
@@ -273,10 +272,9 @@ (define-public libarchive
                   (string-append "https://github.com/libarchive/libarchive"
                                  "/releases/download/v" version "/libarchive-"
                                  version ".tar.xz")))
-       (patches (search-patches "libarchive-remove-potential-backdoor.patch"))
        (sha256
         (base32
-         "1rj8q5v26lxxr8x4b4nqbrj7p06qvl91hb8cdxi3xx3qp771lhas"))))
+         "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7"))))
     (build-system gnu-build-system)
     (inputs
      (list bzip2
@@ -353,22 +351,6 @@ (define-public libarchive
 @command{bsdcat}, @command{bsdcpio} and @command{bsdtar} commands.")
     (license license:bsd-2)))
 
-(define libarchive/fixed
-  (package
-    (inherit libarchive)
-    (version "3.7.7")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (list (string-append "https://libarchive.org/downloads/libarchive-"
-                                 version ".tar.xz")
-                  (string-append "https://github.com/libarchive/libarchive"
-                                 "/releases/download/v" version "/libarchive-"
-                                 version ".tar.xz")))
-       (sha256
-        (base32
-         "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7"))))))
-
 (define-public rdup
   (package
     (name "rdup")
diff --git a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch
deleted file mode 100644
index 2b9a9e2ffe..0000000000
--- a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Remove code added by 'JiaT75', the malicious actor that backdoored `xz`:
-
-https://github.com/libarchive/libarchive/pull/2101
-
-At libarchive, they are reviewing all code contributed by this actor:
-
-https://github.com/libarchive/libarchive/issues/2103
-
-See the original disclosure and subsequent discussion for more
-information about this incident:
-
-https://seclists.org/oss-sec/2024/q1/268
-
-Patch copied from upstream source repository:
-
-https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942
-
-From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001
-From: Ed Maste <emaste@freebsd.org>
-Date: Fri, 29 Mar 2024 18:02:06 -0400
-Subject: [PATCH] tar: make error reporting more robust and use correct errno
- (#2101)
-
-As discussed in #1609.
----
- tar/read.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/tar/read.c b/tar/read.c
-index af3d3f42..a7f14a07 100644
---- a/tar/read.c
-+++ b/tar/read.c
-@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
- 			if (r != ARCHIVE_OK) {
- 				if (!bsdtar->verbose)
- 					safe_fprintf(stderr, "%s", archive_entry_pathname(entry));
--				fprintf(stderr, ": %s: ", archive_error_string(a));
--				fprintf(stderr, "%s", strerror(errno));
-+				safe_fprintf(stderr, ": %s: %s",
-+				    archive_error_string(a),
-+				    strerror(archive_errno(a)));
- 				if (!bsdtar->verbose)
- 					fprintf(stderr, "\n");
- 				bsdtar->return_value = 1;
--- 
-2.41.0
-
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 6/6] gnu: expat: Update to 2.7.1.
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: z572@z572.online, guix-patches@gnu.org
Resent-Date: Tue, 20 May 2025 02:59:04 +0000
Resent-Message-ID: <handler.78337.B78337.17477099411859@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Cc: Zheng Junjie <z572@z572.online>, Maxim Cournoyer <maxim.cournoyer@gmail.com>, Zheng Junjie <z572@z572.online>
X-Debbugs-Original-Xcc: Zheng Junjie <z572@z572.online>
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17477099411859
          (code B ref 78337); Tue, 20 May 2025 02:59:04 +0000
Received: (at 78337) by debbugs.gnu.org; 20 May 2025 02:59:01 +0000
Received: from localhost ([127.0.0.1]:50178 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHDC0-0000Tl-Ez
	for submit@debbugs.gnu.org; Mon, 19 May 2025 22:59:01 -0400
Received: from mail-pj1-x102a.google.com ([2607:f8b0:4864:20::102a]:45302)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1uHDBw-0000SV-Cs
 for 78337@debbugs.gnu.org; Mon, 19 May 2025 22:58:57 -0400
Received: by mail-pj1-x102a.google.com with SMTP id
 98e67ed59e1d1-30e57a373c9so5053995a91.2
 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 19:58:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747709930; x=1748314730; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=N8R2cdNGlAfm/xZPZYFk77yKco3WVhCjmF279bpZD2I=;
 b=S2J/WbbITTrwLRl6P+EPGNtctl1zqaJft32ZT7s722h8vHUGd857/Mav1qNhufNJRX
 6fo3NRqv9m+4V3en96H8ySJ+N+VPBKrBEB+0mE2JYsSaTRCGKmMGxbM2HQHPEjbSNIYY
 luZeUSwc0DTCkCQzPGJo4q6XCbH8F6Bcj6mB0gRxmc46YEp0nHVWTvfpQC/zR6dvUnGJ
 /S5h5Yvw52VDhql+BCenaW28BPCpge3TV1ZzRu5XPNWyo57pDDQ756MP26Rp0H42KDfC
 vd79AiiZ8eLmHoaXtXmunrhQcj50Itq8BaBYZuF6Sf4D4VS3qet81E8va3VQOk87iKJq
 P98Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747709930; x=1748314730;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=N8R2cdNGlAfm/xZPZYFk77yKco3WVhCjmF279bpZD2I=;
 b=Yw7nG2799Dg0HdKGrSnLtrsvI1iN+1m3U8mCzf+fyZNLtWHJFJne0Wek4TxvV0chdY
 z6qmllrRGEkvcABwUwjqdpf3hPSUJoPtiMca3ozwb3J2416sWFOzN44+Avk8NRgGUbM5
 oUcdu8pNGRSpgLACC3VDNHErb1V6Q2iVgFWOo5LESJxjkVMOivA4EqhjMLwG01ZSsptG
 2M8lF/xCq0AZJM29M/dYsGfMxMBfOJj5nrtab+Jm1sASrHc3Oe9mdsiYW70+u8soI7Yh
 DzUHEgpWkCjjx4zRKWC7IlZd57+kN2jzUKl4mhZZobclIJiJKweq5wqezdjVBw52gBq2
 ZuYw==
X-Gm-Message-State: AOJu0Yyiuzio1v6gdaCxV/HVJpwbhMQe2USj9KM6CeEYt3nnSvmX/SNh
 /tvEgVZGYg2sztU+widfTfUu5PFJLXBDzvH+xhqiHoVs1Z7Eab08Ch7kKXqlpw==
X-Gm-Gg: ASbGncutNgQfkAvfQmogC/C93Bo8DKEbVZRDHRPi8ngaIYQPmg+T1ToR9GKRTLtzeRi
 uySYGgetAtuSyCymZkWkhSN7PYBpxdKS+B/7CSplFPcRqwNAQ1/FloCXiJx0NjnxzZcoPWVMDhs
 WYyLycR6X4lf/iavstnpZSjeYIZggIyRxKRVOcHPSshztxP+FXJCTp8Ty07xmJdjCtl9pp85p3U
 08s6q5RGLF+gScK1bwL8jEu66+BYz5zo8lIJtTzlIrm3qLPZmHrzBtTAW89VF0n2tteyJdte3lR
 3nMI7FXBOYpvz6goPVt1Nob61ycjDEGepUAP1avQLVBvbKX5wGwuaOk0KkerzaEP+BkB/JE=
X-Google-Smtp-Source: AGHT+IG4fSRsU20Ug3nI40fOO81SvFJfORCR2Oe/7I50Wh6/03UzcYCfIflfCwvglC/LBgqrhcjONQ==
X-Received: by 2002:a17:90b:1c05:b0:30c:5617:7475 with SMTP id
 98e67ed59e1d1-30e7d53ff83mr26599396a91.18.1747709929644; 
 Mon, 19 May 2025 19:58:49 -0700 (PDT)
Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-30f365d460fsm480078a91.23.2025.05.19.19.58.48
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 19 May 2025 19:58:49 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue, 20 May 2025 11:58:16 +0900
Message-ID: <5b99b0aa419d655e4c376aef28b57f228f761cf5.1747709896.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Zheng Junjie <z572@z572.online> * gnu/packages/xml.scm
 (expat): Update to 2.7.1. (expat/fixed): Remove it. *
 gnu/packages/patches/expat-CVE-2024-45490.patch:
 Remove it. * gnu/packages/patches/expat-CVE-2024-45491.patch: Remove it.
 * [...] Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 2.0 PDS_OTHER_BAD_TLD      Untrustworthy TLDs
 [URI: z572.online (online)]
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (maxim.cournoyer[at]gmail.com)
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:102a listed in]
 [list.dnswl.org]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

From: Zheng Junjie <z572@z572.online>

* gnu/packages/xml.scm (expat): Update to 2.7.1.
(expat/fixed): Remove it.
* gnu/packages/patches/expat-CVE-2024-45490.patch: Remove it.
* gnu/packages/patches/expat-CVE-2024-45491.patch: Remove it.
* gnu/packages/patches/expat-CVE-2024-45492.patch: Remove it.
* gnu/local.mk (dist_patch_DATA): Unregister them.

Change-Id: Ia0bc5da202afba0636032e4f4e10051778214944
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
---
 gnu/local.mk                                  |  3 --
 .../patches/expat-CVE-2024-45490.patch        | 34 -------------------
 .../patches/expat-CVE-2024-45491.patch        | 34 -------------------
 .../patches/expat-CVE-2024-45492.patch        | 33 ------------------
 gnu/packages/xml.scm                          | 16 ++-------
 5 files changed, 2 insertions(+), 118 deletions(-)
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45490.patch
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45491.patch
 delete mode 100644 gnu/packages/patches/expat-CVE-2024-45492.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index d561d5ea5d..c9b70349ce 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1256,9 +1256,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/esmini-use-pkgconfig.patch		\
   %D%/packages/patches/esmtp-add-lesmtp.patch		\
   %D%/packages/patches/exercism-disable-self-update.patch	\
-  %D%/packages/patches/expat-CVE-2024-45490.patch	\
-  %D%/packages/patches/expat-CVE-2024-45491.patch	\
-  %D%/packages/patches/expat-CVE-2024-45492.patch	\
   %D%/packages/patches/extempore-unbundle-external-dependencies.patch	\
   %D%/packages/patches/extundelete-e2fsprogs-1.44.patch		\
   %D%/packages/patches/fail2ban-paths-guix-conf.patch		\
diff --git a/gnu/packages/patches/expat-CVE-2024-45490.patch b/gnu/packages/patches/expat-CVE-2024-45490.patch
deleted file mode 100644
index f876e78651..0000000000
--- a/gnu/packages/patches/expat-CVE-2024-45490.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://github.com/libexpat/libexpat/commit/5c1a31642e243f4870c0bd1f2afc7597976521bf.patch
-Fixed in 2.6.3.
-Takes only 1 of the 3 patches from
-https://github.com/libexpat/libexpat/pull/890 to take the fix and not the
-tests because that part doesn't apply cleanly.
-
-From 5c1a31642e243f4870c0bd1f2afc7597976521bf Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 19 Aug 2024 22:26:07 +0200
-Subject: [PATCH] lib: Reject negative len for XML_ParseBuffer
-
-Reported by TaiYou
-
----
- expat/lib/xmlparse.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 91682c188..ba1038119 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -2038,6 +2038,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int isFinal) {
- 
-   if (parser == NULL)
-     return XML_STATUS_ERROR;
-+
-+  if (len < 0) {
-+    parser->m_errorCode = XML_ERROR_INVALID_ARGUMENT;
-+    return XML_STATUS_ERROR;
-+  }
-+
-   switch (parser->m_parsingStatus.parsing) {
-   case XML_SUSPENDED:
-     parser->m_errorCode = XML_ERROR_SUSPENDED;
diff --git a/gnu/packages/patches/expat-CVE-2024-45491.patch b/gnu/packages/patches/expat-CVE-2024-45491.patch
deleted file mode 100644
index 8ff10559bf..0000000000
--- a/gnu/packages/patches/expat-CVE-2024-45491.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://github.com/libexpat/libexpat/commit/8e439a9947e9dc80a395c0c7456545d8d9d9e421.patch
-Fixed in 2.6.3.
-
-From 8e439a9947e9dc80a395c0c7456545d8d9d9e421 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 19 Aug 2024 22:34:13 +0200
-Subject: [PATCH] lib: Detect integer overflow in dtdCopy
-
-Reported by TaiYou
----
- expat/lib/xmlparse.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 91682c188..e2327bdcf 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -7016,6 +7016,16 @@ dtdCopy(XML_Parser oldParser, DTD *newDtd, const DTD *oldDtd,
-     if (! newE)
-       return 0;
-     if (oldE->nDefaultAtts) {
-+      /* Detect and prevent integer overflow.
-+       * The preprocessor guard addresses the "always false" warning
-+       * from -Wtype-limits on platforms where
-+       * sizeof(int) < sizeof(size_t), e.g. on x86_64. */
-+#if UINT_MAX >= SIZE_MAX
-+      if ((size_t)oldE->nDefaultAtts
-+          > ((size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE))) {
-+        return 0;
-+      }
-+#endif
-       newE->defaultAtts
-           = ms->malloc_fcn(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
-       if (! newE->defaultAtts) {
diff --git a/gnu/packages/patches/expat-CVE-2024-45492.patch b/gnu/packages/patches/expat-CVE-2024-45492.patch
deleted file mode 100644
index 852a9b3f59..0000000000
--- a/gnu/packages/patches/expat-CVE-2024-45492.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://github.com/libexpat/libexpat/commit/9bf0f2c16ee86f644dd1432507edff94c08dc232.patch
-Fixed in 2.6.3.
-
-From 9bf0f2c16ee86f644dd1432507edff94c08dc232 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Mon, 19 Aug 2024 22:37:16 +0200
-Subject: [PATCH] lib: Detect integer overflow in function nextScaffoldPart
-
-Reported by TaiYou
----
- expat/lib/xmlparse.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 91682c188..f737575ea 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -7558,6 +7558,15 @@ nextScaffoldPart(XML_Parser parser) {
-   int next;
- 
-   if (! dtd->scaffIndex) {
-+    /* Detect and prevent integer overflow.
-+     * The preprocessor guard addresses the "always false" warning
-+     * from -Wtype-limits on platforms where
-+     * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
-+#if UINT_MAX >= SIZE_MAX
-+    if (parser->m_groupSize > ((size_t)(-1) / sizeof(int))) {
-+      return -1;
-+    }
-+#endif
-     dtd->scaffIndex = (int *)MALLOC(parser, parser->m_groupSize * sizeof(int));
-     if (! dtd->scaffIndex)
-       return -1;
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 10cd6d98fa..33c409212f 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -127,8 +127,7 @@ (define-public libxmlb
 (define-public expat
   (package
     (name "expat")
-    (version "2.5.0")
-    (replacement expat/fixed)
+    (version "2.7.1")
     (source (let ((dot->underscore (lambda (c) (if (char=? #\. c) #\_ c))))
               (origin
                 (method url-fetch)
@@ -140,7 +139,7 @@ (define-public expat
                             "/expat-" version ".tar.xz")))
                 (sha256
                  (base32
-                  "1gnwihpfz4x18rwd6cbrdggmfqjzwsdfh1gpmc0ph21c4gq2097g")))))
+                  "0c3w446jrrnss3ccgx9z590lpwbpxiqdbxv2a0p036cg9da54i9m")))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases (modify-phases %standard-phases
@@ -164,17 +163,6 @@ (define-public expat
 things the parser might find in the XML document (like start tags).")
     (license license:expat)))
 
-(define-public expat/fixed
- (hidden-package
-  (package
-    (inherit expat)
-    (replacement expat/fixed)
-    (source (origin
-              (inherit (package-source expat))
-              (patches (search-patches "expat-CVE-2024-45490.patch"
-                                       "expat-CVE-2024-45491.patch"
-                                       "expat-CVE-2024-45492.patch")))))))
-
 (define-public libebml
   (package
     (name "libebml")
-- 
2.49.0





From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 2/6] gnu: curl: Update to 8.13.0 and ungraft [fixes CVE-2025-0725].
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 20 May 2025 03:27:02 +0000
Resent-Message-ID: <handler.78337.B78337.174771160611615@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 78337@debbugs.gnu.org
Cc: hako@ultrarare.space, steve@futurile.net, efraim@flashner.co.il, divya@subvertising.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174771160611615
          (code B ref 78337); Tue, 20 May 2025 03:27:02 +0000
Received: (at 78337) by debbugs.gnu.org; 20 May 2025 03:26:46 +0000
Received: from localhost ([127.0.0.1]:50466 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHDcq-000319-8J
	for submit@debbugs.gnu.org; Mon, 19 May 2025 23:26:46 -0400
Received: from mail-pj1-x102f.google.com ([2607:f8b0:4864:20::102f]:56401)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1uHDcm-000308-Az
 for 78337@debbugs.gnu.org; Mon, 19 May 2025 23:26:40 -0400
Received: by mail-pj1-x102f.google.com with SMTP id
 98e67ed59e1d1-30e8daea8c6so2958987a91.0
 for <78337@debbugs.gnu.org>; Mon, 19 May 2025 20:26:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747711594; x=1748316394; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:cc:references:in-reply-to
 :subject:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=kUpgZD6G+OcbsFkNZRExhAsHuf0J54+Eq4VfWWxRYbE=;
 b=IRDZPfS0RTVLAwXOfTDHf47eoliZG+gEsKc6hgGogkNRGhSk8LL7GAibfpGWpQJNeq
 21QxzES+7xGReMwfn0se2D8ueHpMwoyZfnUhniOtC3LEp/9WskrM+oIhoNsAm0wsCzTl
 o+0eBwn5aUIhXEF48EIZc3z3J15CyNYB58l1sJmgC9sFoMz16LsFey3Z7opNSRtJjozG
 5duOWJUd+2wr9Vf/q9kjNP8a2VRG2fDvOtE3Rv9Ma6Cia1op4XoktGtweIj5P+bS1XzQ
 KzYl0RHcit0t2CxXMBymzXmRpY4qJG4T1ivtCIlSnOL78tYes/OzVQdxjJWv05ncT09Z
 QRQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747711594; x=1748316394;
 h=mime-version:user-agent:message-id:date:cc:references:in-reply-to
 :subject:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=kUpgZD6G+OcbsFkNZRExhAsHuf0J54+Eq4VfWWxRYbE=;
 b=LXUjxT4b2XYzJqrPGA+mdHQNcxS3MXw6lpI0MEh8OWlm8MKzdmnaaJW2a5pk4MXpFh
 8bG0E7EQetXdlgWjK0jhJWBGdGIwQ7UOZiqWHB6X1vjrWMJlbpYhlxXMyJjkzdhIJh/I
 KQNVpbTZ45RJxzESmWMzLh2YcO66dmn3kJjIF54E0K3Ua7r9MAnQEGUmlXQ76uo4/Uzt
 UUluVgUlFm8/bGiHu8wMp592ps8lCmz34DUeuqlOP6RndaBQga7MFqbxoDxJzm36ydH4
 o7oyJwSyeLddGQ9JbqfZBoIMPqw3YjWtoNgr1wMxxJeIKwQyUMaQVyl+vofEdNsbBuJn
 JTkQ==
X-Gm-Message-State: AOJu0YzKwvMNFJLp1IAmUIGN0U+f+HWDRnyQr/KvTLjF75BHDfJ7v+hh
 Dn3DGvM/xkn5QZ6sN2KQzpKfSUnK/XDjsBFbDOj4+zsJoZME2tsyuI07J4WdyQ==
X-Gm-Gg: ASbGncszaEz1w2s/7Qf+4vwooFKe9e6rXowOClLh8gvqHW7Tdp4XIgJvQIH7MrDwFbg
 9Gdo4IveKK6AMdoKqLoDpEcUjMT3peXBZiHNV+Q0iwuf1N2lTT5de4JRrlkwUjT5a74Hj+eauPa
 IwN5yF0tvIZ+Gv9mQPTadCyyNB6l2knnH5fNveVHkUHDTtokHMCgDtg9yS4N0HKx4mS+Y5HfGBG
 HN5pcGRr5mD+vOug5xdMybx+0PoOTbRk7Rx+c6yT6b228e/0Tl3Augr+lIjLaUQDpQ34xDHO1Js
 re9CudkdxClheAjZxiPHpXfZcUS/URi4i9OeIldFn5TMkNm60w==
X-Google-Smtp-Source: AGHT+IGr0A/tcFCZyTs2mvN/9w44wkv7hb6UJIovDu29NY6Eb7w+P8LVDNR6xR0cs9b+geEO8mongw==
X-Received: by 2002:a17:90a:c10e:b0:30e:9349:2d99 with SMTP id
 98e67ed59e1d1-30e9349328emr20093132a91.5.1747711594020; 
 Mon, 19 May 2025 20:26:34 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-30f3651611bsm592103a91.49.2025.05.19.20.26.32
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 19 May 2025 20:26:33 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
In-Reply-To: <d8c35c9e396637c5f23c02f13e49b4f67f88584c.1747709896.git.maxim.cournoyer@gmail.com>
 (Maxim Cournoyer's message of "Tue, 20 May 2025 11:58:12 +0900")
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
 <d8c35c9e396637c5f23c02f13e49b4f67f88584c.1747709896.git.maxim.cournoyer@gmail.com>
Date: Tue, 20 May 2025 12:26:30 +0900
Message-ID: <87r00karo9.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:

> * gnu/packages/curl.scm (curl): Update to 8.13.0.

A note: this breaks rust-1.82, which fails to detect curl.  Apparently
that happens via one of its bundled crates (curl-sys), so I suppose we'd
need to patch it with a fresher one.  I'm not sure what is the right
approach or how to do that, so I'm adding the rust team in CC for input.

-- 
Thanks,
Maxim




From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 2/6] gnu: curl: Update to 8.13.0 and ungraft [fixes CVE-2025-0725].
Resent-From: Efraim Flashner <efraim@flashner.co.il>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 21 May 2025 05:22:01 +0000
Resent-Message-ID: <handler.78337.B78337.174780491323852@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Cc: hako@ultrarare.space, steve@futurile.net, 78337@debbugs.gnu.org, divya@subvertising.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174780491323852
          (code B ref 78337); Wed, 21 May 2025 05:22:01 +0000
Received: (at 78337) by debbugs.gnu.org; 21 May 2025 05:21:53 +0000
Received: from localhost ([127.0.0.1]:42516 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHbto-0006CZ-NU
	for submit@debbugs.gnu.org; Wed, 21 May 2025 01:21:53 -0400
Received: from mail-wr1-x433.google.com ([2a00:1450:4864:20::433]:53595)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <efraim.flashner@gmail.com>)
 id 1uHbtk-0006By-9t
 for 78337@debbugs.gnu.org; Wed, 21 May 2025 01:21:49 -0400
Received: by mail-wr1-x433.google.com with SMTP id
 ffacd0b85a97d-3a376da332aso1798534f8f.3
 for <78337@debbugs.gnu.org>; Tue, 20 May 2025 22:21:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747804902; x=1748409702; darn=debbugs.gnu.org;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to
 :cc:subject:date:message-id:reply-to;
 bh=3pLyVYbz2W2UqkWo5iWr5bhWrjpvyG+R2/ndLTQuvDg=;
 b=fzAj1USgx8FC70S3UjyS/igmj43rsOAd7E/y9nbdYtkpfKHSeYZwc2IhhNlv2WkyVF
 o6OX/NtoYkBqskT99MN8tihQXAYs+X35io5pUtf9BdckYb3Gu9xf5Zvg+4mPrUYjdxDZ
 q31JuytDg+wJHdftANOetg4zifJS3e2h4Yhr8qWfapcfJOabr1Z5gfUxBfRh04BNcKTS
 4Zz3PTPkPQoqI66aGVIDWRrPHHcoFfGsHjzuqkMFDgiJ+JtKftcQGR06R43YnL18RTnL
 eQYCM8miNeC02mGBY478JVKvGExOVm8tnXmz/N0rpNbDCDi/L3LJpAtyxWVh6jm40hF+
 8fQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747804902; x=1748409702;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:sender
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=3pLyVYbz2W2UqkWo5iWr5bhWrjpvyG+R2/ndLTQuvDg=;
 b=p5uBElY+7K+5RmubMEFb5wUlgRMCcPJcgUaQtnlbRtc1Xa0I9vSxz2o3EBZLBSsGy4
 75Sn1T+OXJgKBHTjSyu/K33sGAUsS9u21aLwGRy1S+vQalXNPmyF64E7P261UMXj/umX
 9pa4EAYG9JlnjE2eTG+/APBIdMEzxKCglsrS0u/YZ2FkxiGnm4nkM4VTy7T2LGPVBh4p
 NUO1dzF2EFoVaPLB9H7IMrBtwcX15NhQNy/gKodNbLAYit0mHS8U1BeGCNl47BOACXsZ
 v9mSoBCHxKpRDQJ0O1PUsf259kHS2VAMhK7llliAIo25KA/9kzUmLsKDQ4QXezf4DrRJ
 6qsg==
X-Gm-Message-State: AOJu0Yy4gtP6PfeSOGaP9qT+1I5oK4jI6kQCa+z8i+QIdWVUv5olg8Df
 XoJOHXM14fPQYOP5AfL6FMl9C25c2HRPTN7DM9s/ty9dhaXBKAJHcxRg
X-Gm-Gg: ASbGncuzKFfmhSThKq1URqkAG/EDPW50so4gKKNCRLCTFiah1+z7WTrNZlME1Qm6o2Q
 K1sZ2i+MlUxB1p1samJaQYzM1JcfpNTztHmYsnNWsYtFfeBvZWJDloDV5d3MmW3T0SS1VSHTcvG
 K2GU7ntNo89Xt45TQHy4pdRCWv9qzctUl/iYLbvZ3slqccTyYG7RwqoA66BQ2V8gZB9jlWP5Lsq
 T8X+3bp2ocy/WnCk1Mw5shW1jCh1O5zR1/OOmnS6vx9eTsWbpFo0FZ98XRC98NGoVpYOzxDfDAT
 7a5PJORPp+1yJzXmQh39cobuPM5kHqWCTnanwHrr1xBy/9lDHmd6+oNlf+pSnw==
X-Google-Smtp-Source: AGHT+IFa/svTZ9S9CVOtdVxnXmaX4hw53zXiOlnxOQGqnmL/3p9fgciYVvkp+za1eVg4bb/tLL5Guw==
X-Received: by 2002:a05:6000:2288:b0:3a1:f937:6e7c with SMTP id
 ffacd0b85a97d-3a35fe67a7bmr17819744f8f.22.1747804901702; 
 Tue, 20 May 2025 22:21:41 -0700 (PDT)
Received: from localhost ([141.226.12.183]) by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-3a35ca4d230sm18189251f8f.4.2025.05.20.22.21.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 20 May 2025 22:21:41 -0700 (PDT)
Date: Wed, 21 May 2025 08:21:39 +0300
From: Efraim Flashner <efraim@flashner.co.il>
Message-ID: <aC1i417tEqENny9l@3900XT>
Mail-Followup-To: Efraim Flashner <efraim@flashner.co.il>,
 Maxim Cournoyer <maxim.cournoyer@gmail.com>, 78337@debbugs.gnu.org,
 divya@subvertising.org, hako@ultrarare.space, steve@futurile.net
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
 <d8c35c9e396637c5f23c02f13e49b4f67f88584c.1747709896.git.maxim.cournoyer@gmail.com>
 <87r00karo9.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="sPgbP1srxkcQUfVj"
Content-Disposition: inline
In-Reply-To: <87r00karo9.fsf@gmail.com>
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--sPgbP1srxkcQUfVj
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 20, 2025 at 12:26:30PM +0900, Maxim Cournoyer wrote:
> Hi,
>=20
> Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
>=20
> > * gnu/packages/curl.scm (curl): Update to 8.13.0.
>=20
> A note: this breaks rust-1.82, which fails to detect curl.  Apparently
> that happens via one of its bundled crates (curl-sys), so I suppose we'd
> need to patch it with a fresher one.  I'm not sure what is the right
> approach or how to do that, so I'm adding the rust team in CC for input.
>=20
> --=20
> Thanks,
> Maxim

Still building out to rust on core-packages-team branch.  I fixed some
problems in commencement.scm on aarch64 in the meanwhile.  We can
probably just get away with patching the curl-sys crate since we always
have newer rust versions coming.

--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--sPgbP1srxkcQUfVj
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmgtYuAACgkQQarn3Mo9
g1EtWg//cDOb22m08cQaL+RpL1EusqspgD6OcwaFeqdHXKqYVwf+f8CZsI+y9MoB
27n063SZpafjDUiByw+lVnjLpZbTUfUmISIVfMueXUlRin+RXBUX2bcMzh2rq2g4
zi/wUAw8W29c4u3tWtM3HAbFqjRAItb12fLSsErYENIDshEbn4iEQzmjrWMvBP9t
3V1C7+r5lcRdXglEofPCrSPqZqvx1upXushO1P3vDDO4kFLSvUabTBOSrUwUStX7
tCx7uF/HUt+ey4If2ScnN9TiY80INC2ysfxLwJiYFumErV3fVjbVU7TvhlFCymdw
DptMjJigV60LwxaE6in9Te9sRuH0kuQAxyXqDPckrZefICVhuPG/3ZbcdMwaXUkd
485DVacY3AbHgVPBYeGpB1pybBLyNW0emqKowxxh5nhmfJa2XBie3wwVqUHfNjt6
xG985/K/h6ZjQCHTQrQHNP4Nz9TlZfH3nnnBNhSy1PDhYROobKZFw92BwNWnmWId
fvisu2U4K5cYmpCnEpmqEW032WnkU+1sRuuOYjocmvps/g0yOhLFjjxibnzE6uZ5
cHUIPB6mnDW9BLxogJWGSrrmsXiCZyhFsH7vwcYBDlZL6MHYFkpcD5Uy5tzLQ+J9
xbP7h4hkI5Y9yEuEW4LgkMDs0oJV0+cVrGWOVi1YXoEvtfl7fgg=
=43+V
-----END PGP SIGNATURE-----

--sPgbP1srxkcQUfVj--




From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 2/6] gnu: curl: Update to 8.13.0 and ungraft [fixes CVE-2025-0725].
Resent-From: Efraim Flashner <efraim@flashner.co.il>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 21 May 2025 08:23:02 +0000
Resent-Message-ID: <handler.78337.B78337.174781578023038@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Cc: hako@ultrarare.space, steve@futurile.net, 78337@debbugs.gnu.org, divya@subvertising.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174781578023038
          (code B ref 78337); Wed, 21 May 2025 08:23:02 +0000
Received: (at 78337) by debbugs.gnu.org; 21 May 2025 08:23:00 +0000
Received: from localhost ([127.0.0.1]:44444 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHej6-0005zR-2k
	for submit@debbugs.gnu.org; Wed, 21 May 2025 04:23:00 -0400
Received: from mail-wm1-x32b.google.com ([2a00:1450:4864:20::32b]:54718)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <efraim.flashner@gmail.com>)
 id 1uHej0-0005yG-Vc
 for 78337@debbugs.gnu.org; Wed, 21 May 2025 04:22:55 -0400
Received: by mail-wm1-x32b.google.com with SMTP id
 5b1f17b1804b1-442ea341570so44672035e9.1
 for <78337@debbugs.gnu.org>; Wed, 21 May 2025 01:22:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747815768; x=1748420568; darn=debbugs.gnu.org;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to
 :cc:subject:date:message-id:reply-to;
 bh=Sq7bhJ9qErsTxAyUxsn0frV8qhQq/RFVrVJLGpro+jE=;
 b=Mw/LRFMIwLD9DcEaXeqIZ08FyTNhNQySKCIWCp8FWeX9OnCn0rT/0lkiaoYaD6Nz+9
 S9MOovzOqxvfdEq4Id6NEt7DKSeYANSBjqxbZUzTrtwWurIIu6SzNvYpac68vBuRRCqf
 sL9RcDn5X8z5L1BiM427stCaSrpwmTFD8Wy9Qm+DGwPSEwVp6ug7NLokjdu88CQkgCQY
 5T4jrD8T2OD3pFKj6RiiR9DZExqTbmxZU+oXpIWM7FknIYG4U8wicTUxwt3A7Wol7bh3
 uR3L/bsl5dv18mxzeLtiNAg0tTiBsxbJxNyg8ZaHu4YHx7pLWhC/9oFs6nV/FwpfEc4c
 Sacw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747815768; x=1748420568;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:sender
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=Sq7bhJ9qErsTxAyUxsn0frV8qhQq/RFVrVJLGpro+jE=;
 b=uvnqbhhvC5aXwrjRhV9pOFxkYWdh2Dl6aQJ5Lg6fEHkDXkkD0edl9M4tPvwQlQK8It
 vUezDNeewINFzNi/AaPgocJejD8CC57pl9g6s9yozf6yblOzkT+2e7o2Uyg9RADyZGmM
 nA0nZ4E2BQIfnZr4F4xm7iIaRgpDnGk2KP3gT0mnET9zZwohuA7nfPUaKIHwtvq6LQuA
 ZewCNHWcvc00AcGp0qeeiT9xxSN4wkLlbhow5RjgOsCcGDuab8qIsqOCx9lEKVJySObO
 dyCwjy/9go36dI4/gtkJcV1+enF30Mg8McU9O37xPQUT9ZQDrmb0+JiARuj8Ve+tId2J
 3bXw==
X-Gm-Message-State: AOJu0Yxkxxvpvkz1FvF1ISg5j44f/XDTehpNzAyPiCrX8sI9kXTOhrcu
 pCbNsJ594MYbzJVpPbEUwAnmt3Nc1fW7Dby6YtmSx6Ue1LKeQbf1kiYv
X-Gm-Gg: ASbGnctb9qOdcVjtoChPTzqBg9WoJsHH7g1f58NPvAUNssPR39ZU9VYqiOA2oHQg5Vj
 4QFQ0S9cIVy9WZDb82CqjB0l0ankTANrw7nPnStk9yh7l2ViZAHYCoVWC3TnlUATK3kMOpcrGGH
 iyA64Ke9Zh51JCC9/ilovofA9bJgn3nnEvf22zMh6MdF6zgHp2XkVpvAMDcRorWOQiNOyC5IwZa
 Kxn6A8yaETYTMoGO7lcoeQMnK+euRp+5zQVuNSo/LV+wjSrU/X450Kwiw4dC4BsbJ3SF+hVTyBJ
 w83lR1PRKCTddy0oGwkswoz/UzLFMHyANgu9dz55WibTynPCEKM=
X-Google-Smtp-Source: AGHT+IGfpLvB3rw36iOaDXodrm/2nRFuL+YtCrlM35hZPD7S72U+sGPUWhbs0FSoM4HmJToAY7HlhQ==
X-Received: by 2002:a05:600c:3b86:b0:43b:ce36:7574 with SMTP id
 5b1f17b1804b1-442fefefcfcmr143353435e9.11.1747815768282; 
 Wed, 21 May 2025 01:22:48 -0700 (PDT)
Received: from localhost ([141.226.12.183]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-447f6b295e7sm59589275e9.2.2025.05.21.01.22.46
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 21 May 2025 01:22:47 -0700 (PDT)
Date: Wed, 21 May 2025 11:22:45 +0300
From: Efraim Flashner <efraim@flashner.co.il>
Message-ID: <aC2NVX9jPT6qGSaR@3900XT>
Mail-Followup-To: Efraim Flashner <efraim@flashner.co.il>,
 Maxim Cournoyer <maxim.cournoyer@gmail.com>, 78337@debbugs.gnu.org,
 divya@subvertising.org, hako@ultrarare.space, steve@futurile.net
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
 <d8c35c9e396637c5f23c02f13e49b4f67f88584c.1747709896.git.maxim.cournoyer@gmail.com>
 <87r00karo9.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="5w4GbcVCBZV8KdJ1"
Content-Disposition: inline
In-Reply-To: <87r00karo9.fsf@gmail.com>
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--5w4GbcVCBZV8KdJ1
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 20, 2025 at 12:26:30PM +0900, Maxim Cournoyer wrote:
> Hi,
>=20
> Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
>=20
> > * gnu/packages/curl.scm (curl): Update to 8.13.0.
>=20
> A note: this breaks rust-1.82, which fails to detect curl.  Apparently
> that happens via one of its bundled crates (curl-sys), so I suppose we'd
> need to patch it with a fresher one.  I'm not sure what is the right
> approach or how to do that, so I'm adding the rust team in CC for input.
>=20

I'm currently unable to build cmake-bootstrap-3.24.2 with this patch
applied.  Am I missing some patches?

--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--5w4GbcVCBZV8KdJ1
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmgtjVIACgkQQarn3Mo9
g1FYoRAAqNml/MLkvLSc+n8xFSBPuqjsw3QiUfwDzRpJgnATqa9p8TDH8faDr8EM
xU4n0hj0hHGcU1XfA24WbPyknNR7OJBrUp2plEcHUbt6IUwxx1rHad32JVsQaZ2C
cKLHq4ytZKxuQRPTF9RM1G1K6tS76beafDy8+ljytaP259vKULr0484zBqdVHRlO
4QXQD2aeQy+bqWxprLu7SONxkswtnoENkpqSrsVzu8q93ehBkneGWAL3ZPw3m/8a
1Iy4upkOd9c7y67Wx/Yd+ojxXgkZMdDuF7Mhm3ZfMuMIO2dN7O5y/lFVi1GKHquW
tgMBi3WhjCuJqPaq2aOIWi46uLxXcE4F8/Mi0yFvBfHc8OnG/wmTtZJXSBrkDkIr
M/WyJV3n13nhG7DISF4UaKDg8SB40QE+NYOZ6qRIlJ3ATGC8mVXi0tQVCBR/Tzzx
ew+6uzP8mmuNluRbvgwbBZj3YEGaJcu+UFbivGoo6vgp+txCyqQBFs2pgh3e1/XT
5UmM0VUxapcPfHRDbkr3i625t325C008HDneK0bYL8EeBKtip1r2tZEX6GeZ7u6f
h5TxqY0YjuQA3PFnoGoEMg+qEgbmtS5rzBIABMi5AVT+AqSlxavZ3+Edadaeslwv
3P4gnw5QrOVptmPoq+tfe4tqOnTdKkS6s4a2mwzw0kqiUNUi1Ls=
=GPyZ
-----END PGP SIGNATURE-----

--5w4GbcVCBZV8KdJ1--




From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 2/6] gnu: curl: Update to 8.13.0 and ungraft [fixes CVE-2025-0725].
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 21 May 2025 09:12:02 +0000
Resent-Message-ID: <handler.78337.B78337.17478187219250@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Efraim Flashner <efraim@flashner.co.il>
Cc: hako@ultrarare.space, steve@futurile.net, 78337@debbugs.gnu.org, divya@subvertising.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.17478187219250
          (code B ref 78337); Wed, 21 May 2025 09:12:02 +0000
Received: (at 78337) by debbugs.gnu.org; 21 May 2025 09:12:01 +0000
Received: from localhost ([127.0.0.1]:44987 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHfUW-0002Oy-Q9
	for submit@debbugs.gnu.org; Wed, 21 May 2025 05:12:01 -0400
Received: from mail-pf1-x435.google.com ([2607:f8b0:4864:20::435]:42117)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1uHfUR-0002O4-5G
 for 78337@debbugs.gnu.org; Wed, 21 May 2025 05:11:56 -0400
Received: by mail-pf1-x435.google.com with SMTP id
 d2e1a72fcca58-7399838db7fso6166870b3a.0
 for <78337@debbugs.gnu.org>; Wed, 21 May 2025 02:11:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747818709; x=1748423509; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=yp1R2OhtHKwVM8HrMy6+3Ob+NmQH3W+u/rYX0Q8noOE=;
 b=TZYwEJfzQ7CvWN56eD6z+q6GXhAPIpkv2Qh7dPIgiZ3ZrSLA5NsyfGtf0tuygE5vIO
 wHNgNZ+PZm91dNKoBT2ug7+YjaklDrN3Re+ANBz4uGLvBM76XxwMTYSEkpJc8HBTRu4s
 4YvNHd3o5QElrqGdBwH7GUOjSe1UH4mikJgjMfC0SYt3RNN/vIXKFAaiy4eo5JrM8pph
 Xw7ER3MMmNRrhPED/f4fT3iM3ZQEj+c7+Nn5oAsmxshon5sOlGWDRpZ9kNuMVCe6PYgJ
 +xSE4SYzmnYtOqVI+QWMEcMbKjxqelrRMu6gKbwbHh56lQf+NKIRbC7eedHxJBzscC8d
 pkBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747818709; x=1748423509;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=yp1R2OhtHKwVM8HrMy6+3Ob+NmQH3W+u/rYX0Q8noOE=;
 b=bvGtZdot35osOkaRK9erKKaoVKSZv3+cGChdAoRtWq1LeOQrJDr7aW5ShDYuc4Vvhj
 0BYR3WEuB4vz94KKTDQlHg1Th1Du43StwzQh81CIYhaG+k37NUwV4Epo9By4tdzVb1UA
 dqIMh/5czBlTE4fgZWpduoqSZ7EPb8ReR9h6QnnO7rgZ8zW3TpW1iXxqCOBnw9fPZtRa
 AnWNA1Co01jizoersn/vYjJtqkKM3EWyebsX4Cg5gpsCIRr+bTP3yK4uMpPmaG0IJy0b
 45sCtsc+8/hESwSWI8wP2I1uYY69RHVZBSiOR2GM/NwpxxR0QPRNSSooElOfL80LYYhm
 VAJA==
X-Gm-Message-State: AOJu0YyVXuviQB8fvxDznSnj7myi6bXPLQbMBycYOuwEzFK27J6sDEHw
 MecKH3JLCCEL5yj7gDPPlkWmT8g+UAT92P/JfaBcP+0yeE4ECCTfIwXK
X-Gm-Gg: ASbGncuAtpESTujDrNzVqwz7erGuATdWoVvq+CZMdAuPKUG1qJ0Q2zx72YYp1o2Q2uF
 yRHn0s0SNY5+PVBtmSLpQAGBkTnkDneOZdW2Gu8+QA/+WW1PghkZ7uLv2jbB+uKe44+7SBBQhtx
 XqbHJYBgzWITn4vhUwtOptgmkQGbcMChv9BXDgcV+rP4MxNW4TcgLQZx+ODfZvONWTU7LxPPLI1
 gmzEPEmjNa3qjC8rLMkuvqVRhfuBDZMPylFT/CLzwrzn35AslRfZ2qWLKNLt3bexNaQIoypOP04
 bH1onn5iFUZsps7WwleSIV9pA+0OmRvloXo5zdjPHJLfLA4SXg==
X-Google-Smtp-Source: AGHT+IEAUaa/78jHZh0uNUckHIHnI/z8tWpz9PSh7QNIGZS0qYQx1xqenNk5QVm262Isc6EkaAY8zw==
X-Received: by 2002:a05:6a20:9c8d:b0:1ee:ab52:b8cc with SMTP id
 adf61e73a8af0-2160d97d901mr36492109637.21.1747818708577; 
 Wed, 21 May 2025 02:11:48 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-b26eaf5c6b0sm9316804a12.7.2025.05.21.02.11.46
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 21 May 2025 02:11:47 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
In-Reply-To: <aC2NVX9jPT6qGSaR@3900XT> (Efraim Flashner's message of "Wed, 21
 May 2025 11:22:45 +0300")
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
 <d8c35c9e396637c5f23c02f13e49b4f67f88584c.1747709896.git.maxim.cournoyer@gmail.com>
 <87r00karo9.fsf@gmail.com> <aC2NVX9jPT6qGSaR@3900XT>
Date: Wed, 21 May 2025 18:11:44 +0900
Message-ID: <87ldqq8h0v.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

Efraim Flashner <efraim@flashner.co.il> writes:

> On Tue, May 20, 2025 at 12:26:30PM +0900, Maxim Cournoyer wrote:
>> Hi,
>> 
>> Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
>> 
>> > * gnu/packages/curl.scm (curl): Update to 8.13.0.
>> 
>> A note: this breaks rust-1.82, which fails to detect curl.  Apparently
>> that happens via one of its bundled crates (curl-sys), so I suppose we'd
>> need to patch it with a fresher one.  I'm not sure what is the right
>> approach or how to do that, so I'm adding the rust team in CC for input.
>> 
>
> I'm currently unable to build cmake-bootstrap-3.24.2 with this patch
> applied.  Am I missing some patches?

I've taken this from a branch that had a couple other commits, but I don't see what would
impact cmake.  What does the build error say?

-- 
Thanks,
Maxim




From unknown Sun Jun 15 08:55:37 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#78337] [PATCH v2 2/6] gnu: curl: Update to 8.13.0 and ungraft [fixes CVE-2025-0725].
Resent-From: Efraim Flashner <efraim@flashner.co.il>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Wed, 21 May 2025 09:16:01 +0000
Resent-Message-ID: <handler.78337.B78337.174781893710536@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 78337
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Cc: hako@ultrarare.space, steve@futurile.net, 78337@debbugs.gnu.org, divya@subvertising.org
Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174781893710536
          (code B ref 78337); Wed, 21 May 2025 09:16:01 +0000
Received: (at 78337) by debbugs.gnu.org; 21 May 2025 09:15:37 +0000
Received: from localhost ([127.0.0.1]:45025 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1uHfY1-0002jq-5x
	for submit@debbugs.gnu.org; Wed, 21 May 2025 05:15:37 -0400
Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336]:50220)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <efraim.flashner@gmail.com>)
 id 1uHfXx-0002jK-51
 for 78337@debbugs.gnu.org; Wed, 21 May 2025 05:15:33 -0400
Received: by mail-wm1-x336.google.com with SMTP id
 5b1f17b1804b1-441d1ed82faso50871575e9.0
 for <78337@debbugs.gnu.org>; Wed, 21 May 2025 02:15:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1747818927; x=1748423727; darn=debbugs.gnu.org;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to
 :cc:subject:date:message-id:reply-to;
 bh=tM+58K2aAoDGFeajvWxk4lzqR0UYh1U9eyFfpWSgvJM=;
 b=AwaM1yZTKnPfeIYa+ZGrrdLf8EzLfBCdtX1qgdYCbwzS1+UiV92Lz6lVtkAxTPrQ7A
 OqZmmOVEctnb7YqHeY15yMc5Ly8wvhoSDFoPXGg1n6xdUcdUi1x9yiZSwGFJU8nJ1xPm
 xSTPxc9/uKNw0Hw0RV3hJQtWAPwQYLfyupqXDjtSLldA/jnwEGwRMv9mPBVS5ELguBVU
 qQsUmhUx/IQ2GgjBvvN69TL+3f57wg9bIYVqnitGBX/B8xJp0663zrq2YweCKOR2U+bo
 NOhZsWZxzH6EPu0hyqE+SkiS/lG+gDwuwyXlRDAXYi0PorhUkBYTQIJ/ZWcdL2F1T6Yv
 jhJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1747818927; x=1748423727;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:sender
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=tM+58K2aAoDGFeajvWxk4lzqR0UYh1U9eyFfpWSgvJM=;
 b=p2/srBSQiN7K5itkoWoCXe5iB8YdrqSzlFDk0qol5d84/RRqknCuP539R/rbaahZSM
 IgDlY/AKXNBbVbkKP2ngSwvqkF2fvijV/VkGLfZLjVuF6RxBJWxz7rXuhuxrX6buN1nS
 6y1W+Nw5MxSiTPP/8N7p4835wk2qw/wZ0j0NStL96dNV5OBXPuDWfNSw5vvrpis/PvEd
 gDpYNympASpnRH/pFMmDsXdzZp4kpKDnaIsVwyIrnzVlCTjQqyaobErdgxtkrFHyXEIf
 YCSVVLaPyRLx3yLEXB3tLpZAKVwJZWyV1V/fzu/2fxdYVbEvI/48pfixZ16ObCw3H1tR
 Zxow==
X-Gm-Message-State: AOJu0YwT/5G8ADH/VLf5BP47iliyJCwTGTv1jThUNGEVnFn3K0sTSVt2
 Y6u8Hyt068J7uEFxzcB5jCC3957KYd2KDwzb5phw5SekQyYHT2BncPO5
X-Gm-Gg: ASbGncvagcydTVzp5jP0qskBAv1kXGNDLovIi++z6mX+A8MSZyVnEVgg7xcQYTIU59j
 e8qXWJ8HrzD/rhYEQ7EUoLpnpKgT+sDz6+OJcT2JmzJdg4FiRC4u4X46vb5uY/CqjQx7tfFo6PR
 3SsYvdnjGdC5Oxer/yhnHUZUNg53CUbLYeUcvl3hKmH7PZ2hTVPT88FzCyJesQnEamkP5rAhCKU
 bhO3JlQ349dwZoM8+KS+HfZQpXP2YrLl+SjLcqrToLEgw7Ny+yUmeoOvDL8h/dT6/MAfeO76TTN
 lpk0G+vgGlpU2KVWdnXJUVUr5hdzk+9T0LAQWAKs/95n7CY1j4SgPciYgXHKtg==
X-Google-Smtp-Source: AGHT+IEwxv3XRXhcBg96aV+a75LuKBs4QOSHTfSUZfzw5soSukfcpWO8Gxy7saSVq7s6LP3rPeGzZw==
X-Received: by 2002:a05:600c:3c87:b0:442:d9f2:c6ef with SMTP id
 5b1f17b1804b1-442fefd5f98mr203671335e9.2.1747818926330; 
 Wed, 21 May 2025 02:15:26 -0700 (PDT)
Received: from localhost ([141.226.12.183]) by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-447f23c080asm63608055e9.22.2025.05.21.02.15.25
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 21 May 2025 02:15:25 -0700 (PDT)
Date: Wed, 21 May 2025 12:15:24 +0300
From: Efraim Flashner <efraim@flashner.co.il>
Message-ID: <aC2ZrJK9ZzFcuaVv@3900XT>
Mail-Followup-To: Efraim Flashner <efraim@flashner.co.il>,
 Maxim Cournoyer <maxim.cournoyer@gmail.com>, 78337@debbugs.gnu.org,
 divya@subvertising.org, hako@ultrarare.space, steve@futurile.net
References: <62f70621a69a09b7195dca52741ed454bec9b3d7.1747709896.git.maxim.cournoyer@gmail.com>
 <d8c35c9e396637c5f23c02f13e49b4f67f88584c.1747709896.git.maxim.cournoyer@gmail.com>
 <87r00karo9.fsf@gmail.com> <aC2NVX9jPT6qGSaR@3900XT>
 <87ldqq8h0v.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="5QNyAd0RZVjhjwCk"
Content-Disposition: inline
In-Reply-To: <87ldqq8h0v.fsf@gmail.com>
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--5QNyAd0RZVjhjwCk
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, May 21, 2025 at 06:11:44PM +0900, Maxim Cournoyer wrote:
> Hi,
>=20
> Efraim Flashner <efraim@flashner.co.il> writes:
>=20
> > On Tue, May 20, 2025 at 12:26:30PM +0900, Maxim Cournoyer wrote:
> >> Hi,
> >>=20
> >> Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
> >>=20
> >> > * gnu/packages/curl.scm (curl): Update to 8.13.0.
> >>=20
> >> A note: this breaks rust-1.82, which fails to detect curl.  Apparently
> >> that happens via one of its bundled crates (curl-sys), so I suppose we=
'd
> >> need to patch it with a fresher one.  I'm not sure what is the right
> >> approach or how to do that, so I'm adding the rust team in CC for inpu=
t.
> >>=20
> >
> > I'm currently unable to build cmake-bootstrap-3.24.2 with this patch
> > applied.  Am I missing some patches?
>=20
> I've taken this from a branch that had a couple other commits, but I don'=
t see what would
> impact cmake.  What does the build error say?

This is with just this patch and the curl+zstd:lib patch on
core-packages-team.

[ 25%] Building CXX object Source/CMakeFiles/CMakeLib.dir/cmDocumentation.c=
xx.o
cd /tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.24.2/Source && /gnu=
/store/1an62gxdvfx7sg8wh5hhvp0j1pg0k0w5-gcc-14.2.0/bin/g++  -I/tmp/guix-bui=
ld-cmake-bootstrap-3.24.2.drv-0/cmake-3.24.2/Source -I/tmp/guix-build-cmake=
-bootstrap-3.2
4.2.drv-0/cmake-3.24.2/Source/LexerParser -I/tmp/guix-build-cmake-bootstrap=
-3.24.2.drv-0/cmake-3.24.2/Source/CTest -I/tmp/guix-build-cmake-bootstrap-3=
=2E24.2.drv-0/cmake-3.24.2/Source/CPack -isystem /tmp/guix-build-cmake-boot=
strap-3.24.2.drv
-0/cmake-3.24.2/Utilities/std -isystem /tmp/guix-build-cmake-bootstrap-3.24=
=2E2.drv-0/cmake-3.24.2/Utilities -O3 -DNDEBUG -Wno-deprecated-declarations=
 -std=3Dc++17 -MD -MT Source/CMakeFiles/CMakeLib.dir/cmDocumentation.cxx.o =
-MF CMakeFiles/CMa
keLib.dir/cmDocumentation.cxx.o.d -o CMakeFiles/CMakeLib.dir/cmDocumentatio=
n.cxx.o -c /tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.24.2/Source=
/cmDocumentation.cxx
In file included from /tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.=
24.2/Utilities/cm3p/curl/curl.h:8,
                 from /tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.=
24.2/Source/cmCurl.h:9,
                 from /tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.=
24.2/Source/cmCurl.cxx:3:
/tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.24.2/Source/cmCurl.cxx=
: In function =E2=80=98std::string cmCurlSetNETRCOption(CURL*, const std::s=
tring&, const std::string&)=E2=80=99:
/tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.24.2/Source/cmCurl.cxx=
:86:26: error: invalid conversion from =E2=80=98long int=E2=80=99 to =E2=80=
=98CURL_NETRC_OPTION=E2=80=99 [-fpermissive]
   86 |       curl_netrc_level =3D CURL_NETRC_OPTIONAL;
      |                          ^~~~~~~~~~~~~~~~~~~
      |                          |
      |                          long int
/tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.24.2/Source/cmCurl.cxx=
:88:26: error: invalid conversion from =E2=80=98long int=E2=80=99 to =E2=80=
=98CURL_NETRC_OPTION=E2=80=99 [-fpermissive]
   88 |       curl_netrc_level =3D CURL_NETRC_REQUIRED;
      |                          ^~~~~~~~~~~~~~~~~~~
      |                          |
      |                          long int
/tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cmake-3.24.2/Source/cmCurl.cxx=
:90:26: error: invalid conversion from =E2=80=98long int=E2=80=99 to =E2=80=
=98CURL_NETRC_OPTION=E2=80=99 [-fpermissive]
   90 |       curl_netrc_level =3D CURL_NETRC_IGNORED;
      |                          ^~~~~~~~~~~~~~~~~~
      |                          |
      |                          long int
make[2]: Leaving directory '/tmp/guix-build-cmake-bootstrap-3.24.2.drv-0/cm=
ake-3.24.2'

--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--5QNyAd0RZVjhjwCk
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmgtmawACgkQQarn3Mo9
g1GzQw//dLj5j2vTZ5wR8FvbRiGRknjlGhyTIuwnM+IxlngtroyRnixQLzRv9z8y
76ym7HTMNUw3Z4TVFLWN1kQlTa6IbZIhBGt6kQ0pz0CbwWBahDG47D/a0+HP/16i
jtJGvfiJHUlC9CHgeeRMvEuX4iz4JGqpvrhScUj6Fho9twWac3CZa3G1DSAjVzGm
UjjaqDulhydXbZeYRdLYsGD5gZ9gF/nvDGBoBETgkcCVkIMlHP0W/JtdH9fX6B+w
NM2+8Ue5SwUvYciLogO8J5dbC1KFZ05+REqKbvPC8S6RVw+E0tlzJvSaN3pN9GHN
gZLuiOwLPXg07wV0jH6TPIXJwD1WTA4gz/cotgNLnqPK7pXcEq3maRixtFwLjSQh
L/NXO3fBQ7xSvsWJeOhFGvtcIrRARpw6bMlny0wfLhg8V4Y52H5ZUOi2LQj9pKFi
uobDDr36zrKB077Qz3AIR7U7zdbLFUWjSatN2cg5S95GTFSYRhQRHySHp8IfDKKu
1EoRf1YvZZvhwgudeqpcRui6GA4LkReZ9ddN23Zg9wsRiLg7JMYOWQbBiNtNd7g3
tKC9EyiojrfxOJoXLRLTMbkujYxQJV7ANFYSvigUDKRTdARSTi4kGyxSeKbt9L2k
aLY7JGb+yvHjkTxbGXNRrreXXHm1H/ErPPq35gXgUUpUF7F5BoQ=
=xq2f
-----END PGP SIGNATURE-----

--5QNyAd0RZVjhjwCk--