[PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882].

Done

Details

2 participants

Kei Kebreau
Leo Famulari

Owner: unassigned

Submitted by: Kei Kebreau

Severity: normal

Debbugs page

Kei Kebreau wrote 6 years ago

Recipients:(address . guix-patches@gnu.org)(name . Kei Kebreau)(address . kkebreau@posteo.net)

Message-ID:20190110180320.26004-1-kkebreau@posteo.net

* gnu/packages/irc.scm (irssi): Update to 1.1.2.
[source]: Use 'git-fetch'.
[arguments]: Add 'patch-scripts' phase.
[native-inputs]: Add autoconf, automake, and libtool.
---
 gnu/packages/irc.scm | 39 +++++++++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 10 deletions(-)

Toggle diff (70 lines)diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index ba31d36b9..1e491db0a 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -25,6 +25,7 @@
 (define-module (gnu packages irc)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix packages)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
@@ -126,19 +127,34 @@ irssi, but graphical.")
 (define-public irssi
   (package
     (name "irssi")
-    (version "1.1.1")
-    (source (origin
-             (method url-fetch)
-             (uri (string-append "https://github.com/irssi/irssi/"
-                                 "releases/download/" version "/irssi-"
-                                 version ".tar.xz"))
-             (sha256
-              (base32
-               "1gx1flfh4a09nb3b5pvf0ygnbl7rry3l4gph8wij29dsl7khfj3q"))))
+    (version "1.1.2")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/irssi/irssi.git")
+             (commit version)))
+       (sha256
+        (base32
+         "0kypqcm0hcxsqifbkq4fzrhvmqh6s6h65d0b8kq5w6fwjqj37z3z"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'patch-scripts
+           (lambda _
+             (substitute* "autogen.sh"
+               ;; git is not available in the build environment.
+               (("git log > ChangeLog")
+                ;; Don't let autogen.sh run by setting an environment variable
+                ;; that is checked later in the script.
+                "NOCONFIGURE=t"))
+             (substitute* "utils/irssi-version.sh"
+               (("^DATE=`GIT_DIR=\\$1/\\.git git.*$") "")
+               ;; This is the date of the release of Irssi version 1.1.2.
+               (("^VERSION_DATE=`.*`") "VERSION_DATE=20190109")
+               (("^VERSION_TIME=.*$") "VERSION_TIME=0"))
+             #t))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
@@ -154,7 +170,10 @@ irssi, but graphical.")
        ("openssl" ,openssl)
        ("perl" ,perl)))
     (native-inputs
-     `(("pkg-config" ,pkg-config)))
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("pkg-config" ,pkg-config)))
     (home-page "https://irssi.org/")
     (synopsis "Terminal-based IRC client")
     (description
-- 
2.20.1

Leo Famulari wrote 6 years ago

Recipients:(name . Kei Kebreau)(address . kkebreau@posteo.net)(address . 34036@debbugs.gnu.org)

Message-ID:20190110200501.GA14234@jasmine.lan

On Thu, Jan 10, 2019 at 01:03:20PM -0500, Kei Kebreau wrote:

Toggle quote (5 lines)

> * gnu/packages/irc.scm (irssi): Update to 1.1.2.

> [source]: Use 'git-fetch'.

> [arguments]: Add 'patch-scripts' phase.

> [native-inputs]: Add autoconf, automake, and libtool.

Thanks!

But why switch to git-fetch when they offer a tarball? All else being

equal, we should stick to tarballs when they are offered by upstream.

Specifically, let's use this one:

https://github.com/irssi/irssi/releases/download/1.1.2/irssi-1.1.2.tar.xz

Kei Kebreau wrote 6 years ago

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 34036@debbugs.gnu.org)

Message-ID:87lg3sdxvg.fsf@posteo.net

Oh, it's not an auto-generated tarball! In that case I've attached the

much simpler update patch.

Leo Famulari <leo@famulari.name> writes:

Toggle quote (14 lines)> On Thu, Jan 10, 2019 at 01:03:20PM -0500, Kei Kebreau wrote:
>> * gnu/packages/irc.scm (irssi): Update to 1.1.2.
>> [source]: Use 'git-fetch'.
>> [arguments]: Add 'patch-scripts' phase.
>> [native-inputs]: Add autoconf, automake, and libtool.
>
> Thanks!
>
> But why switch to git-fetch when they offer a tarball? All else being
> equal, we should stick to tarballs when they are offered by upstream.
>
> Specifically, let's use this one:
>
> https://github.com/irssi/irssi/releases/download/1.1.2/irssi-1.1.2.tar.xz

From c954fe6622660f1511ced2be955c35acfb8b124a Mon Sep 17 00:00:00 2001

* gnu/packages/irc.scm (irssi): Update to 1.1.2.

---

gnu/packages/irc.scm | 16 ++++++++--------

1 file changed, 8 insertions(+), 8 deletions(-)

Toggle diff (30 lines)diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index ba31d36b9..ec1c4aae9 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -126,15 +126,15 @@ irssi, but graphical.")
 (define-public irssi
   (package
     (name "irssi")
-    (version "1.1.1")
+    (version "1.1.2")
     (source (origin
-             (method url-fetch)
-             (uri (string-append "https://github.com/irssi/irssi/"
-                                 "releases/download/" version "/irssi-"
-                                 version ".tar.xz"))
-             (sha256
-              (base32
-               "1gx1flfh4a09nb3b5pvf0ygnbl7rry3l4gph8wij29dsl7khfj3q"))))
+              (method url-fetch)
+              (uri (string-append "https://github.com/irssi/irssi/"
+                                  "releases/download/" version "/irssi-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "0clppwqhllrmqjg1dd47v9v1qiqx7cf9afm81bm1pscllf4jpk2w"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
-- 
2.20.1

Leo Famulari wrote 6 years ago

Recipients:(name . Kei Kebreau)(address . kkebreau@posteo.net)(address . 34036@debbugs.gnu.org)

Message-ID:20190110211526.GA24464@jasmine.lan

On Thu, Jan 10, 2019 at 04:08:19PM -0500, Kei Kebreau wrote:

Toggle quote (3 lines)

> Oh, it's not an auto-generated tarball! In that case I've attached the

> much simpler update patch.

Thanks :) Please push!

Kei Kebreau wrote 6 years ago

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 34036-done@debbugs.gnu.org)

Message-ID:87h8egdwov.fsf@posteo.net

Leo Famulari <leo@famulari.name> writes:

Toggle quote (6 lines)

> On Thu, Jan 10, 2019 at 04:08:19PM -0500, Kei Kebreau wrote:

>> Oh, it's not an auto-generated tarball! In that case I've attached the

>> much simpler update patch.

> Thanks :) Please push!

Pushed! Thanks for the review.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 34036@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 34036

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags

mumi command -t +confirmed -t +easy

Or, remove the moreinfo tag and set the help tag

mumi command -t -moreinfo -t +help

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date