[PATCH 00/24] [security fixes] for near-leaf packages

  • Done
  • quality assurance status badge
Details
4 participants
  • Ludovic Courtès
  • Maxim Cournoyer
  • Nicolas Graves
  • Z572
Owner
unassigned
Submitted by
Nicolas Graves
Severity
normal
N
N
Nicolas Graves wrote on 27 Oct 00:29 +0200
(address . guix-patches@gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026223238.26667-1-ngraves@ngraves.fr
This patch series adds updates and security fixes for packages that
have less than 10 dependent packages.

Nicolas Graves (24):
gnu: python-django-4.2: Update to 4.2.16. [security fixes]
gnu: maradns: Update to 3.5.0036. [security fixes]
gnu: maradns: Improve style.
gnu: libmobi: Update to 0.12. [security fixes]
gnu: bart: Update to 0.9.00. [security fixes]
gnu: wireshark: Update to 4.4.1. [security fixes]
gnu: pam-u2f: Update to 1.3.0. [security fixes]
gnu: darkhttpd: Update to 1.16. [security fixes]
gnu: xlsxio: Update to 0.2.35. [security fixes]
gnu: pypy: Update to 7.3.17. [security fixes]
gnu: indent: Remove uneeded arguments.
gnu: indent: Add patch for CVE-2024-0911. [security fixes]
gnu: squashfs-tools: Update to 4.6.1. [security fixes]
gnu: shapelib: Update to 1.6.1. [security fixes]
gnu: libzapojit: Update to 0.0.3-1.99d49ba. [security fixes]
gnu: gifsicle: Update to 1.95. [security fixes]
gnu: sendmail: Update to 8.18.1. [security fixes]
gnu: openvpn: Update to 2.6.12. [security fixes]
gnu: youtube-dl: Deprecate package.
gnu: liblouis: Update to 3.31.0. [security fixes]
gnu: unicorn: Update to 2.1.1. [security fixes]
gnu: Add sexpp.
gnu: rnp: Update to 0.17.1. [security fixes]
gnu: cjson: Update to 1.7.18. [security fixes]

gnu/local.mk | 1 +
gnu/packages/code.scm | 31 +-------
gnu/packages/compression.scm | 52 ++++++-------
gnu/packages/django.scm | 8 +-
gnu/packages/dns.scm | 64 ++++++++--------
gnu/packages/ebook.scm | 4 +-
gnu/packages/emulators.scm | 9 ++-
gnu/packages/geo.scm | 8 +-
gnu/packages/gnome.scm | 45 ++++++-----
gnu/packages/image-processing.scm | 8 +-
gnu/packages/image.scm | 4 +-
gnu/packages/javascript.scm | 4 +-
gnu/packages/language.scm | 47 ++++++------
gnu/packages/mail.scm | 5 +-
gnu/packages/networking.scm | 4 +-
gnu/packages/openpgp.scm | 76 +++++++++++++------
.../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++
gnu/packages/pypy.scm | 4 +-
gnu/packages/security-token.scm | 9 +--
gnu/packages/video.scm | 3 +-
gnu/packages/vpn.scm | 4 +-
gnu/packages/web.scm | 24 +++---
gnu/packages/xml.scm | 4 +-
23 files changed, 278 insertions(+), 201 deletions(-)
create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch

--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 01/24] gnu: python-django-4.2: Update to 4.2.16. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-1-ngraves@ngraves.fr
This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
CVE-2023-43665 and CVE-2023-46695.

* gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
[properties]: Add lint-hidden-cve property.
---
gnu/packages/django.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

Toggle diff (33 lines)
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 4404c8368d..4cf043f7c1 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -57,13 +57,13 @@ (define-module (gnu packages django)
(define-public python-django-4.2
(package
(name "python-django")
- (version "4.2.5")
+ (version "4.2.16")
(source (origin
(method url-fetch)
(uri (pypi-uri "Django" version))
(sha256
(base32
- "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
+ "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
(build-system pyproject-build-system)
(arguments
'(#:test-flags
@@ -140,7 +140,9 @@ (define-public python-django-4.2
any Web site. Django focuses on automating as much as possible and adhering
to the @dfn{don't repeat yourself} (DRY) principle.")
(license license:bsd-3)
- (properties `((cpe-name . "django")))))
+ (properties `((cpe-name . "django")
+ ;; This CVE seems fixed since 4.2.1.
+ (lint-hidden-cve . ("CVE-2023-31047"))))))
(define-public python-django-3.2
(package
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 02/24] gnu: maradns: Update to 3.5.0036. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-2-ngraves@ngraves.fr
This fixes CVE-2023-31137.

* gnu/packages/dns.scm (maradns): Update to 3.5.0036.
[properties]: Add release-monitoring-url property.
---
gnu/packages/dns.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

Toggle diff (33 lines)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e911a142ef..bd2df30f01 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1181,7 +1181,7 @@ (define-public public-suffix-list
(define-public maradns
(package
(name "maradns")
- (version "3.5.0022")
+ (version "3.5.0036")
(source
(origin
(method url-fetch)
@@ -1189,7 +1189,7 @@ (define-public maradns
(version-major+minor version) "/"
version "/maradns-" version ".tar.xz"))
(sha256
- (base32 "1sw267jxxxngjcar8cj3jpxnpiz0szgkhlz5l46c67qs690w9kdi"))))
+ (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; need to be root to run tests
@@ -1226,6 +1226,8 @@ (define-public maradns
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
and TCP-capable recursive DNS server for finding domains on the internet.")
+ (properties '((release-monitoring-url
+ . "https://maradns.samiam.org/download.html")))
(license license:bsd-2)))
(define-public openresolv
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 03/24] gnu: maradns: Improve style.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-3-ngraves@ngraves.fr
* gnu/packages/dns.scm (maradns)[arguments]: Use gexps.
---
gnu/packages/dns.scm | 58 ++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 29 deletions(-)

Toggle diff (71 lines)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index bd2df30f01..7a78fb0308 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1192,35 +1192,35 @@ (define-public maradns
(base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; need to be root to run tests
- #:make-flags
- (list
- ,(string-append "CC=" (cc-for-target))
- (string-append "PREFIX=" %output)
- (string-append "RPM_BUILD_ROOT=" %output))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda* (#:key native-inputs target #:allow-other-keys)
- ;; make_32bit_tables generates a header file that is used during
- ;; compilation. Hence, during cross compilation, it should be
- ;; built for the host system.
- (when target
- (substitute* "rng/Makefile"
- (("\\$\\(CC\\) -o make_32bit_tables")
- (string-append (assoc-ref native-inputs "gcc")
- "/bin/gcc -o make_32bit_tables"))))
- (invoke "./configure")))
- (add-before 'install 'create-install-directories
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (for-each (lambda (dir)
- (mkdir-p (string-append out dir)))
- (list "/bin" "/sbin" "/etc"
- "/share/man/man1"
- "/share/man/man5"
- "/share/man/man8"))
- #t))))))
+ (list
+ #:tests? #f ; need to be root to run tests
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ (string-append "PREFIX=" #$output)
+ (string-append "RPM_BUILD_ROOT=" #$output))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key native-inputs target #:allow-other-keys)
+ ;; make_32bit_tables generates a header file that is used during
+ ;; compilation. Hence, during cross compilation, it should be
+ ;; built for the host system.
+ (when target
+ (substitute* "rng/Makefile"
+ (("\\$\\(CC\\) -o make_32bit_tables")
+ (string-append (search-input-file native-inputs "/bin/gcc")
+ " -o make_32bit_tables"))))
+ ;; ./configure doesn't support default flags
+ (invoke "./configure")))
+ (add-before 'install 'create-install-directories
+ (lambda _
+ (for-each (lambda (dir)
+ (mkdir-p (string-append #$output dir)))
+ (list "/bin" "/sbin" "/etc"
+ "/share/man/man1"
+ "/share/man/man5"
+ "/share/man/man8")))))))
(home-page "https://maradns.samiam.org")
(synopsis "Small lightweight DNS server")
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 04/24] gnu: libmobi: Update to 0.12. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-4-ngraves@ngraves.fr
This fixes CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908,
CVE-2022-1987, CVE-2022-2279, CVE-2022-29788, CVE-2021-3751,
CVE-2021-3881, CVE-2021-3888 and CVE-2021-3889.

* gnu/packages/ebook.scm (libmobi): Update to 0.12.
---
gnu/packages/ebook.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
index dc30c98fdf..bf8dcfad09 100644
--- a/gnu/packages/ebook.scm
+++ b/gnu/packages/ebook.scm
@@ -648,7 +648,7 @@ (define-public xchm
(define-public libmobi
(package
(name "libmobi")
- (version "0.6")
+ (version "0.12")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -657,7 +657,7 @@ (define-public libmobi
(file-name (git-file-name name version))
(sha256
(base32
- "0yps72cm609xn2k7alflkdhp9kgr1w7zzyxjygz0n1kqrdcplihh"))))
+ "0cwya9n0rd97ai0fcqjwq7b3sjzigf3ywp7bnkbbw541f3knpds9"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 05/24] gnu: bart: Update to 0.9.00. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-5-ngraves@ngraves.fr
This fixes bart reproducibility and CVE-2022-45387.

* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (38 lines)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 06/24] gnu: wireshark: Update to 4.4.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-6-ngraves@ngraves.fr
This fixes CVE-2024-9780.

* gnu/packages/networking.scm (wireshark): Update to 4.4.1.
---
gnu/packages/networking.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 7ed011a7f4..31b72f1104 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -1805,14 +1805,14 @@ (define-public whois
(define-public wireshark
(package
(name "wireshark")
- (version "4.4.0")
+ (version "4.4.1")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.wireshark.org/download/src/wireshark-"
version ".tar.xz"))
(sha256
- (base32 "0s8jqxcvq7ibfsq8v4scl8dq7y5hqgpivq4iw9y2x6jj136cvmga"))))
+ (base32 "1v2nflm8rdifc6pwlzn1ciz22wl15zwkqs3r7gjw60kh59brd7ib"))))
(build-system qt-build-system)
(arguments
(list
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 07/24] gnu: pam-u2f: Update to 1.3.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-7-ngraves@ngraves.fr
This fixes CVE-2021-31924.

* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

Toggle diff (36 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 08/24] gnu: darkhttpd: Update to 1.16. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-8-ngraves@ngraves.fr
This fixes CVE-2024-23770 and CVE-2024-23771.

* gnu/packages/web.scm (darkhttpd): Update to 1.16.
[arguments]: Improve style.
---
gnu/packages/web.scm | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 34739bf088..eb27d3448c 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6417,7 +6417,7 @@ (define-public surfraw
(define-public darkhttpd
(package
(name "darkhttpd")
- (version "1.13")
+ (version "1.16")
(source
(origin
(method git-fetch)
@@ -6426,20 +6426,18 @@ (define-public darkhttpd
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk"))))
+ (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm"))))
(build-system gnu-build-system)
(arguments
- `(#:make-flags
- (list (string-append "CC=" ,(cc-for-target)))
- #:tests? #f ; No test suite
- #:phases
- (modify-phases %standard-phases
- (delete 'configure) ; no configure script
- (replace 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (install-file "darkhttpd"
- (string-append (assoc-ref outputs "out")
- "/bin")))))))
+ (list
+ #:make-flags #~(list (string-append "CC=" #$(cc-for-target)))
+ #:tests? #f ; No test suite
+ #:phases
+ #~(modify-phases %standard-phases
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda _
+ (install-file "darkhttpd" (string-append #$output "/bin")))))))
(synopsis "Simple static web server")
(description "darkhttpd is a simple static web server. It is
standalone and does not need inetd or ucspi-tcp. It does not need any
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 09/24] gnu: xlsxio: Update to 0.2.35. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-9-ngraves@ngraves.fr
This fixes CVE-2023-34795.

* gnu/packages/xml.scm (xlsxio): Update to 0.2.35.
---
gnu/packages/xml.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index cfd53a291a..4a3936b66d 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -1545,7 +1545,7 @@ (define-public xerces-c
(define-public xlsxio
(package
(name "xlsxio")
- (version "0.2.33")
+ (version "0.2.35")
(source
(origin
(method git-fetch)
@@ -1554,7 +1554,7 @@ (define-public xlsxio
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "16i3yd168kb63za7jpycpb2by4831gz7wi90vzifdf85csc8c70s"))))
+ (base32 "140ap2l3qy27z1fhqpkq3a44aikhr3v5zlnm9m8vag42qiagiznx"))))
(native-inputs
(list expat gnu-make minizip which))
(build-system gnu-build-system)
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 10/24] gnu: pypy: Update to 7.3.17. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-10-ngraves@ngraves.fr
This fixes CVE-2022-37454.

* gnu/packages/pypy.scm (pypy): Update to 7.3.17.
---
gnu/packages/pypy.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/pypy.scm b/gnu/packages/pypy.scm
index a39621b5ad..90986ac096 100644
--- a/gnu/packages/pypy.scm
+++ b/gnu/packages/pypy.scm
@@ -42,14 +42,14 @@ (define-module (gnu packages pypy)
(define-public pypy
(package
(name "pypy")
- (version "7.3.13")
+ (version "7.3.17")
(source (origin
(method url-fetch)
(uri (string-append "https://downloads.python.org/pypy/"
"pypy3.10-v" version "-src.tar.bz2"))
(sha256
(base32
- "0v9s6pwrnaxqi5h1pvmaphj6kgyczx07ykl07hcx656h34y77haa"))))
+ "1xsbn9mbxi2kai4gg1nz6n6cbqsq60qh65f5l6ld7ip9g32lpmva"))))
(build-system gnu-build-system)
(arguments
(list
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 11/24] gnu: indent: Remove uneeded arguments.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-11-ngraves@ngraves.fr
* gnu/packages/code.scm (indent)
[arguments]: Remove field.
[native-inputs]: Remove automake.
---
gnu/packages/code.scm | 27 +--------------------------
1 file changed, 1 insertion(+), 26 deletions(-)

Toggle diff (41 lines)
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index bbf10be987..094dd32982 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -881,33 +881,8 @@ (define-public indent
(sha256
(base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
(build-system gnu-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'fix-docdir
- (lambda _
- ;; Although indent uses a modern autoconf in which docdir
- ;; defaults to PREFIX/share/doc, the doc/Makefile.am
- ;; overrides this to be in PREFIX/doc. Fix this.
- (substitute* "doc/Makefile.in"
- (("^docdir = .*$") "docdir = @docdir@\n"))
- #t))
- (add-after 'unpack 'fix-configure
- (lambda* (#:key inputs native-inputs #:allow-other-keys)
- ;; Replace outdated config.sub and config.guess:
- (with-directory-excursion "config"
- (for-each (lambda (file)
- (install-file
- (string-append (assoc-ref
- (or native-inputs inputs) "automake")
- "/share/automake-"
- ,(version-major+minor
- (package-version automake))
- "/" file) "."))
- '("config.sub" "config.guess")))
- #t)))))
(native-inputs
- (list texinfo automake)) ; For up to date 'config.guess' and 'config.sub'.
+ (list texinfo))
(synopsis "Code reformatter")
(description
"Indent is a program that makes source code easier to read by
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 12/24] gnu: indent: Add patch for CVE-2024-0911. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-12-ngraves@ngraves.fr
* gnu/packages/patches/indent-CVE-2024-0911.patch: Add patch here...
* gnu/local.mk: ...here...
* gnu/packages/code.scm (indent)[source]<origin>: ...and here.
---
gnu/local.mk | 1 +
gnu/packages/code.scm | 4 +-
.../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++++++
3 files changed, 65 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch

Toggle diff (96 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index d253b424bb..1a69a22aba 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1559,6 +1559,7 @@ dist_patch_DATA = \
%D%/packages/patches/idris-test-ffi008.patch \
%D%/packages/patches/igraph-fix-varargs-integer-size.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
+ %D%/packages/patches/indent-CVE-2024-0911.patch \
%D%/packages/patches/instead-use-games-path.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 094dd32982..dda37528b8 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -879,7 +879,9 @@ (define-public indent
(uri (string-append "mirror://gnu/indent/indent-" version
".tar.gz"))
(sha256
- (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
+ (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))
+ ;; Remove patch when updating.
+ (patches (search-patches "indent-CVE-2024-0911.patch"))))
(build-system gnu-build-system)
(native-inputs
(list texinfo))
diff --git a/gnu/packages/patches/indent-CVE-2024-0911.patch b/gnu/packages/patches/indent-CVE-2024-0911.patch
new file mode 100644
index 0000000000..4687d3f59a
--- /dev/null
+++ b/gnu/packages/patches/indent-CVE-2024-0911.patch
@@ -0,0 +1,61 @@
+Upstream issue: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
+Signed-off-by: Petr Písa? <ppisar@redhat.com>
+---
+ regression/TEST | 2 +-
+ regression/input/comment-parent-heap-underread.c | 3 +++
+ regression/standard/comment-parent-heap-underread.c | 5 +++++
+ src/output.c | 2 +-
+ 4 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 regression/input/comment-parent-heap-underread.c
+ create mode 100644 regression/standard/comment-parent-heap-underread.c
+
+diff --git a/regression/TEST b/regression/TEST
+index 7c07c2e..951b1a2 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -40,6 +40,7 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
+ macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
+ bug-gnu-33364.c float-constant-suffix.c block-comments.c \
+- no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c"
++ no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c \
++ comment-parent-heap-underread.c"
+
+ INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
+ indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
+diff --git a/regression/input/comment-parent-heap-underread.c
+b/regression/input/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..68e13cf
+--- /dev/null
++++ b/regression/input/comment-parent-heap-underread.c
+@@ -0,0 +1,3 @@
++void foo(void) {
++/*a*/(1);
++}
+diff --git a/regression/standard/comment-parent-heap-underread.c
+b/regression/standard/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..9a1c6e3
+--- /dev/null
++++ b/regression/standard/comment-parent-heap-underread.c
+@@ -0,0 +1,5 @@
++void
++foo (void)
++{
++/*a*/ (1);
++}
+diff --git a/src/output.c b/src/output.c
+index ee01bcc..17eee6e 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -290,7 +290,7 @@ void set_buf_break (
+ /* Did we just parse a bracket that will be put on the next line
+ * by this line break? */
+
+- if ((*token == '(') || (*token == '['))
++ if (level > 0 && ((*token == '(') || (*token == '[')))
+ {
+ --level; /* then don't take it into account */
+ }
+--
+2.43.0
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 13/24] gnu: squashfs-tools: Update to 4.6.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-13-ngraves@ngraves.fr
This fixes CVE-2021-40153 and CVE-2021-41072.

* gnu/packages/compression.scm (squashfs-tools): Update to 4.6.1.
[arguments]: Improve style.
<#:make-flags>: Add INSTALL_MANPAGES_DIR value.
<#:phases>: Remove phase 'install-documentation. Add phase
'patch-generated-source-shebangs.
[native-inputs]: Add coreutils-minimal, help2man, which.
[inputs]: Rewrite.
---
gnu/packages/compression.scm | 52 ++++++++++++++++++------------------
1 file changed, 26 insertions(+), 26 deletions(-)

Toggle diff (75 lines)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index a32b15a64a..b3eca16191 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1023,7 +1023,7 @@ (define-public lz4
(define-public squashfs-tools
(package
(name "squashfs-tools")
- (version "4.5")
+ (version "4.6.1")
(source
(origin
(method git-fetch)
@@ -1032,34 +1032,34 @@ (define-public squashfs-tools
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "18d4nwa22vgb8j2badngjngw63f0lj501cvlh3920wqy2mqxwav6"))))
+ (base32 "14nisidxx2d2qivyv7xfcg59qkj4fjiniir7nvymazdsng63gcr1"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; no check target
- #:make-flags
- (list (string-append "CC=" ,(cc-for-target))
- "XZ_SUPPORT=1"
- "LZO_SUPPORT=1"
- "LZ4_SUPPORT=1"
- "ZSTD_SUPPORT=1"
- (string-append "INSTALL_DIR=" (assoc-ref %outputs "out") "/bin"))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda _
- (chdir "squashfs-tools")))
- (add-after 'install 'install-documentation
- ;; Install what very little usage documentation is provided.
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (doc (string-append out "/share/doc/" ,name)))
- (install-file "../USAGE" doc)))))))
+ (list
+ #:tests? #f ; no check target
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ "XZ_SUPPORT=1"
+ "LZO_SUPPORT=1"
+ "LZ4_SUPPORT=1"
+ "ZSTD_SUPPORT=1"
+ (string-append "INSTALL_DIR=" #$output "/bin")
+ (string-append "INSTALL_MANPAGES_DIR=" #$output "/share/man/man1"))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda _
+ (chdir "squashfs-tools")))
+ (add-after 'patch-source-shebangs 'patch-generated-source-shebangs
+ (lambda _
+ (substitute* (find-files "generate-manpages" "\\.sh")
+ (("print \"#!/bin/sh")
+ (string-append "print \"#!" (which "sh")))))))))
+ (native-inputs
+ (list coreutils-minimal help2man which))
(inputs
- `(("lz4" ,lz4)
- ("lzo" ,lzo)
- ("xz" ,xz)
- ("zlib" ,zlib)
- ("zstd:lib" ,zstd "lib")))
+ (list lz4 lzo xz zlib `(,zstd "lib")))
(home-page "https://github.com/plougher/squashfs-tools")
(synopsis "Tools to create and extract squashfs file systems")
(description
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 14/24] gnu: shapelib: Update to 1.6.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-14-ngraves@ngraves.fr
This fixes CVE-2022-0699.

* gnu/packages/geo.scm (shapelib): Update to 1.6.1.
---
gnu/packages/geo.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (35 lines)
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 5d120b3c98..affa50c515 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -2574,7 +2574,7 @@ (define-public readosm
(define-public shapelib
(package
(name "shapelib")
- (version "1.5.0")
+ (version "1.6.1")
(source
(origin
(method git-fetch)
@@ -2583,7 +2583,7 @@ (define-public shapelib
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1lzch0jf6yqhw391phhafzw4ghmiz98zkf698h4fmq109fa2vhqd"))))
+ (base32 "0l67gp1618lcw7fg2iclbh016cqyw85s3cmd3qzx6aw0jq19hj8n"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
@@ -2591,8 +2591,8 @@ (define-public shapelib
(synopsis "Provides C library to write and update ESRI Shapefiles")
(description
"The Shapefile C Library provides the ability to write simple C programs
-for reading, writing and updating (to a limited extent) ESRI Shapefiles, and the
-associated attribute file (@file{.dbf}).")
+for reading, writing and updating (to a limited extent) ESRI Shapefiles, and
+the associated attribute file (@file{.dbf}).")
(license license:gpl2+)))
(define-public spatialite-tools
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 15/24] gnu: libzapojit: Update to 0.0.3-1.99d49ba. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-15-ngraves@ngraves.fr
This fixes CVE-2021-39360.

* gnu/packages/gnome.scm (libzapojit): Update to 0.0.3-1.99d49ba.
---
gnu/packages/gnome.scm | 45 ++++++++++++++++++++++--------------------
1 file changed, 24 insertions(+), 21 deletions(-)

Toggle diff (59 lines)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 9b26819261..9abe433aa4 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -10591,28 +10591,31 @@ (define-public gsound
(license license:lgpl2.1+)))
(define-public libzapojit
- (package
- (name "libzapojit")
- (version "0.0.3")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnome/sources/" name "/"
- (version-major+minor version) "/"
- name "-" version ".tar.xz"))
- (sha256
- (base32
- "0zn3s7ryjc3k1abj4k55dr2na844l451nrg9s6cvnnhh569zj99x"))))
- (build-system gnu-build-system)
- (native-inputs
- (list gobject-introspection intltool pkg-config))
- (inputs
- (list gnome-online-accounts json-glib rest))
- (home-page "https://wiki.gnome.org/Projects/Zapojit")
- (synopsis "Library for accessing SkyDrive and Hotmail")
- (description
- "Libzapojit is a GLib-based library for accessing online service APIs of
+ (let ((revision "1")
+ (commit "99d49bac5edc4afdcac742a0a142908e405597b0"))
+ (package
+ (name "libzapojit")
+ (version (git-version "0.0.3" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.gnome.org/Archive/libzapojit")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "12frqg925rmic3rf37h5vs48xdy3mfi4ip24v0bl73h5sxy8n828"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ (list gobject-introspection intltool pkg-config))
+ (inputs
+ (list gnome-online-accounts json-glib rest))
+ (home-page "https://wiki.gnome.org/Projects/Zapojit")
+ (synopsis "Library for accessing SkyDrive and Hotmail")
+ (description
+ "Libzapojit is a GLib-based library for accessing online service APIs of
Microsoft SkyDrive and Hotmail, using their REST protocols.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+))))
(define-public gnome-clocks
(package
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 16/24] gnu: gifsicle: Update to 1.95. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-16-ngraves@ngraves.fr
This fixes CVE-2023-44821 and CVE-2023-46009.

* gnu/packages/image.scm (gifsicle): Update to 1.95.
---
gnu/packages/image.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 7f17c71aef..0d6593dc21 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -2172,14 +2172,14 @@ (define-public swappy
(define-public gifsicle
(package
(name "gifsicle")
- (version "1.94")
+ (version "1.95")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.lcdf.org/gifsicle/gifsicle-"
version ".tar.gz"))
(sha256
- (base32 "16zq5wd6fyjgy0p0mak15k3mh1zpqb9rg6gqfpg215kqq02p1jab"))))
+ (base32 "0l69gn562l7a1l10zz1bfs756ipd682idgpk60qs3llz013icwdj"))))
(build-system gnu-build-system)
(arguments
'(#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 17/24] gnu: sendmail: Update to 8.18.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-17-ngraves@ngraves.fr
This fixes CVE-2023-51765 and CVE-2021-3618.

* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 77be7626a9..63e0f24534 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 18/24] gnu: openvpn: Update to 2.6.12. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-18-ngraves@ngraves.fr
Thix fixes CVE-2024-24974, CVE-2024-27459 and CVE-2024-27903.

* gnu/packages/vpn.scm (openvpn): Update to 2.6.12.
---
gnu/packages/vpn.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 9f36595bfd..193b247779 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -867,7 +867,7 @@ (define-public openfortivpn
(define-public openvpn
(package
(name "openvpn")
- (version "2.6.7")
+ (version "2.6.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -875,7 +875,7 @@ (define-public openvpn
version ".tar.gz"))
(sha256
(base32
- "04wr0g97nmv81javym8r99mglmb86v1i49xmnmzf938x1cs7g67f"))))
+ "0a8r3bvg4aic9b7dix0h7990g3j1gq17wd3w6vqk8vk8xgfhyq8w"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-iproute2=yes")))
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 19/24] gnu: youtube-dl: Deprecate package.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-19-ngraves@ngraves.fr
This package is not developped anymore.

* gnu/packages/video.scm (youtube-dl): Deprecate package.
---
gnu/packages/video.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 92c0acef3c..9fca994b54 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -93,6 +93,7 @@ (define-module (gnu packages video)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix packages)
+ #:use-module (guix deprecation)
#:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix git-download)
@@ -3084,7 +3085,7 @@ (define-public yle-dl
video streaming services of the Finnish national broadcasting company Yle.")
(license license:gpl3+)))
-(define-public youtube-dl
+(define-deprecated/public youtube-dl #f
(package
(name "youtube-dl")
(version "2021.12.17")
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 20/24] gnu: liblouis: Update to 3.31.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-20-ngraves@ngraves.fr
This fixes CVE-2022-26981.

* gnu/packages/language.scm (liblouis): Update to 3.31.0.
[arguments]: Improve style using gexps.
[native-inputs]: Rewrite and replace python-wrapper by python.
---
gnu/packages/language.scm | 47 ++++++++++++++++++---------------------
1 file changed, 22 insertions(+), 25 deletions(-)

Toggle diff (78 lines)
diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
index 78fcba4287..6a5e7927b4 100644
--- a/gnu/packages/language.scm
+++ b/gnu/packages/language.scm
@@ -10,6 +10,7 @@
;;; Copyright © 2023 gemmaro <gemmaro.dev@gmail.com>
;;; Copyright © 2024 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2024 Charles <charles@charje.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -338,7 +339,7 @@ (define-public libchewing
(define-public liblouis
(package
(name "liblouis")
- (version "3.15.0")
+ (version "3.31.0")
(source
(origin
(method git-fetch)
@@ -348,34 +349,30 @@ (define-public liblouis
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1ljy5xsy7vf2r0ix0d7bqcr6qvr6897f8madsx9zlm1mrj31n5px"))))
+ (base32 "02bga2l4jiyrgfqdl27wszz5yd6h80n2dmq3p6nb2br83jywisfh"))))
(build-system gnu-build-system)
(outputs '("out" "bin" "doc" "python"))
(arguments
- `(#:configure-flags
- (list
- "--disable-static"
- "--enable-ucs4")
- #:phases
- (modify-phases %standard-phases
- (add-after 'install 'install-python-extension
- (lambda* (#:key outputs #:allow-other-keys)
- (with-directory-excursion "python"
- (invoke "python" "setup.py" "install"
- (string-append "--prefix="
- (assoc-ref outputs "python"))
- "--root=/")))))))
+ (list
+ #:configure-flags #~(list "--disable-static" "--enable-ucs4")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'install 'install-python-extension
+ (lambda _
+ (with-directory-excursion "python"
+ (invoke "python3" "setup.py" "install" "--root=/"
+ (string-append "--prefix=" #$output:python))))))))
(native-inputs
- `(("autoconf" ,autoconf)
- ("automake" ,automake)
- ("clang-format" ,clang)
- ("help2man" ,help2man)
- ("libtool" ,libtool)
- ("libyaml" ,libyaml)
- ("makeinfo" ,texinfo)
- ("perl" ,perl)
- ("pkg-config" ,pkg-config)
- ("python" ,python-wrapper)))
+ (list autoconf
+ automake
+ clang
+ help2man
+ libtool
+ libyaml
+ texinfo
+ perl
+ pkg-config
+ python))
(synopsis "Braille translator and back-translator")
(description "Liblouis is a braille translator and back-translator named in
honor of Louis Braille. It features support for computer and literary braille,
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 22/24] gnu: Add sexpp.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-22-ngraves@ngraves.fr
* gnu/packages/openpgp.scm (sexpp): New variable.
---
gnu/packages/openpgp.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (40 lines)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 9b6f04b407..356908ab1f 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -157,3 +158,26 @@ (define-public rnp
license:asl2.0
;; Nominet UK's BSD 3-Clause License (netpgp).
license:bsd-3)))))
+
+(define-public sexpp
+ (package
+ (name "sexpp")
+ (version "0.9.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rnpgp/sexpp")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "16y9f42w6ay3w0s23xmigqm0qi1swdfvc93g2xn3xkg1r4kpmnwq"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:configure-flags '(list "-DDOWNLOAD_GTEST=off")))
+ (native-inputs (list googletest pkg-config))
+ (home-page "https://github.com/rnpgp/sexpp")
+ (synopsis "C++ library for S-expressions")
+ (description
+ "This package provides a C++ library for working with S-Expressions.")
+ (license license:expat)))
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 21/24] gnu: unicorn: Update to 2.1.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-21-ngraves@ngraves.fr
Thix fixes CVE-2021-4296.

* gnu/packages/emulators.scm (unicorn): Update to 2.1.1.
---
gnu/packages/emulators.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (27 lines)
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index f0a60c0b49..948e588c4c 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -3508,13 +3508,18 @@ (define-public zsnes
(define-public unicorn
(package
(name "unicorn")
- (version "2.0.1.post1")
+ (version "2.1.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
- (base32 "0mlfs8qfi0clyncfkbxp6in0cpl747510i6bqymwid43xcirbikz"))))
+ (base32 "18sbrycr62wcs3a68a9q76ihpahfsd4bn3mryvyhimwwn1342kwh"))
+ (modules '((guix build utils)))
+ ;; cmake files are not in the cmake dir in pypi
+ (snippet #~(substitute* "src/CMakeLists.txt"
+ (("include\\(cmake/")
+ "include(")))))
(build-system pyproject-build-system)
(native-inputs (list cmake pkg-config))
(home-page "https://www.unicorn-engine.org")
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 23/24] gnu: rnp: Update to 0.17.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-23-ngraves@ngraves.fr
This fixes CVE-2023-29479 and CVE-2023-29480.

* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.
---
gnu/packages/openpgp.scm | 52 +++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 22 deletions(-)

Toggle diff (88 lines)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 356908ab1f..baf786c5ee 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -23,6 +23,7 @@ (define-module (gnu packages openpgp)
#:use-module (guix git-download)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages check)
@@ -98,10 +99,10 @@ (define-public dkgpg
(license license:gpl2+)))
(define-public rnp
- (let ((day-of-release "2022-09-22"))
+ (let ((day-of-release "2024-05-14"))
(package
(name "rnp")
- (version "0.16.2")
+ (version "0.17.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -110,33 +111,40 @@ (define-public rnp
(file-name (git-file-name name version))
(sha256
(base32
- "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8"))))
+ "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d"))))
(build-system cmake-build-system)
- (arguments `(#:configure-flags
- '("-DBUILD_SHARED_LIBS=on"
- "-DBUILD_TESTING=on"
- "-DDOWNLOAD_GTEST=off"
- "-DDOWNLOAD_RUBYRNP=off")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-tests
- (lambda _
- (substitute* "src/tests/support.cpp"
- (("\"cp\"") (search-input-file inputs "/bin/cp")))))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (when tests?
- ;; Some OpenPGP certificates used by the tests expire.
- ;; To work around that, set the time to roughly the
- ;; release date.
- (invoke "faketime" ,day-of-release "make" "test")))))))
+ (arguments
+ (list
+ #:configure-flags
+ ''("-DBUILD_SHARED_LIBS=on"
+ "-DBUILD_TESTING=on"
+ "-DDOWNLOAD_GTEST=off"
+ "-DDOWNLOAD_RUBYRNP=off")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'patch-tests
+ (lambda _
+ (substitute* "src/tests/support.cpp"
+ (("\"cp\"") (search-input-file inputs "/bin/cp")))))
+ (add-after 'unpack 'inject-sexpp-source
+ (lambda _
+ (rmdir "src/libsexpp")
+ (symlink #$(package-source (this-package-input "sexpp"))
+ "src/libsexpp")))
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ ;; Some OpenPGP certificates used by the tests expire.
+ ;; To work around that, set the time to roughly the
+ ;; release date.
+ (invoke "faketime" #$day-of-release "make" "test")))))))
(native-inputs
(list gnupg ; for tests
googletest ; for tests
libfaketime ; for tests
pkg-config
python))
- (inputs (list botan bzip2 json-c zlib))
+ (inputs (list botan bzip2 json-c sexpp zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description
--
2.46.0
N
N
Nicolas Graves wrote on 27 Oct 00:42 +0200
[PATCH 24/24] gnu: cjson: Update to 1.7.18. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-24-ngraves@ngraves.fr
This fixes CVE-2023-50471 and CVE-2023-50472.

* gnu/packages/javascript.scm (cjson): Update to 1.7.18.
---
gnu/packages/javascript.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
index 4f97dcfef6..b48acf47dc 100644
--- a/gnu/packages/javascript.scm
+++ b/gnu/packages/javascript.scm
@@ -49,7 +49,7 @@ (define-module (gnu packages javascript)
(define-public cjson
(package
(name "cjson")
- (version "1.7.16")
+ (version "1.7.18")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -57,7 +57,7 @@ (define-public cjson
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "00599lzzb0vszk317n0gln7wizdpchy4warxgpj3khrir73pphbb"))))
+ (base32 "08p37q4i3za3dgz7wynma1fh8y4rq7pyzyjzcda710nxrmsm1pyv"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags '("-DENABLE_CJSON_UTILS=On")))
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:01 +0100
[PATCH v2 01/26] gnu: libyang: Update to 3.4.2. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-1-ngraves@ngraves.fr
This fixes CVE-2021-28902, CVE-2021-28903, CVE-2021-28904,
CVE-2021-28905 and CVE-2021-28906.

* gnu/packages/networking.scm (libyang): Update to 3.4.2.
---
gnu/packages/networking.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

Toggle diff (30 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 8481e2d2f4..17d4072ee0 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -4238,7 +4238,7 @@ (define-public iwgtk
(define-public libyang
(package
(name "libyang")
- (version "1.0.215")
+ (version "3.4.2")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -4247,12 +4247,12 @@ (define-public libyang
(file-name (git-file-name name version))
(sha256
(base32
- "0mrs2ppmq77z8sbqgm2w0rl9bfgybd6bcxanakfww4chih6cy0dw"))))
+ "07skjr3r4na12kadca2dyk45clpcpnp4zkkwfaa8sqyslx7vhj56"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags
(list "-DENABLE_BUILD_TESTS=ON" "-DENABLE_LYD_PRIV=ON")))
- (propagated-inputs (list pcre))
+ (propagated-inputs (list pcre2))
(native-inputs (list cmocka pkg-config))
(home-page "https://github.com/CESNET/libyang")
(synopsis "YANG data modelling language library")
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:01 +0100
[PATCH v2 02/26] gnu: python-django-4.2: Update to 4.2.16. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-2-ngraves@ngraves.fr
This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
CVE-2023-43665 and CVE-2023-46695.

* gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
[properties]: Add lint-hidden-cve property.
---
gnu/packages/django.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

Toggle diff (33 lines)
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 4404c8368d..4cf043f7c1 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -57,13 +57,13 @@ (define-module (gnu packages django)
(define-public python-django-4.2
(package
(name "python-django")
- (version "4.2.5")
+ (version "4.2.16")
(source (origin
(method url-fetch)
(uri (pypi-uri "Django" version))
(sha256
(base32
- "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
+ "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
(build-system pyproject-build-system)
(arguments
'(#:test-flags
@@ -140,7 +140,9 @@ (define-public python-django-4.2
any Web site. Django focuses on automating as much as possible and adhering
to the @dfn{don't repeat yourself} (DRY) principle.")
(license license:bsd-3)
- (properties `((cpe-name . "django")))))
+ (properties `((cpe-name . "django")
+ ;; This CVE seems fixed since 4.2.1.
+ (lint-hidden-cve . ("CVE-2023-31047"))))))
(define-public python-django-3.2
(package
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:01 +0100
[PATCH v2 04/26] gnu: maradns: Improve style.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-4-ngraves@ngraves.fr
* gnu/packages/dns.scm (maradns)[arguments]: Use gexps.
---
gnu/packages/dns.scm | 58 ++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 29 deletions(-)

Toggle diff (71 lines)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index bd2df30f01..7a78fb0308 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1192,35 +1192,35 @@ (define-public maradns
(base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; need to be root to run tests
- #:make-flags
- (list
- ,(string-append "CC=" (cc-for-target))
- (string-append "PREFIX=" %output)
- (string-append "RPM_BUILD_ROOT=" %output))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda* (#:key native-inputs target #:allow-other-keys)
- ;; make_32bit_tables generates a header file that is used during
- ;; compilation. Hence, during cross compilation, it should be
- ;; built for the host system.
- (when target
- (substitute* "rng/Makefile"
- (("\\$\\(CC\\) -o make_32bit_tables")
- (string-append (assoc-ref native-inputs "gcc")
- "/bin/gcc -o make_32bit_tables"))))
- (invoke "./configure")))
- (add-before 'install 'create-install-directories
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (for-each (lambda (dir)
- (mkdir-p (string-append out dir)))
- (list "/bin" "/sbin" "/etc"
- "/share/man/man1"
- "/share/man/man5"
- "/share/man/man8"))
- #t))))))
+ (list
+ #:tests? #f ; need to be root to run tests
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ (string-append "PREFIX=" #$output)
+ (string-append "RPM_BUILD_ROOT=" #$output))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key native-inputs target #:allow-other-keys)
+ ;; make_32bit_tables generates a header file that is used during
+ ;; compilation. Hence, during cross compilation, it should be
+ ;; built for the host system.
+ (when target
+ (substitute* "rng/Makefile"
+ (("\\$\\(CC\\) -o make_32bit_tables")
+ (string-append (search-input-file native-inputs "/bin/gcc")
+ " -o make_32bit_tables"))))
+ ;; ./configure doesn't support default flags
+ (invoke "./configure")))
+ (add-before 'install 'create-install-directories
+ (lambda _
+ (for-each (lambda (dir)
+ (mkdir-p (string-append #$output dir)))
+ (list "/bin" "/sbin" "/etc"
+ "/share/man/man1"
+ "/share/man/man5"
+ "/share/man/man8")))))))
(home-page "https://maradns.samiam.org")
(synopsis "Small lightweight DNS server")
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:01 +0100
[PATCH v2 03/26] gnu: maradns: Update to 3.5.0036. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-3-ngraves@ngraves.fr
This fixes CVE-2023-31137.

* gnu/packages/dns.scm (maradns): Update to 3.5.0036.
[properties]: Add release-monitoring-url property.
---
gnu/packages/dns.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

Toggle diff (33 lines)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e911a142ef..bd2df30f01 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1181,7 +1181,7 @@ (define-public public-suffix-list
(define-public maradns
(package
(name "maradns")
- (version "3.5.0022")
+ (version "3.5.0036")
(source
(origin
(method url-fetch)
@@ -1189,7 +1189,7 @@ (define-public maradns
(version-major+minor version) "/"
version "/maradns-" version ".tar.xz"))
(sha256
- (base32 "1sw267jxxxngjcar8cj3jpxnpiz0szgkhlz5l46c67qs690w9kdi"))))
+ (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; need to be root to run tests
@@ -1226,6 +1226,8 @@ (define-public maradns
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
and TCP-capable recursive DNS server for finding domains on the internet.")
+ (properties '((release-monitoring-url
+ . "https://maradns.samiam.org/download.html")))
(license license:bsd-2)))
(define-public openresolv
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 05/26] gnu: libmobi: Update to 0.12. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-5-ngraves@ngraves.fr
This fixes CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908,
CVE-2022-1987, CVE-2022-2279, CVE-2022-29788, CVE-2021-3751,
CVE-2021-3881, CVE-2021-3888 and CVE-2021-3889.

* gnu/packages/ebook.scm (libmobi): Update to 0.12.
---
gnu/packages/ebook.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
index dc30c98fdf..bf8dcfad09 100644
--- a/gnu/packages/ebook.scm
+++ b/gnu/packages/ebook.scm
@@ -648,7 +648,7 @@ (define-public xchm
(define-public libmobi
(package
(name "libmobi")
- (version "0.6")
+ (version "0.12")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -657,7 +657,7 @@ (define-public libmobi
(file-name (git-file-name name version))
(sha256
(base32
- "0yps72cm609xn2k7alflkdhp9kgr1w7zzyxjygz0n1kqrdcplihh"))))
+ "0cwya9n0rd97ai0fcqjwq7b3sjzigf3ywp7bnkbbw541f3knpds9"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 06/26] gnu: bart: Update to 0.9.00. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-6-ngraves@ngraves.fr
This fixes bart reproducibility and CVE-2022-45387.

* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (38 lines)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 07/26] gnu: wireshark: Update to 4.4.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-7-ngraves@ngraves.fr
This fixes CVE-2024-9780.

* gnu/packages/networking.scm (wireshark): Update to 4.4.1.
---
gnu/packages/networking.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 17d4072ee0..be8b5c8e93 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -1805,14 +1805,14 @@ (define-public whois
(define-public wireshark
(package
(name "wireshark")
- (version "4.4.0")
+ (version "4.4.1")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.wireshark.org/download/src/wireshark-"
version ".tar.xz"))
(sha256
- (base32 "0s8jqxcvq7ibfsq8v4scl8dq7y5hqgpivq4iw9y2x6jj136cvmga"))))
+ (base32 "1v2nflm8rdifc6pwlzn1ciz22wl15zwkqs3r7gjw60kh59brd7ib"))))
(build-system qt-build-system)
(arguments
(list
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 08/26] gnu: pam-u2f: Update to 1.3.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-8-ngraves@ngraves.fr
This fixes CVE-2021-31924.

* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

Toggle diff (36 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 10/26] gnu: xlsxio: Update to 0.2.35. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-10-ngraves@ngraves.fr
This fixes CVE-2023-34795.

* gnu/packages/xml.scm (xlsxio): Update to 0.2.35.
---
gnu/packages/xml.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index cfd53a291a..4a3936b66d 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -1545,7 +1545,7 @@ (define-public xerces-c
(define-public xlsxio
(package
(name "xlsxio")
- (version "0.2.33")
+ (version "0.2.35")
(source
(origin
(method git-fetch)
@@ -1554,7 +1554,7 @@ (define-public xlsxio
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "16i3yd168kb63za7jpycpb2by4831gz7wi90vzifdf85csc8c70s"))))
+ (base32 "140ap2l3qy27z1fhqpkq3a44aikhr3v5zlnm9m8vag42qiagiznx"))))
(native-inputs
(list expat gnu-make minizip which))
(build-system gnu-build-system)
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 09/26] gnu: darkhttpd: Update to 1.16. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-9-ngraves@ngraves.fr
This fixes CVE-2024-23770 and CVE-2024-23771.

* gnu/packages/web.scm (darkhttpd): Update to 1.16.
[arguments]: Improve style.
---
gnu/packages/web.scm | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 34739bf088..eb27d3448c 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6417,7 +6417,7 @@ (define-public surfraw
(define-public darkhttpd
(package
(name "darkhttpd")
- (version "1.13")
+ (version "1.16")
(source
(origin
(method git-fetch)
@@ -6426,20 +6426,18 @@ (define-public darkhttpd
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk"))))
+ (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm"))))
(build-system gnu-build-system)
(arguments
- `(#:make-flags
- (list (string-append "CC=" ,(cc-for-target)))
- #:tests? #f ; No test suite
- #:phases
- (modify-phases %standard-phases
- (delete 'configure) ; no configure script
- (replace 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (install-file "darkhttpd"
- (string-append (assoc-ref outputs "out")
- "/bin")))))))
+ (list
+ #:make-flags #~(list (string-append "CC=" #$(cc-for-target)))
+ #:tests? #f ; No test suite
+ #:phases
+ #~(modify-phases %standard-phases
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda _
+ (install-file "darkhttpd" (string-append #$output "/bin")))))))
(synopsis "Simple static web server")
(description "darkhttpd is a simple static web server. It is
standalone and does not need inetd or ucspi-tcp. It does not need any
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 11/26] gnu: pypy: Update to 7.3.17. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-11-ngraves@ngraves.fr
This fixes CVE-2022-37454.

* gnu/packages/pypy.scm (pypy): Update to 7.3.17.
---
gnu/packages/pypy.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/pypy.scm b/gnu/packages/pypy.scm
index a39621b5ad..90986ac096 100644
--- a/gnu/packages/pypy.scm
+++ b/gnu/packages/pypy.scm
@@ -42,14 +42,14 @@ (define-module (gnu packages pypy)
(define-public pypy
(package
(name "pypy")
- (version "7.3.13")
+ (version "7.3.17")
(source (origin
(method url-fetch)
(uri (string-append "https://downloads.python.org/pypy/"
"pypy3.10-v" version "-src.tar.bz2"))
(sha256
(base32
- "0v9s6pwrnaxqi5h1pvmaphj6kgyczx07ykl07hcx656h34y77haa"))))
+ "1xsbn9mbxi2kai4gg1nz6n6cbqsq60qh65f5l6ld7ip9g32lpmva"))))
(build-system gnu-build-system)
(arguments
(list
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 12/26] gnu: indent: Remove uneeded arguments.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-12-ngraves@ngraves.fr
* gnu/packages/code.scm (indent)
[arguments]: Remove field.
[native-inputs]: Remove automake.
---
gnu/packages/code.scm | 27 +--------------------------
1 file changed, 1 insertion(+), 26 deletions(-)

Toggle diff (41 lines)
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 3f7a6de478..b1523f5ac7 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -881,33 +881,8 @@ (define-public indent
(sha256
(base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
(build-system gnu-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'fix-docdir
- (lambda _
- ;; Although indent uses a modern autoconf in which docdir
- ;; defaults to PREFIX/share/doc, the doc/Makefile.am
- ;; overrides this to be in PREFIX/doc. Fix this.
- (substitute* "doc/Makefile.in"
- (("^docdir = .*$") "docdir = @docdir@\n"))
- #t))
- (add-after 'unpack 'fix-configure
- (lambda* (#:key inputs native-inputs #:allow-other-keys)
- ;; Replace outdated config.sub and config.guess:
- (with-directory-excursion "config"
- (for-each (lambda (file)
- (install-file
- (string-append (assoc-ref
- (or native-inputs inputs) "automake")
- "/share/automake-"
- ,(version-major+minor
- (package-version automake))
- "/" file) "."))
- '("config.sub" "config.guess")))
- #t)))))
(native-inputs
- (list texinfo automake)) ; For up to date 'config.guess' and 'config.sub'.
+ (list texinfo))
(synopsis "Code reformatter")
(description
"Indent is a program that makes source code easier to read by
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 13/26] gnu: indent: Add patch for CVE-2024-0911. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-13-ngraves@ngraves.fr
* gnu/packages/patches/indent-CVE-2024-0911.patch: Add patch here...
* gnu/local.mk: ...here...
* gnu/packages/code.scm (indent)[source]<origin>: ...and here.
---
gnu/local.mk | 1 +
gnu/packages/code.scm | 4 +-
.../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++++++
3 files changed, 65 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch

Toggle diff (96 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 3b94e6cc7e..06e8f1363c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1562,6 +1562,7 @@ dist_patch_DATA = \
%D%/packages/patches/idris-test-ffi008.patch \
%D%/packages/patches/igraph-fix-varargs-integer-size.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
+ %D%/packages/patches/indent-CVE-2024-0911.patch \
%D%/packages/patches/instead-use-games-path.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index b1523f5ac7..04ca4dfd6b 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -879,7 +879,9 @@ (define-public indent
(uri (string-append "mirror://gnu/indent/indent-" version
".tar.gz"))
(sha256
- (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
+ (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))
+ ;; Remove patch when updating.
+ (patches (search-patches "indent-CVE-2024-0911.patch"))))
(build-system gnu-build-system)
(native-inputs
(list texinfo))
diff --git a/gnu/packages/patches/indent-CVE-2024-0911.patch b/gnu/packages/patches/indent-CVE-2024-0911.patch
new file mode 100644
index 0000000000..4687d3f59a
--- /dev/null
+++ b/gnu/packages/patches/indent-CVE-2024-0911.patch
@@ -0,0 +1,61 @@
+Upstream issue: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
+Signed-off-by: Petr Písa? <ppisar@redhat.com>
+---
+ regression/TEST | 2 +-
+ regression/input/comment-parent-heap-underread.c | 3 +++
+ regression/standard/comment-parent-heap-underread.c | 5 +++++
+ src/output.c | 2 +-
+ 4 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 regression/input/comment-parent-heap-underread.c
+ create mode 100644 regression/standard/comment-parent-heap-underread.c
+
+diff --git a/regression/TEST b/regression/TEST
+index 7c07c2e..951b1a2 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -40,6 +40,7 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
+ macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
+ bug-gnu-33364.c float-constant-suffix.c block-comments.c \
+- no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c"
++ no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c \
++ comment-parent-heap-underread.c"
+
+ INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
+ indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
+diff --git a/regression/input/comment-parent-heap-underread.c
+b/regression/input/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..68e13cf
+--- /dev/null
++++ b/regression/input/comment-parent-heap-underread.c
+@@ -0,0 +1,3 @@
++void foo(void) {
++/*a*/(1);
++}
+diff --git a/regression/standard/comment-parent-heap-underread.c
+b/regression/standard/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..9a1c6e3
+--- /dev/null
++++ b/regression/standard/comment-parent-heap-underread.c
+@@ -0,0 +1,5 @@
++void
++foo (void)
++{
++/*a*/ (1);
++}
+diff --git a/src/output.c b/src/output.c
+index ee01bcc..17eee6e 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -290,7 +290,7 @@ void set_buf_break (
+ /* Did we just parse a bracket that will be put on the next line
+ * by this line break? */
+
+- if ((*token == '(') || (*token == '['))
++ if (level > 0 && ((*token == '(') || (*token == '[')))
+ {
+ --level; /* then don't take it into account */
+ }
+--
+2.43.0
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 14/26] gnu: squashfs-tools: Update to 4.6.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-14-ngraves@ngraves.fr
This fixes CVE-2021-40153 and CVE-2021-41072.

* gnu/packages/compression.scm (squashfs-tools): Update to 4.6.1.
[arguments]: Improve style.
<#:make-flags>: Add INSTALL_MANPAGES_DIR value.
<#:phases>: Remove phase 'install-documentation. Add phase
'patch-generated-source-shebangs.
[native-inputs]: Add coreutils-minimal, help2man, which.
[inputs]: Rewrite.
---
gnu/packages/compression.scm | 52 ++++++++++++++++++------------------
1 file changed, 26 insertions(+), 26 deletions(-)

Toggle diff (75 lines)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 97696ff0ef..7627717db6 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1023,7 +1023,7 @@ (define-public lz4
(define-public squashfs-tools
(package
(name "squashfs-tools")
- (version "4.5")
+ (version "4.6.1")
(source
(origin
(method git-fetch)
@@ -1032,34 +1032,34 @@ (define-public squashfs-tools
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "18d4nwa22vgb8j2badngjngw63f0lj501cvlh3920wqy2mqxwav6"))))
+ (base32 "14nisidxx2d2qivyv7xfcg59qkj4fjiniir7nvymazdsng63gcr1"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; no check target
- #:make-flags
- (list (string-append "CC=" ,(cc-for-target))
- "XZ_SUPPORT=1"
- "LZO_SUPPORT=1"
- "LZ4_SUPPORT=1"
- "ZSTD_SUPPORT=1"
- (string-append "INSTALL_DIR=" (assoc-ref %outputs "out") "/bin"))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda _
- (chdir "squashfs-tools")))
- (add-after 'install 'install-documentation
- ;; Install what very little usage documentation is provided.
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (doc (string-append out "/share/doc/" ,name)))
- (install-file "../USAGE" doc)))))))
+ (list
+ #:tests? #f ; no check target
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ "XZ_SUPPORT=1"
+ "LZO_SUPPORT=1"
+ "LZ4_SUPPORT=1"
+ "ZSTD_SUPPORT=1"
+ (string-append "INSTALL_DIR=" #$output "/bin")
+ (string-append "INSTALL_MANPAGES_DIR=" #$output "/share/man/man1"))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda _
+ (chdir "squashfs-tools")))
+ (add-after 'patch-source-shebangs 'patch-generated-source-shebangs
+ (lambda _
+ (substitute* (find-files "generate-manpages" "\\.sh")
+ (("print \"#!/bin/sh")
+ (string-append "print \"#!" (which "sh")))))))))
+ (native-inputs
+ (list coreutils-minimal help2man which))
(inputs
- `(("lz4" ,lz4)
- ("lzo" ,lzo)
- ("xz" ,xz)
- ("zlib" ,zlib)
- ("zstd:lib" ,zstd "lib")))
+ (list lz4 lzo xz zlib `(,zstd "lib")))
(home-page "https://github.com/plougher/squashfs-tools")
(synopsis "Tools to create and extract squashfs file systems")
(description
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 15/26] gnu: shapelib: Update to 1.6.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-15-ngraves@ngraves.fr
This fixes CVE-2022-0699.

* gnu/packages/geo.scm (shapelib): Update to 1.6.1.
---
gnu/packages/geo.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (35 lines)
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 5d120b3c98..affa50c515 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -2574,7 +2574,7 @@ (define-public readosm
(define-public shapelib
(package
(name "shapelib")
- (version "1.5.0")
+ (version "1.6.1")
(source
(origin
(method git-fetch)
@@ -2583,7 +2583,7 @@ (define-public shapelib
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1lzch0jf6yqhw391phhafzw4ghmiz98zkf698h4fmq109fa2vhqd"))))
+ (base32 "0l67gp1618lcw7fg2iclbh016cqyw85s3cmd3qzx6aw0jq19hj8n"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
@@ -2591,8 +2591,8 @@ (define-public shapelib
(synopsis "Provides C library to write and update ESRI Shapefiles")
(description
"The Shapefile C Library provides the ability to write simple C programs
-for reading, writing and updating (to a limited extent) ESRI Shapefiles, and the
-associated attribute file (@file{.dbf}).")
+for reading, writing and updating (to a limited extent) ESRI Shapefiles, and
+the associated attribute file (@file{.dbf}).")
(license license:gpl2+)))
(define-public spatialite-tools
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 16/26] gnu: libzapojit: Update to 0.0.3-1.99d49ba. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-16-ngraves@ngraves.fr
This fixes CVE-2021-39360.

* gnu/packages/gnome.scm (libzapojit): Update to 0.0.3-1.99d49ba.
---
gnu/packages/gnome.scm | 45 ++++++++++++++++++++++--------------------
1 file changed, 24 insertions(+), 21 deletions(-)

Toggle diff (59 lines)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 77a0633b50..82ea9d6699 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -10591,28 +10591,31 @@ (define-public gsound
(license license:lgpl2.1+)))
(define-public libzapojit
- (package
- (name "libzapojit")
- (version "0.0.3")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnome/sources/" name "/"
- (version-major+minor version) "/"
- name "-" version ".tar.xz"))
- (sha256
- (base32
- "0zn3s7ryjc3k1abj4k55dr2na844l451nrg9s6cvnnhh569zj99x"))))
- (build-system gnu-build-system)
- (native-inputs
- (list gobject-introspection intltool pkg-config))
- (inputs
- (list gnome-online-accounts json-glib rest))
- (home-page "https://wiki.gnome.org/Projects/Zapojit")
- (synopsis "Library for accessing SkyDrive and Hotmail")
- (description
- "Libzapojit is a GLib-based library for accessing online service APIs of
+ (let ((revision "1")
+ (commit "99d49bac5edc4afdcac742a0a142908e405597b0"))
+ (package
+ (name "libzapojit")
+ (version (git-version "0.0.3" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.gnome.org/Archive/libzapojit")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "12frqg925rmic3rf37h5vs48xdy3mfi4ip24v0bl73h5sxy8n828"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ (list gobject-introspection intltool pkg-config))
+ (inputs
+ (list gnome-online-accounts json-glib rest))
+ (home-page "https://wiki.gnome.org/Projects/Zapojit")
+ (synopsis "Library for accessing SkyDrive and Hotmail")
+ (description
+ "Libzapojit is a GLib-based library for accessing online service APIs of
Microsoft SkyDrive and Hotmail, using their REST protocols.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+))))
(define-public gnome-clocks
(package
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 17/26] gnu: gifsicle: Update to 1.95. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-17-ngraves@ngraves.fr
This fixes CVE-2023-44821 and CVE-2023-46009.

* gnu/packages/image.scm (gifsicle): Update to 1.95.
---
gnu/packages/image.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 7f17c71aef..0d6593dc21 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -2172,14 +2172,14 @@ (define-public swappy
(define-public gifsicle
(package
(name "gifsicle")
- (version "1.94")
+ (version "1.95")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.lcdf.org/gifsicle/gifsicle-"
version ".tar.gz"))
(sha256
- (base32 "16zq5wd6fyjgy0p0mak15k3mh1zpqb9rg6gqfpg215kqq02p1jab"))))
+ (base32 "0l69gn562l7a1l10zz1bfs756ipd682idgpk60qs3llz013icwdj"))))
(build-system gnu-build-system)
(arguments
'(#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 18/26] gnu: sendmail: Update to 8.18.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-18-ngraves@ngraves.fr
This fixes CVE-2023-51765 and CVE-2021-3618.

* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2c69a7b818..ca1a55818e 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 19/26] gnu: openvpn: Update to 2.6.12. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-19-ngraves@ngraves.fr
Thix fixes CVE-2024-24974, CVE-2024-27459 and CVE-2024-27903.

* gnu/packages/vpn.scm (openvpn): Update to 2.6.12.
---
gnu/packages/vpn.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 9f36595bfd..193b247779 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -867,7 +867,7 @@ (define-public openfortivpn
(define-public openvpn
(package
(name "openvpn")
- (version "2.6.7")
+ (version "2.6.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -875,7 +875,7 @@ (define-public openvpn
version ".tar.gz"))
(sha256
(base32
- "04wr0g97nmv81javym8r99mglmb86v1i49xmnmzf938x1cs7g67f"))))
+ "0a8r3bvg4aic9b7dix0h7990g3j1gq17wd3w6vqk8vk8xgfhyq8w"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-iproute2=yes")))
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 20/26] gnu: liblouis: Update to 3.31.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-20-ngraves@ngraves.fr
This fixes CVE-2022-26981.

* gnu/packages/language.scm (liblouis): Update to 3.31.0.
[arguments]: Improve style using gexps.
[native-inputs]: Rewrite and replace python-wrapper by python.
---
gnu/packages/language.scm | 47 ++++++++++++++++++---------------------
1 file changed, 22 insertions(+), 25 deletions(-)

Toggle diff (78 lines)
diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
index 78fcba4287..6a5e7927b4 100644
--- a/gnu/packages/language.scm
+++ b/gnu/packages/language.scm
@@ -10,6 +10,7 @@
;;; Copyright © 2023 gemmaro <gemmaro.dev@gmail.com>
;;; Copyright © 2024 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2024 Charles <charles@charje.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -338,7 +339,7 @@ (define-public libchewing
(define-public liblouis
(package
(name "liblouis")
- (version "3.15.0")
+ (version "3.31.0")
(source
(origin
(method git-fetch)
@@ -348,34 +349,30 @@ (define-public liblouis
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1ljy5xsy7vf2r0ix0d7bqcr6qvr6897f8madsx9zlm1mrj31n5px"))))
+ (base32 "02bga2l4jiyrgfqdl27wszz5yd6h80n2dmq3p6nb2br83jywisfh"))))
(build-system gnu-build-system)
(outputs '("out" "bin" "doc" "python"))
(arguments
- `(#:configure-flags
- (list
- "--disable-static"
- "--enable-ucs4")
- #:phases
- (modify-phases %standard-phases
- (add-after 'install 'install-python-extension
- (lambda* (#:key outputs #:allow-other-keys)
- (with-directory-excursion "python"
- (invoke "python" "setup.py" "install"
- (string-append "--prefix="
- (assoc-ref outputs "python"))
- "--root=/")))))))
+ (list
+ #:configure-flags #~(list "--disable-static" "--enable-ucs4")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'install 'install-python-extension
+ (lambda _
+ (with-directory-excursion "python"
+ (invoke "python3" "setup.py" "install" "--root=/"
+ (string-append "--prefix=" #$output:python))))))))
(native-inputs
- `(("autoconf" ,autoconf)
- ("automake" ,automake)
- ("clang-format" ,clang)
- ("help2man" ,help2man)
- ("libtool" ,libtool)
- ("libyaml" ,libyaml)
- ("makeinfo" ,texinfo)
- ("perl" ,perl)
- ("pkg-config" ,pkg-config)
- ("python" ,python-wrapper)))
+ (list autoconf
+ automake
+ clang
+ help2man
+ libtool
+ libyaml
+ texinfo
+ perl
+ pkg-config
+ python))
(synopsis "Braille translator and back-translator")
(description "Liblouis is a braille translator and back-translator named in
honor of Louis Braille. It features support for computer and literary braille,
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 22/26] gnu: unicorn: Update to 2.1.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-22-ngraves@ngraves.fr
Thix fixes CVE-2021-4296.

* gnu/packages/emulators.scm (unicorn): Update to 2.1.1.
---
gnu/packages/emulators.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (27 lines)
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index f0a60c0b49..948e588c4c 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -3508,13 +3508,18 @@ (define-public zsnes
(define-public unicorn
(package
(name "unicorn")
- (version "2.0.1.post1")
+ (version "2.1.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
- (base32 "0mlfs8qfi0clyncfkbxp6in0cpl747510i6bqymwid43xcirbikz"))))
+ (base32 "18sbrycr62wcs3a68a9q76ihpahfsd4bn3mryvyhimwwn1342kwh"))
+ (modules '((guix build utils)))
+ ;; cmake files are not in the cmake dir in pypi
+ (snippet #~(substitute* "src/CMakeLists.txt"
+ (("include\\(cmake/")
+ "include(")))))
(build-system pyproject-build-system)
(native-inputs (list cmake pkg-config))
(home-page "https://www.unicorn-engine.org")
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 21/26] gnu: youtube-dl: Deprecate package.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-21-ngraves@ngraves.fr
This package is not developped anymore.

* gnu/packages/video.scm (youtube-dl): Deprecate package.
---
gnu/packages/video.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index ff5dcd8daa..74cfabf6e7 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -93,6 +93,7 @@ (define-module (gnu packages video)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix packages)
+ #:use-module (guix deprecation)
#:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix git-download)
@@ -3085,7 +3086,7 @@ (define-public yle-dl
video streaming services of the Finnish national broadcasting company Yle.")
(license license:gpl3+)))
-(define-public youtube-dl
+(define-deprecated/public youtube-dl #f
(package
(name "youtube-dl")
(version "2021.12.17")
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 23/26] gnu: Add sexpp.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-23-ngraves@ngraves.fr
* gnu/packages/openpgp.scm (sexpp): New variable.
---
gnu/packages/openpgp.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (40 lines)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 9b6f04b407..356908ab1f 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -157,3 +158,26 @@ (define-public rnp
license:asl2.0
;; Nominet UK's BSD 3-Clause License (netpgp).
license:bsd-3)))))
+
+(define-public sexpp
+ (package
+ (name "sexpp")
+ (version "0.9.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rnpgp/sexpp")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "16y9f42w6ay3w0s23xmigqm0qi1swdfvc93g2xn3xkg1r4kpmnwq"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:configure-flags '(list "-DDOWNLOAD_GTEST=off")))
+ (native-inputs (list googletest pkg-config))
+ (home-page "https://github.com/rnpgp/sexpp")
+ (synopsis "C++ library for S-expressions")
+ (description
+ "This package provides a C++ library for working with S-Expressions.")
+ (license license:expat)))
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 24/26] gnu: rnp: Update to 0.17.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-24-ngraves@ngraves.fr
This fixes CVE-2023-29479 and CVE-2023-29480.

* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.
---
gnu/packages/openpgp.scm | 52 +++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 22 deletions(-)

Toggle diff (88 lines)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 356908ab1f..baf786c5ee 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -23,6 +23,7 @@ (define-module (gnu packages openpgp)
#:use-module (guix git-download)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages check)
@@ -98,10 +99,10 @@ (define-public dkgpg
(license license:gpl2+)))
(define-public rnp
- (let ((day-of-release "2022-09-22"))
+ (let ((day-of-release "2024-05-14"))
(package
(name "rnp")
- (version "0.16.2")
+ (version "0.17.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -110,33 +111,40 @@ (define-public rnp
(file-name (git-file-name name version))
(sha256
(base32
- "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8"))))
+ "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d"))))
(build-system cmake-build-system)
- (arguments `(#:configure-flags
- '("-DBUILD_SHARED_LIBS=on"
- "-DBUILD_TESTING=on"
- "-DDOWNLOAD_GTEST=off"
- "-DDOWNLOAD_RUBYRNP=off")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-tests
- (lambda _
- (substitute* "src/tests/support.cpp"
- (("\"cp\"") (search-input-file inputs "/bin/cp")))))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (when tests?
- ;; Some OpenPGP certificates used by the tests expire.
- ;; To work around that, set the time to roughly the
- ;; release date.
- (invoke "faketime" ,day-of-release "make" "test")))))))
+ (arguments
+ (list
+ #:configure-flags
+ ''("-DBUILD_SHARED_LIBS=on"
+ "-DBUILD_TESTING=on"
+ "-DDOWNLOAD_GTEST=off"
+ "-DDOWNLOAD_RUBYRNP=off")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'patch-tests
+ (lambda _
+ (substitute* "src/tests/support.cpp"
+ (("\"cp\"") (search-input-file inputs "/bin/cp")))))
+ (add-after 'unpack 'inject-sexpp-source
+ (lambda _
+ (rmdir "src/libsexpp")
+ (symlink #$(package-source (this-package-input "sexpp"))
+ "src/libsexpp")))
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ ;; Some OpenPGP certificates used by the tests expire.
+ ;; To work around that, set the time to roughly the
+ ;; release date.
+ (invoke "faketime" #$day-of-release "make" "test")))))))
(native-inputs
(list gnupg ; for tests
googletest ; for tests
libfaketime ; for tests
pkg-config
python))
- (inputs (list botan bzip2 json-c zlib))
+ (inputs (list botan bzip2 json-c sexpp zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 25/26] gnu: cjson: Update to 1.7.18. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-25-ngraves@ngraves.fr
This fixes CVE-2023-50471 and CVE-2023-50472.

* gnu/packages/javascript.scm (cjson): Update to 1.7.18.
---
gnu/packages/javascript.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
index 4f97dcfef6..b48acf47dc 100644
--- a/gnu/packages/javascript.scm
+++ b/gnu/packages/javascript.scm
@@ -49,7 +49,7 @@ (define-module (gnu packages javascript)
(define-public cjson
(package
(name "cjson")
- (version "1.7.16")
+ (version "1.7.18")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -57,7 +57,7 @@ (define-public cjson
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "00599lzzb0vszk317n0gln7wizdpchy4warxgpj3khrir73pphbb"))))
+ (base32 "08p37q4i3za3dgz7wynma1fh8y4rq7pyzyjzcda710nxrmsm1pyv"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags '("-DENABLE_CJSON_UTILS=On")))
--
2.46.0
N
N
Nicolas Graves wrote on 3 Nov 17:02 +0100
[PATCH v2 26/26] gnu: snapcast: Update to 0.29.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241103160239.6772-26-ngraves@ngraves.fr
This fixes CVE-2023-36177.

* gnu/packages/audio.scm (snapcast): Update to 0.29.0.
---
gnu/packages/audio.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index eaffa0842d..467dc4a74f 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -1567,7 +1567,7 @@ (define-public omins-lv2
(define-public snapcast
(package
(name "snapcast")
- (version "0.27.0")
+ (version "0.29.0")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -1576,7 +1576,7 @@ (define-public snapcast
(file-name (git-file-name name version))
(sha256
(base32
- "10l5hvmaqr9ykipsnzl95wqg19ff36rhpa1q88axxcia0k2valkn"))))
+ "1960xp54vsndj9vvc03kx9kg9phdchdgrfghhvcp2b0nfq2qcqqm"))))
(build-system cmake-build-system)
(arguments
'(#:tests? #f)) ; no included tests
--
2.46.0
Z
Re: [bug#74035] [PATCH v2 07/26] gnu: wireshark: Update to 4.4.1. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87v7x3ibji.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (29 lines)
> This fixes CVE-2024-9780.
>
> * gnu/packages/networking.scm (wireshark): Update to 4.4.1.
> ---
> gnu/packages/networking.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
> index 17d4072ee0..be8b5c8e93 100644
> --- a/gnu/packages/networking.scm
> +++ b/gnu/packages/networking.scm
> @@ -1805,14 +1805,14 @@ (define-public whois
> (define-public wireshark
> (package
> (name "wireshark")
> - (version "4.4.0")
> + (version "4.4.1")
> (source
> (origin
> (method url-fetch)
> (uri (string-append "https://www.wireshark.org/download/src/wireshark-"
> version ".tar.xz"))
> (sha256
> - (base32 "0s8jqxcvq7ibfsq8v4scl8dq7y5hqgpivq4iw9y2x6jj136cvmga"))))
> + (base32 "1v2nflm8rdifc6pwlzn1ciz22wl15zwkqs3r7gjw60kh59brd7ib"))))
> (build-system qt-build-system)
> (arguments
> (list

apply, and switch to git-fetch.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcolhEACgkQO1qpk+Gi
3/A84BAAgh92AR5B8hVrph9gh+ujI6RzqZzTVHkcmNfP73CTt0nzfS3De3ZkAbQd
WSunSKq6OAq+58W9WRgEz5Ccs+spBuqZCjKzo+VSH9K8G4Ym7R83j25l79EiTEUd
1DDErEIAFpKhmQnhAGR28s1nvXk0UEzSxwJrDYjU3sm12XzrcelInn0x6T7hVj3B
O1atAF8Eok6XbHASjrNS5p/r+IpU9zr9Ox9q1GJVhOugDkZBbJ2U9GV1HF05Kg6i
7CNfSfkKKxoJuHr01DBCsnIhZI1lTOAtoUw7Kf1CJV8Xcq3A9BLBS4itS0RBCE0e
/LaOponWLBxhIWzJGL4pCtL1mSbEM8YMGiCfOkvgA7EQjv2zSuzW0Ah6QgKb0daN
1P6hCGoI+NQmhwBArf2Dynob7noRiWuRzi3I1Vih18UOfdZRqhTzmystp6hgxsl9
HYO5h1LTnsSOmJ5v+btFKK7OiCV6sGyfIg9hJq/NwIT6WA8rXv9V424Ya5Oal1Io
wXreBBmlrnq/znRL3rJ8AETq8tXZrK3hrnXEtbqg/kn6vPpHxs2bBDozUZnZU/2X
2TJEh1HxfttjKa4x1sAaOwKq5acdKSavPpKC2s76vLMfVR4TucIIqY6pLYgK+vgz
uGnkLM97+KRvDTTc5cJRnLy2m6So9E4jJppOMCy5IdhcRr1cDlI=
=+M2i
-----END PGP SIGNATURE-----

Z
Re: [bug#74035] [PATCH v2 25/26] gnu: cjson: Update to 1.7.18. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87r07ribhv.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (30 lines)
> This fixes CVE-2023-50471 and CVE-2023-50472.
>
> * gnu/packages/javascript.scm (cjson): Update to 1.7.18.
> ---
> gnu/packages/javascript.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
> index 4f97dcfef6..b48acf47dc 100644
> --- a/gnu/packages/javascript.scm
> +++ b/gnu/packages/javascript.scm
> @@ -49,7 +49,7 @@ (define-module (gnu packages javascript)
> (define-public cjson
> (package
> (name "cjson")
> - (version "1.7.16")
> + (version "1.7.18")
> (source (origin
> (method git-fetch)
> (uri (git-reference
> @@ -57,7 +57,7 @@ (define-public cjson
> (commit (string-append "v" version))))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "00599lzzb0vszk317n0gln7wizdpchy4warxgpj3khrir73pphbb"))))
> + (base32 "08p37q4i3za3dgz7wynma1fh8y4rq7pyzyjzcda710nxrmsm1pyv"))))
> (build-system cmake-build-system)
> (arguments
> `(#:configure-flags '("-DENABLE_CJSON_UTILS=On")))

apply
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcolkwACgkQO1qpk+Gi
3/DCug//SvFbRWJFp7hyTM8KO2gtROJt/6QwP/m0LrjU0uas4KTxo4k/q/euAhli
WlXO85mB7J6bRxz80XKQHQ3pLjZQh8BK08nZc12PsX17Pb3FV4e4nE2qDx5m5FRS
1yKDFw1mr7tXYCtL4lL04cqBbDJG52qA2sINBcqenC2q7pGGTvGP2SGhGixHGoJ+
XQWghfgw/CteI02tVYKgweXhtyquxSrE7JNGEIGtwwWSOjCEWAEh4L5/E6/CXxgd
TT6/jojBTGiKzk8/XNOuwF/GiJQXwrvdLCIt7twQNJiRLXDZG7/7T2Fw3Y/wcgXQ
AX9EdB9WIPDuYjIJQMyv2ptKDJWkJFoUNNeZay7NWPfO9WSbm25humiODXpkhQDR
36KEcxVgyMVnysW9NnfL4hiahbOTxOi4Z+2wiil3zAXSidBFlOarPtIiZuxCCHaM
WeqgzA+ugSawTR9nXuj8qwC0VrHG4GJJDw32NsRPexcCjd9rbjDwqAyWukLxjX1y
qaYX7GEPMsnv+FPBh27u8evASP+h7+AtdL819fB52s1gn6hHHl6l2Cl/DxpC9ZzW
YQ3mwRDGNvK4TBJDWFB8i8qi5Zcx4EpQR/02o+p6aevcS2Mp8tVocfw4KpJiQPXk
Vs7WZFrdMSZyYZoJf/MHmdyEvxFydMtmOoPbJdmQ/oQEhp2tU5g=
=Gy4U
-----END PGP SIGNATURE-----

Z
Re: [bug#74035] [PATCH v2 11/26] gnu: pypy: Update to 7.3.17. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87msifibgw.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (29 lines)
> This fixes CVE-2022-37454.
>
> * gnu/packages/pypy.scm (pypy): Update to 7.3.17.
> ---
> gnu/packages/pypy.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/pypy.scm b/gnu/packages/pypy.scm
> index a39621b5ad..90986ac096 100644
> --- a/gnu/packages/pypy.scm
> +++ b/gnu/packages/pypy.scm
> @@ -42,14 +42,14 @@ (define-module (gnu packages pypy)
> (define-public pypy
> (package
> (name "pypy")
> - (version "7.3.13")
> + (version "7.3.17")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://downloads.python.org/pypy/"
> "pypy3.10-v" version "-src.tar.bz2"))
> (sha256
> (base32
> - "0v9s6pwrnaxqi5h1pvmaphj6kgyczx07ykl07hcx656h34y77haa"))))
> + "1xsbn9mbxi2kai4gg1nz6n6cbqsq60qh65f5l6ld7ip9g32lpmva"))))
> (build-system gnu-build-system)
> (arguments
> (list

apply
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcolm8ACgkQO1qpk+Gi
3/BtexAApaLpsMFQg79a1uN9qK+V8HQs9Q5tTbmkFhYqqEr8HQwyKX1iOnDqY2OH
CfNMPXdENX9egW/TdlotGWB8vgaKuJkHB0g8mXyWZmaEAZL0+I/adQbV83U/9ri+
mBV9iUUa8I8LO8wVblF0smHE+L/GcBFeS1MfnLC2kZsC5XcnKoAqcuKKGh3GbcEE
L8mEnSLMufty+2oAiOymBL35PV2G4sZU1/BhN+4NvTSvK6bspAclKlmgf7TgVE75
K8+NjULllDISbvmR2qXhowUjXpFFAIaLePU+DN/uvstQjK4zr45QHLCuzPO5Gu/+
DTzOs5m02jWHU6ZOluqJkJtDdO+0MLRc/xbhfQ+9Np+EogCyPhfY0XSMtlGTS5NU
y8dqg1pRrPxnnSPjLrlOVlSfpGXi9jiQXNmQU8jqEqwHheDrQoif9eVP2f6U4wao
zm4jHk5hyshvugOSVEE5rVqr3EiiT0eEWjvxPMAjVvPxFLD4ZPGPSniDros24ctk
33yOcgC37zf9adNw9S1rLvnP+zP8lqAQwwGFj+Joah8BXVKR4HxeX+gk9spfr6Km
lt2Hqba9W4po1aA9CKhMSeTIXzOQo/BfZXackJnRXz5ot/BOPqLSOUOG1lEy5aMv
nBGOG/sSmx8SgocG7KmSUAl0iJ4/fFybY57IofLFUYvEUfEl/dg=
=ncqq
-----END PGP SIGNATURE-----

Z
Re: [bug#74035] [PATCH v2 09/26] gnu: darkhttpd: Update to 1.16. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87ikt3ibfz.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (53 lines)
> This fixes CVE-2024-23770 and CVE-2024-23771.
>
> * gnu/packages/web.scm (darkhttpd): Update to 1.16.
> [arguments]: Improve style.
> ---
> gnu/packages/web.scm | 24 +++++++++++-------------
> 1 file changed, 11 insertions(+), 13 deletions(-)
>
> diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
> index 34739bf088..eb27d3448c 100644
> --- a/gnu/packages/web.scm
> +++ b/gnu/packages/web.scm
> @@ -6417,7 +6417,7 @@ (define-public surfraw
> (define-public darkhttpd
> (package
> (name "darkhttpd")
> - (version "1.13")
> + (version "1.16")
> (source
> (origin
> (method git-fetch)
> @@ -6426,20 +6426,18 @@ (define-public darkhttpd
> (commit (string-append "v" version))))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk"))))
> + (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm"))))
> (build-system gnu-build-system)
> (arguments
> - `(#:make-flags
> - (list (string-append "CC=" ,(cc-for-target)))
> - #:tests? #f ; No test suite
> - #:phases
> - (modify-phases %standard-phases
> - (delete 'configure) ; no configure script
> - (replace 'install
> - (lambda* (#:key outputs #:allow-other-keys)
> - (install-file "darkhttpd"
> - (string-append (assoc-ref outputs "out")
> - "/bin")))))))
> + (list
> + #:make-flags #~(list (string-append "CC=" #$(cc-for-target)))
> + #:tests? #f ; No test suite
> + #:phases
> + #~(modify-phases %standard-phases
> + (delete 'configure) ; no configure script
> + (replace 'install
> + (lambda _
> + (install-file "darkhttpd" (string-append #$output "/bin")))))))
> (synopsis "Simple static web server")
> (description "darkhttpd is a simple static web server. It is
> standalone and does not need inetd or ucspi-tcp. It does not need any

apply, and enable tests.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcolpAACgkQO1qpk+Gi
3/C6oxAApQDhw3Id12xLy8eUmkWkzzdrdPF2c5wDygP5g5P6y+6J/JQvZKcdkjVB
H7OuXXR/YBfNtCKWu3mkhI8lXE8Yw924Tz+kVnkmMZ5rmdSs+bMezWQIt9gxW8NZ
HepDpj9GSnk+g9lTAOHfZOuMk9G7B4f3tMB3Pu6niiduV1UMrH8c/HgurO2XJq8H
Gt71o+7WLmepGmPb/mFv8CqR+cc6NAFTRtOwx8PI9JFuw0CTYuvBfxR47W5Z5KPm
DNLpf8ZrDmpKVG6keBoKZoU/ZYGoaZgcIDDYU6GBbOABWJ6QzMIMDiHUrQbJLW9f
jy9D9n6uxrHVNpt1Hs85b1MwdM2gLMy59KBWL1u10WnX0v8uO3pRR/wk3LSrzgsB
X8WnPFPWc9OOOmPc0SzGj/vbgBHhBL/DT5yw14LTyruah54bTm2HgLK9WE02zIJq
eqV+mwDOfl2hAlDurD7HcKHGDnEsVvzepVD6RQHLv+bsQAFoKKV93jUhiQhyPhU4
wkQIGneX4xE26jR5NRsIoOx/z8Qy9m6A1b0MiUwnUbkoV+IInOMyU9wtjeZOrhw2
hnZfNOASB86YUP+NPBKtqG0jqr85qXztlv8Hwffr41IH1Nq3rWxA8dgoBvJfUew+
4O/XV6Wu3mnnypv9SZcr2ejnDELVga/pvqmtzNZBNLRxLfIdtPM=
=tSxE
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 12:57 +0100
Re: [bug#74035] [PATCH v2 05/26] gnu: libmobi: Update to 0.12. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87ttcnqkii.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (32 lines)
> This fixes CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908,
> CVE-2022-1987, CVE-2022-2279, CVE-2022-29788, CVE-2021-3751,
> CVE-2021-3881, CVE-2021-3888 and CVE-2021-3889.
>
> * gnu/packages/ebook.scm (libmobi): Update to 0.12.
> ---
> gnu/packages/ebook.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
> index dc30c98fdf..bf8dcfad09 100644
> --- a/gnu/packages/ebook.scm
> +++ b/gnu/packages/ebook.scm
> @@ -648,7 +648,7 @@ (define-public xchm
> (define-public libmobi
> (package
> (name "libmobi")
> - (version "0.6")
> + (version "0.12")
> (source (origin
> (method git-fetch)
> (uri (git-reference
> @@ -657,7 +657,7 @@ (define-public libmobi
> (file-name (git-file-name name version))
> (sha256
> (base32
> - "0yps72cm609xn2k7alflkdhp9kgr1w7zzyxjygz0n1kqrdcplihh"))))
> + "0cwya9n0rd97ai0fcqjwq7b3sjzigf3ywp7bnkbbw541f3knpds9"))))
> (build-system gnu-build-system)
> (native-inputs
> (list autoconf automake libtool))

apply.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcotqUACgkQO1qpk+Gi
3/AJPRAAk5IPg4rid83djCw1uzV9MT0rn8AW+NDmT3nT7953wzXwJgIQJZV8qNoF
nua9yzQEc9dIHTifcqPNb4Ahcy914pm/iHba+bpHBSneE5pjq43MT1dMJayCT4Zw
vIjjmrQSgB+T+ikrwAJsW71S9vJebBCZQlBKrJVQQYLGVyWVGIwRPJqDuflTMOfs
NECA4wcBKXmYoY4MXsDWqdnJzexYqMcC26dgDRevFQuseRJePHzonC07NWFB8wD/
o7BGYYWzqfawk+q2CQ9qVRQkb41RP3yYt5VQolz70mAplZr7QiK92u+KZvWhMtU3
ChHtntcMxpGH8RzVtu8pDs+aCHshSNofx2vbxtItvBA0+D1mcZkxl4OfgnraU8OG
LilkWKUAcmxVi6tPyH7QkygIVYFolcD9U83DNT1pczb8dS+YUZsA/JFKY05QUmW0
zrwhUUOiOv6D6/kUQ/VCJ4S9o0E6Qj6nsmJ923kdk5FeIBsE7+qGhjRZmJcDdpAI
M2LOvCqTvIurVpuuHnwNcs5lV8tTU+d20kxsGVxC3szXaHxWHr2ZamsBoNpHEjnH
cDSc0U40rDo/BqBd3gQkkmzamM/HP69VLF3yqlO/CsAEJo7T2CPBPxADzorm1fSD
/HPKtZJ9yYbLqpHj85KT0FcxIgSpPbOk8nwinf9Pj9I3fpJE1Mo=
=SovO
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 12:58 +0100
Re: [bug#74035] [PATCH v2 20/26] gnu: liblouis: Update to 3.31.0. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87plnbqkgu.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (85 lines)
> This fixes CVE-2022-26981.
>
> * gnu/packages/language.scm (liblouis): Update to 3.31.0.
> [arguments]: Improve style using gexps.
> [native-inputs]: Rewrite and replace python-wrapper by python.
> ---
> gnu/packages/language.scm | 47 ++++++++++++++++++---------------------
> 1 file changed, 22 insertions(+), 25 deletions(-)
>
> diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
> index 78fcba4287..6a5e7927b4 100644
> --- a/gnu/packages/language.scm
> +++ b/gnu/packages/language.scm
> @@ -10,6 +10,7 @@
> ;;; Copyright © 2023 gemmaro <gemmaro.dev@gmail.com>
> ;;; Copyright © 2024 Efraim Flashner <efraim@flashner.co.il>
> ;;; Copyright © 2024 Charles <charles@charje.net>
> +;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -338,7 +339,7 @@ (define-public libchewing
> (define-public liblouis
> (package
> (name "liblouis")
> - (version "3.15.0")
> + (version "3.31.0")
> (source
> (origin
> (method git-fetch)
> @@ -348,34 +349,30 @@ (define-public liblouis
> (commit (string-append "v" version))))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "1ljy5xsy7vf2r0ix0d7bqcr6qvr6897f8madsx9zlm1mrj31n5px"))))
> + (base32 "02bga2l4jiyrgfqdl27wszz5yd6h80n2dmq3p6nb2br83jywisfh"))))
> (build-system gnu-build-system)
> (outputs '("out" "bin" "doc" "python"))
> (arguments
> - `(#:configure-flags
> - (list
> - "--disable-static"
> - "--enable-ucs4")
> - #:phases
> - (modify-phases %standard-phases
> - (add-after 'install 'install-python-extension
> - (lambda* (#:key outputs #:allow-other-keys)
> - (with-directory-excursion "python"
> - (invoke "python" "setup.py" "install"
> - (string-append "--prefix="
> - (assoc-ref outputs "python"))
> - "--root=/")))))))
> + (list
> + #:configure-flags #~(list "--disable-static" "--enable-ucs4")
> + #:phases
> + #~(modify-phases %standard-phases
> + (add-after 'install 'install-python-extension
> + (lambda _
> + (with-directory-excursion "python"
> + (invoke "python3" "setup.py" "install" "--root=/"
> + (string-append "--prefix=" #$output:python))))))))
> (native-inputs
> - `(("autoconf" ,autoconf)
> - ("automake" ,automake)
> - ("clang-format" ,clang)
> - ("help2man" ,help2man)
> - ("libtool" ,libtool)
> - ("libyaml" ,libyaml)
> - ("makeinfo" ,texinfo)
> - ("perl" ,perl)
> - ("pkg-config" ,pkg-config)
> - ("python" ,python-wrapper)))
> + (list autoconf
> + automake
> + clang
> + help2man
> + libtool
> + libyaml
> + texinfo
> + perl
> + pkg-config
> + python))
> (synopsis "Braille translator and back-translator")
> (description "Liblouis is a braille translator and back-translator named in
> honor of Louis Braille. It features support for computer and literary braille,
apply, adjust message and use python-minimal, not python.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcotuEACgkQO1qpk+Gi
3/CjhhAAqvinK0xS4Ot9L63mETPlAWlw/WN8gQ08wMsFy9n0boXlvPfDzuGL7PDT
8r40iCXrzmFTxm/7yNhVUtQQ7wxRKqzb8eICilV3XPy0Ay1kzz+YiRnsIAAGgxAR
Xe5naCat/MHBHT9Cs9yK39D8fNAKjjpaB26aGiq/iCYV/EaS29oEflsloSFuPOBr
NMVAoVTLMJ/kQ0m1KJy9bGHADFbdwFktEGjBVJo9ixSzThZv5P/2t+aPshwFZGxM
nz+c3hp6tHRzU0MBkjFvv+/J9JAYatU0TYr5kWvCQZDs+oQ+MML6Xw/dXi8FQSZK
wze/Rx0aw7SXAqy0pvNZdVupPebP3Qj0UB7PdP1xlNNi03v2Ngw/an5RGh8jhZlJ
64NiEfXhLPiawc9dRK3E1k7kZ74eHR07cX3DNpbS+Ms5TL5sgfnSftVlfN639h/p
GExf0sbrJ3cSUQwWU1pCbAzE3EefYZhRv5m9KypHRPJHkbLbnL44mjrO7JvzYePN
wkQW8WKpQD6ksPtY7pjTdzgbF5inHCrLxALcwQl/HYWUAG88Df45DYHggaPL4ts8
023zJEZh2sNywhtFh0tUXpUcgzLOFEtCnR+ZJCgA9biwqEy+U/B+d+/uR5w8kVdz
V57EPdbKSK4jPo+xbD06rhvf1gHxf/zXaOz1SdFQaUHxmlCNB6Y=
=2ZRr
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 12:58 +0100
Re: [bug#74035] [PATCH v2 17/26] gnu: gifsicle: Update to 1.95. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87ldxzqkg1.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (28 lines)
> This fixes CVE-2023-44821 and CVE-2023-46009.
>
> * gnu/packages/image.scm (gifsicle): Update to 1.95.
> ---
> gnu/packages/image.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
> index 7f17c71aef..0d6593dc21 100644
> --- a/gnu/packages/image.scm
> +++ b/gnu/packages/image.scm
> @@ -2172,14 +2172,14 @@ (define-public swappy
> (define-public gifsicle
> (package
> (name "gifsicle")
> - (version "1.94")
> + (version "1.95")
> (source
> (origin
> (method url-fetch)
> (uri (string-append "https://www.lcdf.org/gifsicle/gifsicle-"
> version ".tar.gz"))
> (sha256
> - (base32 "16zq5wd6fyjgy0p0mak15k3mh1zpqb9rg6gqfpg215kqq02p1jab"))))
> + (base32 "0l69gn562l7a1l10zz1bfs756ipd682idgpk60qs3llz013icwdj"))))
> (build-system gnu-build-system)
> (arguments
> '(#:phases
apply, and build from git source, use g-expressions.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcotv4ACgkQO1qpk+Gi
3/CfTA/5AUh1s+ni5Zu6XSVHfe13eKWSMHLMBo8zJudzqeQ8lKxuUp9O8Jz4Zrm9
OyXLp970Gh1sSDI3Pt0HqEV38SBMsb03dxQhXXRHMSjzf2FdEP+OvRVcgGLNzI9b
ZBaJm/OfK8b1q80EO5C99bGKhS/adIO1Si6zBHe2xvQWh/esUsDFE3JF+B8wv9HQ
u9LkW0YpSBccIcV5mu8dqvHXQGG5ils8PNL1I+urG7nLNxl7ZGbvtjcCg+Z3SdqR
IYZO6Sxq2z2NWdFfTmw6HlJYEBhv8bUBT96fax6q32DGOckLj3AW88+TYFKCndvi
aMO0iXioVVqsNegvptr/YFfii/r1BpAQtG2a5exWFL2LrwQbcML5RyH26Ge1yw/K
j8t2PtBUZ+yhyv9SfJdb3ujpdgspnp53IbgHipeYORsqyIyJpmDxZjJr4arqhYEC
bXi8YyeClm08Vm8eJSk55W79YuIEichhV891/xhAXIkVGIzjx3Uy6KsZrl1onq4r
oKK1Yx233fv8GowwJ9BxFSdsmX/hyXwxX/n57NiUGJ0DyWsSlvuygbbn1Qn37Cmm
WIH8cNy82kwnR3bqB+fPEju8plggJ/bZ0OuNcMFeLPbdOt1L5MpHRZzeapQqogNd
vYS4sn2tf7jxIVpDAfN1YUhQJl6eAk1w5O2XmLZ5pUFqGt5vN08=
=D8qZ
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 12:59 +0100
Re: [bug#74035] [PATCH v2 14/26] gnu: squashfs-tools: Update to 4.6.1. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87h68nqkfb.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (86 lines)
> This fixes CVE-2021-40153 and CVE-2021-41072.
>
> * gnu/packages/compression.scm (squashfs-tools): Update to 4.6.1.
> [arguments]: Improve style.
> <#:make-flags>: Add INSTALL_MANPAGES_DIR value.
> <#:phases>: Remove phase 'install-documentation. Add phase
> 'patch-generated-source-shebangs.
> [native-inputs]: Add coreutils-minimal, help2man, which.
> [inputs]: Rewrite.
> ---
> gnu/packages/compression.scm | 52 ++++++++++++++++++------------------
> 1 file changed, 26 insertions(+), 26 deletions(-)
>
> diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
> index 97696ff0ef..7627717db6 100644
> --- a/gnu/packages/compression.scm
> +++ b/gnu/packages/compression.scm
> @@ -1023,7 +1023,7 @@ (define-public lz4
> (define-public squashfs-tools
> (package
> (name "squashfs-tools")
> - (version "4.5")
> + (version "4.6.1")
> (source
> (origin
> (method git-fetch)
> @@ -1032,34 +1032,34 @@ (define-public squashfs-tools
> (commit version)))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "18d4nwa22vgb8j2badngjngw63f0lj501cvlh3920wqy2mqxwav6"))))
> + (base32 "14nisidxx2d2qivyv7xfcg59qkj4fjiniir7nvymazdsng63gcr1"))))
> (build-system gnu-build-system)
> (arguments
> - `(#:tests? #f ; no check target
> - #:make-flags
> - (list (string-append "CC=" ,(cc-for-target))
> - "XZ_SUPPORT=1"
> - "LZO_SUPPORT=1"
> - "LZ4_SUPPORT=1"
> - "ZSTD_SUPPORT=1"
> - (string-append "INSTALL_DIR=" (assoc-ref %outputs "out") "/bin"))
> - #:phases
> - (modify-phases %standard-phases
> - (replace 'configure
> - (lambda _
> - (chdir "squashfs-tools")))
> - (add-after 'install 'install-documentation
> - ;; Install what very little usage documentation is provided.
> - (lambda* (#:key outputs #:allow-other-keys)
> - (let* ((out (assoc-ref outputs "out"))
> - (doc (string-append out "/share/doc/" ,name)))
> - (install-file "../USAGE" doc)))))))
> + (list
> + #:tests? #f ; no check target
> + #:make-flags
> + #~(list
> + (string-append "CC=" #$(cc-for-target))
> + "XZ_SUPPORT=1"
> + "LZO_SUPPORT=1"
> + "LZ4_SUPPORT=1"
> + "ZSTD_SUPPORT=1"
> + (string-append "INSTALL_DIR=" #$output "/bin")
> + (string-append "INSTALL_MANPAGES_DIR=" #$output "/share/man/man1"))
> + #:phases
> + #~(modify-phases %standard-phases
> + (replace 'configure
> + (lambda _
> + (chdir "squashfs-tools")))
> + (add-after 'patch-source-shebangs 'patch-generated-source-shebangs
> + (lambda _
> + (substitute* (find-files "generate-manpages" "\\.sh")
> + (("print \"#!/bin/sh")
> + (string-append "print \"#!" (which "sh")))))))))
> + (native-inputs
> + (list coreutils-minimal help2man which))
> (inputs
> - `(("lz4" ,lz4)
> - ("lzo" ,lzo)
> - ("xz" ,xz)
> - ("zlib" ,zlib)
> - ("zstd:lib" ,zstd "lib")))
> + (list lz4 lzo xz zlib `(,zstd "lib")))
> (home-page "https://github.com/plougher/squashfs-tools")
> (synopsis "Tools to create and extract squashfs file systems")
> (description
apply
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcotxgACgkQO1qpk+Gi
3/ArjQ/+Kg/1k8r6wzvHeXmw9htFFnp3/spc2yNQJi5BbkDjEh1suzhkRq5qPW+k
jHas0ys3xi7GYTCeKuMEOdsnDJQkn5WR9jnnF5yhBnKOfxvo03Wbq+7XugU9AL8n
S/2aD2I4AbJdPnW9VLOfJyDlCcraljlHP5PbWOVjSNRfeu73RETIIiMD0tcxuCmX
eSOWecnfek140NAl9Lc1BTuZ4mkiD/uiSl6cnnRm6vEGd7uy6N9FX+KWc/0ivldi
5TXzbtJzPpYKuLeG2MR1FdKr6zdxD+kmI2PRIZ9vgKvspb4SN7V8DVTpCj8zGAad
OqL7d5dbVmwdbvxcns0gau6LrwTCIIt2UAMtEzVlUxYwBhIpsGdxK/nrxRk38mOg
ryfWMAMGfjJd0TGdzWAN0szqrP4LZWcVwdAwAeInpm7F/1NeD8FwuvobfdWVdwu6
7kLMpek65exY112OFEZ10pXBZpmeX9aYinroRd8/eBv/wtKCWGTOJb00lEwwI968
oDdt9A9RHEmfw658f/upsfj+brJOBR5PBcD04pt6/mHq2iT9lXk0RXmHS7vQYOXk
kHOvBhp6cKPTMZQujwWMzqnqDk3xboR85pHmUXGBHH5sF3XC1rGbXAQKHBfig8y7
dch8qf82L/JEQjh6jpv74XHQGrUpNmGAzAwyki+7MxgelRk23rk=
=Fa7b
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 17:06 +0100
Re: [bug#74035] [PATCH v2 16/26] gnu: libzapojit: Update to 0.0.3-1.99d49ba. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87cyjbq8zq.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (64 lines)
> This fixes CVE-2021-39360.
>
> * gnu/packages/gnome.scm (libzapojit): Update to 0.0.3-1.99d49ba.
> ---
> gnu/packages/gnome.scm | 45 ++++++++++++++++++++++--------------------
> 1 file changed, 24 insertions(+), 21 deletions(-)
>
> diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
> index 77a0633b50..82ea9d6699 100644
> --- a/gnu/packages/gnome.scm
> +++ b/gnu/packages/gnome.scm
> @@ -10591,28 +10591,31 @@ (define-public gsound
> (license license:lgpl2.1+)))
>
> (define-public libzapojit
> - (package
> - (name "libzapojit")
> - (version "0.0.3")
> - (source (origin
> - (method url-fetch)
> - (uri (string-append "mirror://gnome/sources/" name "/"
> - (version-major+minor version) "/"
> - name "-" version ".tar.xz"))
> - (sha256
> - (base32
> - "0zn3s7ryjc3k1abj4k55dr2na844l451nrg9s6cvnnhh569zj99x"))))
> - (build-system gnu-build-system)
> - (native-inputs
> - (list gobject-introspection intltool pkg-config))
> - (inputs
> - (list gnome-online-accounts json-glib rest))
> - (home-page "https://wiki.gnome.org/Projects/Zapojit")
> - (synopsis "Library for accessing SkyDrive and Hotmail")
> - (description
> - "Libzapojit is a GLib-based library for accessing online service APIs of
> + (let ((revision "1")
> + (commit "99d49bac5edc4afdcac742a0a142908e405597b0"))
> + (package
> + (name "libzapojit")
> + (version (git-version "0.0.3" revision commit))
> + (source
> + (origin
> + (method git-fetch)
> + (uri (git-reference
> + (url "https://gitlab.gnome.org/Archive/libzapojit")
> + (commit commit)))
> + (file-name (git-file-name name version))
> + (sha256
> + (base32 "12frqg925rmic3rf37h5vs48xdy3mfi4ip24v0bl73h5sxy8n828"))))
> + (build-system gnu-build-system)
> + (native-inputs
> + (list gobject-introspection intltool pkg-config))
> + (inputs
> + (list gnome-online-accounts json-glib rest))
> + (home-page "https://wiki.gnome.org/Projects/Zapojit")
> + (synopsis "Library for accessing SkyDrive and Hotmail")
> + (description
> + "Libzapojit is a GLib-based library for accessing online service APIs of
> Microsoft SkyDrive and Hotmail, using their REST protocols.")
> - (license license:lgpl2.1+)))
> + (license license:lgpl2.1+))))
>
> (define-public gnome-clocks
> (package
apply, and add autoconf, autoconf-archive, automake, glib:bin and
libtool to fix build.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmco8PkACgkQO1qpk+Gi
3/AAsg//b8dcauXpiXgt2raw/prcsBBZsuSeYdGKWklQflYxhfhkNXLfN8sUFGcT
sQnMrwFoffuQIfoz+EpVdnNZiWlou/wW0Ri3gjlZBmViHRvFw9nD2fE0zpkDipds
RvgrK6y3x7dBXAlBo+Mpi9W4BIwyPwMEccEcTyLZfZ+gJnCwkcB+NHnhXQIuFBe/
OTonpHAFEMLlNXAbENdLBJrAlGIG5GbOPOLKr0plhoUIJkO2ZHPTaYKvvNvmb9Rx
/HlHhVmO4mG16BJ5eaExf6EGBrgPfq681kQYLVYaJY6AQLBF/Mc5+93JJDHBdKi9
mQuMjx9zZ/DmJQExZhhnU2p4ipz5NBqZbjlokX3kCEEsemioBJYuEX+XRyZI0pmF
lN38RRfK2W0LYqpR8m4zSX8L68hgbc7Xz+mUS/7Q1DD7+xmNVSmBBE26okaGXuNw
UJJMhEfoWuCja3FrYVIbU233Vcd/8FTt1bX01FkODdsg69d5vm4g5ec0Xabgym9+
ND3FyIO2tDVC1fcK0R8cc4drJO38IONjWnY4GyqRWiCLBTir745xzqRHXiQyUzMY
K6yQlKNvTRKWWmNWrGQzjVr1uN9oDO7C/OBzCT/Y0WwylVLpdub2R0L/sBcxS6iw
58lyZLLbzMHzhBcBnnwIw1PWcnlLwoC5PJjTYO9ekhsq2vn+23Q=
=wWB7
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 17:08 +0100
Re: [bug#74035] [PATCH v2 01/26] gnu: libyang: Update to 3.4.2. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
878qtzq8wr.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (37 lines)
> This fixes CVE-2021-28902, CVE-2021-28903, CVE-2021-28904,
> CVE-2021-28905 and CVE-2021-28906.
>
> * gnu/packages/networking.scm (libyang): Update to 3.4.2.
> ---
> gnu/packages/networking.scm | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
> index 8481e2d2f4..17d4072ee0 100644
> --- a/gnu/packages/networking.scm
> +++ b/gnu/packages/networking.scm
> @@ -4238,7 +4238,7 @@ (define-public iwgtk
> (define-public libyang
> (package
> (name "libyang")
> - (version "1.0.215")
> + (version "3.4.2")
> (source (origin
> (method git-fetch)
> (uri (git-reference
> @@ -4247,12 +4247,12 @@ (define-public libyang
> (file-name (git-file-name name version))
> (sha256
> (base32
> - "0mrs2ppmq77z8sbqgm2w0rl9bfgybd6bcxanakfww4chih6cy0dw"))))
> + "07skjr3r4na12kadca2dyk45clpcpnp4zkkwfaa8sqyslx7vhj56"))))
> (build-system cmake-build-system)
> (arguments
> `(#:configure-flags
> (list "-DENABLE_BUILD_TESTS=ON" "-DENABLE_LYD_PRIV=ON")))
> - (propagated-inputs (list pcre))
> + (propagated-inputs (list pcre2))
> (native-inputs (list cmocka pkg-config))
> (home-page "https://github.com/CESNET/libyang")
> (synopsis "YANG data modelling language library")

apply, and update it single dependent package: frrouting.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmco8WQACgkQO1qpk+Gi
3/COUhAAnUcyR5ltZf7hszIyQOsDm4aQyM51m+GeODeS/ulzp7kDTbEIBD9CXEiY
4c/E+ne34AdqGi4VnRp/E8pdwR3vsLZXkISi+/EzFU6vCM2mONmceqvC6fSNzWcN
El9tZfHxoufEtfa19PfY9VtmCy+6WrttvDfDkEEk/5ygU3J+R0a3qPjoIIiQo7zC
JvT3FYH0sN5zsOaHdmuH7QYeqdQIW80AuOLdd7GkzJJROGbsSapPQ4zrbU4a823t
NuvBNY901KjGfT+ZXR80Mn1wEEKeECQELGSrDAnVAxXqxwre9S7IVs+Js0vz32oY
zlVZ7jw2K4zSDKvFWOsaBY/tKJO/PMbVpWn1vOJvf7JBGXXfu3ByP+EZVXDtaqva
X1M3yZ/l/izBRkwzTqVp8dzGw16b05RiHnCuL29Ok0zd81+OkQ6zmQD6i8b145jY
uS6rm+4ONLeMPiW3f+MkDgGtGubzHsxyNuVCU6JtZozAm1Yl9izq/sJ9qCfNycvH
Bfgsya3hBnYBN2/L1qL9yp+7nro2IMH0GHvleOqu3ihU4lAj2YbnWDxDMbO2srlC
/ZFThND4VnRBbW4E2nvvrbAlSokXvmNSFgJh2RzDkJcCA4zbXbYJj4FOHMoj+CJr
12ENLEDJuIfjl6XAP619cQ33EOnO32VeJ6vt44d9DX7UTiNcm1o=
=HItf
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 17:08 +0100
Re: [bug#74035] [PATCH v2 02/26] gnu: python-django-4.2: Update to 4.2.16. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
874j4nq8vy.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (42 lines)
> This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
> CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
> CVE-2023-43665 and CVE-2023-46695.
>
> * gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
> [properties]: Add lint-hidden-cve property.
> ---
> gnu/packages/django.scm | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
> index 4404c8368d..4cf043f7c1 100644
> --- a/gnu/packages/django.scm
> +++ b/gnu/packages/django.scm
> @@ -57,13 +57,13 @@ (define-module (gnu packages django)
> (define-public python-django-4.2
> (package
> (name "python-django")
> - (version "4.2.5")
> + (version "4.2.16")
> (source (origin
> (method url-fetch)
> (uri (pypi-uri "Django" version))
> (sha256
> (base32
> - "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
> + "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
> (build-system pyproject-build-system)
> (arguments
> '(#:test-flags
> @@ -140,7 +140,9 @@ (define-public python-django-4.2
> any Web site. Django focuses on automating as much as possible and adhering
> to the @dfn{don't repeat yourself} (DRY) principle.")
> (license license:bsd-3)
> - (properties `((cpe-name . "django")))))
> + (properties `((cpe-name . "django")
> + ;; This CVE seems fixed since 4.2.1.
> + (lint-hidden-cve . ("CVE-2023-31047"))))))
>
> (define-public python-django-3.2
> (package

apply.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmco8YEACgkQO1qpk+Gi
3/DJdhAAvSEtjqScGIVs8W8i3VpaEgFkhr6vHGUR+yAF2w4vYnHB7Nn9T9Bp4HKB
BQnWI7hHyZ88H3IQEtaE8Di0sQ/sK/afj+CYYtXVfYrKO0J9Ebhqnjq25O0I+G9T
PMEdl/LN1SSmzpWKlOq4gSwMeP0U9wHgo8Tovcn1EslmNDdPcDZwC98Zp1HgWcBZ
nGQ0ij+340iwTCXtRR5PcqdbOiYTP2T0mBHz9LcbGrugDzdT24RbfksMz6AU5c1Y
miqei8RWt0UNGdMBiAB6dUrB2SsCqDacaE+LpWIgSKn0LUUIxPcJxeYgGZCzqDuG
oyUKnSFfCHjLB0ocVSdh8Mhbr9G135jswyMrOENWnoRpsGyn2u051qLY40S7OOPO
an0UtbCxucRB6kHa6RGbICDk8et6nz/fVuJ0pqeymx7H+oJVkQrvekxAhwFV1lEA
/LCtOZCUtGQRkS13XUHIRMQ7PuRodxXCz7MOxIJXWEEn1Hb2CZTtj0lEySUWhLT5
TzxT/JmoizqTCYhdxbwKLHgfIq7+y/3oCZ7QmtbcO0KlNAIQjJ8+rv24cMKJPJbI
80f6+Da+CwrhEX2W5j6EtNB9AkOeyvVbQqdutoqQCpAIYrqL+cpvI6o3Hq/zLMch
qqY2+Gb0CBfo7/J9sHiYuwlOD5ySZV9DbVX1F1bluqTLIQmDS8o=
=e0rw
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 17:09 +0100
Re: [bug#74035] [PATCH v2 03/26] gnu: maradns: Update to 3.5.0036. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87zfmfouao.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (40 lines)
> This fixes CVE-2023-31137.
>
> * gnu/packages/dns.scm (maradns): Update to 3.5.0036.
> [properties]: Add release-monitoring-url property.
> ---
> gnu/packages/dns.scm | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
> index e911a142ef..bd2df30f01 100644
> --- a/gnu/packages/dns.scm
> +++ b/gnu/packages/dns.scm
> @@ -1181,7 +1181,7 @@ (define-public public-suffix-list
> (define-public maradns
> (package
> (name "maradns")
> - (version "3.5.0022")
> + (version "3.5.0036")
> (source
> (origin
> (method url-fetch)
> @@ -1189,7 +1189,7 @@ (define-public maradns
> (version-major+minor version) "/"
> version "/maradns-" version ".tar.xz"))
> (sha256
> - (base32 "1sw267jxxxngjcar8cj3jpxnpiz0szgkhlz5l46c67qs690w9kdi"))))
> + (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
> (build-system gnu-build-system)
> (arguments
> `(#:tests? #f ; need to be root to run tests
> @@ -1226,6 +1226,8 @@ (define-public maradns
> (description "MaraDNS is a small and lightweight DNS server. MaraDNS
> consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
> and TCP-capable recursive DNS server for finding domains on the internet.")
> + (properties '((release-monitoring-url
> + . "https://maradns.samiam.org/download.html")))
> (license license:bsd-2)))
>
> (define-public openresolv

apply.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmco8Z8ACgkQO1qpk+Gi
3/AaFBAAl0YKPi7fKCc3TxM/WonAYG/oidWWFj0DACqHMliML7EWPR+Za205rWot
R4Dee2gfyFyxWFa1V15yJoDKH+HJxURvOAOi90GPrajGYI+tdcaJ2/M6SKZ5g+oi
d/qKpPgBEibtREw92EI76++t2+LF51YqZNBMG8MKkDPdyIm6UUFKkXvVPrNhznwt
ZWoDpz43+YCDjjTT8Sqqf5Je1qswAqgLP2t4e8jZD5cKfVr0ZD37gcWRJou8SYi6
BNvQyaKxCwFVL5QU+ZS4nm56OUF7jS4DjEG5xQZ7zTWnXsZRf1v3yS54Cw8dpZur
Ib/oth1oVh0kR+L/QmRfKnScDwDN9C4lRTv/ZWc04nQFGAJ82yxNvB4waDDJCJOL
ZaVlAAq8EdU4acfF3TFIBIarjg22yR7Baqs/yr2wKPgD/zf9VZl0jCb808WqxNzV
8HU6BVpkGaie14nUJHpVbQy1D6+Yhw8s/0c73m0In2l5Jd0LhIyKdx0A7MOZL7bb
QUsCZoXcXxvMZUK3oRVxiuyvA2JgbY3a2GB0yZM8aemTtEZQ+S2exoJbDbyClCGy
d/WDQEfIAyfMTCQiy0UPchiYLz6boUIdS27GQcNU1BUUOeSN0ZeK2qDhydgEvE8M
l6RGkKWQc1kZQfCzM3r0+i3vCVAV3x+UkSV8nC3Ri4jLeqwc6NY=
=tlNK
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 17:09 +0100
Re: [bug#74035] [PATCH v2 04/26] gnu: maradns: Improve style.
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87v7x3oua7.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (75 lines)
> * gnu/packages/dns.scm (maradns)[arguments]: Use gexps.
> ---
> gnu/packages/dns.scm | 58 ++++++++++++++++++++++----------------------
> 1 file changed, 29 insertions(+), 29 deletions(-)
>
> diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
> index bd2df30f01..7a78fb0308 100644
> --- a/gnu/packages/dns.scm
> +++ b/gnu/packages/dns.scm
> @@ -1192,35 +1192,35 @@ (define-public maradns
> (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
> (build-system gnu-build-system)
> (arguments
> - `(#:tests? #f ; need to be root to run tests
> - #:make-flags
> - (list
> - ,(string-append "CC=" (cc-for-target))
> - (string-append "PREFIX=" %output)
> - (string-append "RPM_BUILD_ROOT=" %output))
> - #:phases
> - (modify-phases %standard-phases
> - (replace 'configure
> - (lambda* (#:key native-inputs target #:allow-other-keys)
> - ;; make_32bit_tables generates a header file that is used during
> - ;; compilation. Hence, during cross compilation, it should be
> - ;; built for the host system.
> - (when target
> - (substitute* "rng/Makefile"
> - (("\\$\\(CC\\) -o make_32bit_tables")
> - (string-append (assoc-ref native-inputs "gcc")
> - "/bin/gcc -o make_32bit_tables"))))
> - (invoke "./configure")))
> - (add-before 'install 'create-install-directories
> - (lambda* (#:key outputs #:allow-other-keys)
> - (let ((out (assoc-ref outputs "out")))
> - (for-each (lambda (dir)
> - (mkdir-p (string-append out dir)))
> - (list "/bin" "/sbin" "/etc"
> - "/share/man/man1"
> - "/share/man/man5"
> - "/share/man/man8"))
> - #t))))))
> + (list
> + #:tests? #f ; need to be root to run tests
> + #:make-flags
> + #~(list
> + (string-append "CC=" #$(cc-for-target))
> + (string-append "PREFIX=" #$output)
> + (string-append "RPM_BUILD_ROOT=" #$output))
> + #:phases
> + #~(modify-phases %standard-phases
> + (replace 'configure
> + (lambda* (#:key native-inputs target #:allow-other-keys)
> + ;; make_32bit_tables generates a header file that is used during
> + ;; compilation. Hence, during cross compilation, it should be
> + ;; built for the host system.
> + (when target
> + (substitute* "rng/Makefile"
> + (("\\$\\(CC\\) -o make_32bit_tables")
> + (string-append (search-input-file native-inputs "/bin/gcc")
> + " -o make_32bit_tables"))))
> + ;; ./configure doesn't support default flags
> + (invoke "./configure")))
> + (add-before 'install 'create-install-directories
> + (lambda _
> + (for-each (lambda (dir)
> + (mkdir-p (string-append #$output dir)))
> + (list "/bin" "/sbin" "/etc"
> + "/share/man/man1"
> + "/share/man/man5"
> + "/share/man/man8")))))))
> (home-page "https://maradns.samiam.org")
> (synopsis "Small lightweight DNS server")
> (description "MaraDNS is a small and lightweight DNS server. MaraDNS

apply.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmco8bAACgkQO1qpk+Gi
3/BlzBAAkavhAKy2Zsu/r0NIEgbKdMte3JwqBM1fGCpczEgLG//+JvKkNyQlp+ds
KZtz3BaLvAHtm3FNRmMn0eeI0U+W0FeFR0at6D8piE0Kqs680dFdNufTRY0FCf9c
x5NmP3361EempZo8hXK0IOELHng/GVIU4lmy4ChszsoOShWRq4wmzO/qhlQGhcEP
a5/k5YBauQCy2UWW64O9njoCe1rj8MTJ7v6tPI3JvGD+988b3rKL7w2hFgUJ46Cb
gJUBEPPv1M/fSaODU1gGPgo4BI66Z8oVzGzVbjw7XzjpPjJZQlANPuyjDmMcAXyn
7Kzj6nNJusl0o1bK5aMAQBn/L5mvh9vYbHyK4pDdqMcWPIS5Axxh8TJG1BEIYpK3
Q1wtu9Ur4kNpiSTnfxnHGxqeoS+tZwCMSifAEKF3BEdIS+o8qn3KZ9ZX3XKl5kzq
/rDCWc/7nehOQSTXJZM89qEEclZAhqSXNN+j22LTC2iPwDNxZnn21HjEm4r8Sn68
yHP7JEm0nB9fhdGrtFhbwn/3yjfJ2zpzEXkH3g6nZOoaMpcm5+G0sxB1wFyqW9xC
K3Uw8QAjYsNc47XqMj6VMp+Dnk1J+66jMcF+W5o0ivPun2IddriPz3E3e1LxFM3J
gmBW/Tlibg06zXUdNYOZvP690kbuiBeN8tSRC8+AtPvgBhbmK7I=
=uIq9
-----END PGP SIGNATURE-----

Z
Z
Zheng Junjie wrote on 4 Nov 17:12 +0100
Re: [bug#74035] [PATCH v2 10/26] gnu: xlsxio: Update to 0.2.35. [security fixes]
(name . Nicolas Graves via Guix-patches via)(address . guix-patches@gnu.org)
87r07rou5n.fsf@iscas.ac.cn
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

Toggle quote (29 lines)
> This fixes CVE-2023-34795.
>
> * gnu/packages/xml.scm (xlsxio): Update to 0.2.35.
> ---
> gnu/packages/xml.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
> index cfd53a291a..4a3936b66d 100644
> --- a/gnu/packages/xml.scm
> +++ b/gnu/packages/xml.scm
> @@ -1545,7 +1545,7 @@ (define-public xerces-c
> (define-public xlsxio
> (package
> (name "xlsxio")
> - (version "0.2.33")
> + (version "0.2.35")
> (source
> (origin
> (method git-fetch)
> @@ -1554,7 +1554,7 @@ (define-public xlsxio
> (commit version)))
> (file-name (git-file-name name version))
> (sha256
> - (base32 "16i3yd168kb63za7jpycpb2by4831gz7wi90vzifdf85csc8c70s"))))
> + (base32 "140ap2l3qy27z1fhqpkq3a44aikhr3v5zlnm9m8vag42qiagiznx"))))
> (native-inputs
> (list expat gnu-make minizip which))
> (build-system gnu-build-system)
apply
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmco8lQACgkQO1qpk+Gi
3/DP/hAAve4s2k8SSqChFNR02OU6XxFkX11rI0ybto6vdxTK+p6j+GCDHWkAtCpM
1bO4B3E9R7ChLwUgc/4auIfC2TuISW5LLH9AEtB2c9IyGGetw2WyPrjK57WH2PRp
W37kG5sJvSY/fO4NMaA7PJRYke4ifibCD9mS/+Lb+8pn9eMTBG2t1gvZVbg4lsGF
4RomjD1y/UQ9t/7/dChB7FebC9GFnyTkUkpvu4yth5ntwgUsl3P7yhbYuF1Ag0Ef
bLL7iReiSwbHArkQUSZR5O+GOh3KlP8vtN25dPAoEP4PqyrJdtOtW0l4aRNOFXeO
l6Eg2GvWU5Mn4ZUliPGOEpaSdcYyR/vT5EqMFWgjW0BoMyaKwx1WpJIOHdSNJCna
JE0cFJbeDGr+qgT82B3TCpAU4AQPu8Gt6QrpIjCVY5i31BzRBTz+bPpcvDinPRdb
Hs5NP9PlMTGHnSZZzE18IL6Qclxj8YEZcnE87YCH/C4Cma/PubNvICKAIHtcM5EP
9cgcZEBsH3XjArkj6nujgDC5SARH2YcLUosniGOW9AU2k0bQEWNtJkimWYsN1vVY
Bu6E4yiWtWbVtUSgrxpSGgm1w7u2uEG25PSNLHHrzN9+JomWrz+OuuYsZw0RBkSl
6KgqCz0cQKkoB99UNeOT3inchxoDSDoIQ+6cjWKf1mDF7v7VTxA=
=6LOy
-----END PGP SIGNATURE-----

N
N
Nicolas Graves wrote on 6 Nov 00:10 +0100
[PATCH v3 0/8] [security] fixes for near-leaf packages
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231235.21106-1-ngraves@ngraves.fr
This patch series removes patches that have been built in the v2, so
that it's easier to review. It's also a bump for QA.

Nicolas Graves (8):
gnu: bart: Update to 0.9.00. [security fixes]
gnu: pam-u2f: Update to 1.3.0. [security fixes]
gnu: sendmail: Update to 8.18.1. [security fixes]
gnu: openvpn: Update to 2.6.12. [security fixes]
gnu: youtube-dl: Deprecate package.
gnu: unicorn: Update to 2.1.1. [security fixes]
gnu: Add sexpp.
gnu: rnp: Update to 0.17.1. [security fixes]

gnu/packages/emulators.scm | 9 +++-
gnu/packages/image-processing.scm | 8 ++--
gnu/packages/mail.scm | 5 +-
gnu/packages/openpgp.scm | 76 ++++++++++++++++++++++---------
gnu/packages/security-token.scm | 9 ++--
gnu/packages/video.scm | 3 +-
gnu/packages/vpn.scm | 4 +-
7 files changed, 75 insertions(+), 39 deletions(-)

--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:10 +0100
[PATCH v3 1/8] gnu: bart: Update to 0.9.00. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231235.21106-2-ngraves@ngraves.fr
This fixes bart reproducibility and CVE-2022-45387.

* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (38 lines)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:10 +0100
[PATCH v3 2/8] gnu: pam-u2f: Update to 1.3.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231235.21106-3-ngraves@ngraves.fr
This fixes CVE-2021-31924.

* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

Toggle diff (36 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:10 +0100
[PATCH v3 3/8] gnu: sendmail: Update to 8.18.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231235.21106-4-ngraves@ngraves.fr
This fixes CVE-2023-51765 and CVE-2021-3618.

* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2c69a7b818..ca1a55818e 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
[PATCH v4 1/8] gnu: bart: Update to 0.9.00. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231336.21640-1-ngraves@ngraves.fr
This fixes bart reproducibility and CVE-2022-45387.

* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (38 lines)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231405.21806-1-ngraves@ngraves.fr
This fixes bart reproducibility and CVE-2022-45387.

* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (38 lines)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
[PATCH v4 2/8] gnu: pam-u2f: Update to 1.3.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231405.21806-2-ngraves@ngraves.fr
This fixes CVE-2021-31924.

* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

Toggle diff (36 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
[PATCH v4 3/8] gnu: sendmail: Update to 8.18.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231405.21806-3-ngraves@ngraves.fr
This fixes CVE-2023-51765 and CVE-2021-3618.

* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 2c69a7b818..ca1a55818e 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
[PATCH v4 4/8] gnu: openvpn: Update to 2.6.12. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231405.21806-4-ngraves@ngraves.fr
Thix fixes CVE-2024-24974, CVE-2024-27459 and CVE-2024-27903.

* gnu/packages/vpn.scm (openvpn): Update to 2.6.12.
---
gnu/packages/vpn.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 9f36595bfd..193b247779 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -867,7 +867,7 @@ (define-public openfortivpn
(define-public openvpn
(package
(name "openvpn")
- (version "2.6.7")
+ (version "2.6.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -875,7 +875,7 @@ (define-public openvpn
version ".tar.gz"))
(sha256
(base32
- "04wr0g97nmv81javym8r99mglmb86v1i49xmnmzf938x1cs7g67f"))))
+ "0a8r3bvg4aic9b7dix0h7990g3j1gq17wd3w6vqk8vk8xgfhyq8w"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-iproute2=yes")))
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
[PATCH v4 5/8] gnu: youtube-dl: Deprecate package.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231405.21806-5-ngraves@ngraves.fr
This package is not developped anymore.

* gnu/packages/video.scm (youtube-dl): Deprecate package.
---
gnu/packages/video.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index ff5dcd8daa..74cfabf6e7 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -93,6 +93,7 @@ (define-module (gnu packages video)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix packages)
+ #:use-module (guix deprecation)
#:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix git-download)
@@ -3085,7 +3086,7 @@ (define-public yle-dl
video streaming services of the Finnish national broadcasting company Yle.")
(license license:gpl3+)))
-(define-public youtube-dl
+(define-deprecated/public youtube-dl #f
(package
(name "youtube-dl")
(version "2021.12.17")
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
[PATCH v4 6/8] gnu: unicorn: Update to 2.1.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231405.21806-6-ngraves@ngraves.fr
Thix fixes CVE-2021-4296.

* gnu/packages/emulators.scm (unicorn): Update to 2.1.1.
---
gnu/packages/emulators.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (27 lines)
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index f0a60c0b49..948e588c4c 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -3508,13 +3508,18 @@ (define-public zsnes
(define-public unicorn
(package
(name "unicorn")
- (version "2.0.1.post1")
+ (version "2.1.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
- (base32 "0mlfs8qfi0clyncfkbxp6in0cpl747510i6bqymwid43xcirbikz"))))
+ (base32 "18sbrycr62wcs3a68a9q76ihpahfsd4bn3mryvyhimwwn1342kwh"))
+ (modules '((guix build utils)))
+ ;; cmake files are not in the cmake dir in pypi
+ (snippet #~(substitute* "src/CMakeLists.txt"
+ (("include\\(cmake/")
+ "include(")))))
(build-system pyproject-build-system)
(native-inputs (list cmake pkg-config))
(home-page "https://www.unicorn-engine.org")
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
[PATCH v4 7/8] gnu: Add sexpp.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231405.21806-7-ngraves@ngraves.fr
* gnu/packages/openpgp.scm (sexpp): New variable.
---
gnu/packages/openpgp.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (40 lines)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 9b6f04b407..356908ab1f 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -157,3 +158,26 @@ (define-public rnp
license:asl2.0
;; Nominet UK's BSD 3-Clause License (netpgp).
license:bsd-3)))))
+
+(define-public sexpp
+ (package
+ (name "sexpp")
+ (version "0.9.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rnpgp/sexpp")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "16y9f42w6ay3w0s23xmigqm0qi1swdfvc93g2xn3xkg1r4kpmnwq"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:configure-flags '(list "-DDOWNLOAD_GTEST=off")))
+ (native-inputs (list googletest pkg-config))
+ (home-page "https://github.com/rnpgp/sexpp")
+ (synopsis "C++ library for S-expressions")
+ (description
+ "This package provides a C++ library for working with S-Expressions.")
+ (license license:expat)))
--
2.46.0
N
N
Nicolas Graves wrote on 6 Nov 00:13 +0100
[PATCH v4 8/8] gnu: rnp: Update to 0.17.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241105231405.21806-8-ngraves@ngraves.fr
This fixes CVE-2023-29479 and CVE-2023-29480.

* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.
---
gnu/packages/openpgp.scm | 52 +++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 22 deletions(-)

Toggle diff (88 lines)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 356908ab1f..baf786c5ee 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -23,6 +23,7 @@ (define-module (gnu packages openpgp)
#:use-module (guix git-download)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages check)
@@ -98,10 +99,10 @@ (define-public dkgpg
(license license:gpl2+)))
(define-public rnp
- (let ((day-of-release "2022-09-22"))
+ (let ((day-of-release "2024-05-14"))
(package
(name "rnp")
- (version "0.16.2")
+ (version "0.17.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -110,33 +111,40 @@ (define-public rnp
(file-name (git-file-name name version))
(sha256
(base32
- "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8"))))
+ "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d"))))
(build-system cmake-build-system)
- (arguments `(#:configure-flags
- '("-DBUILD_SHARED_LIBS=on"
- "-DBUILD_TESTING=on"
- "-DDOWNLOAD_GTEST=off"
- "-DDOWNLOAD_RUBYRNP=off")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-tests
- (lambda _
- (substitute* "src/tests/support.cpp"
- (("\"cp\"") (search-input-file inputs "/bin/cp")))))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (when tests?
- ;; Some OpenPGP certificates used by the tests expire.
- ;; To work around that, set the time to roughly the
- ;; release date.
- (invoke "faketime" ,day-of-release "make" "test")))))))
+ (arguments
+ (list
+ #:configure-flags
+ ''("-DBUILD_SHARED_LIBS=on"
+ "-DBUILD_TESTING=on"
+ "-DDOWNLOAD_GTEST=off"
+ "-DDOWNLOAD_RUBYRNP=off")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'patch-tests
+ (lambda _
+ (substitute* "src/tests/support.cpp"
+ (("\"cp\"") (search-input-file inputs "/bin/cp")))))
+ (add-after 'unpack 'inject-sexpp-source
+ (lambda _
+ (rmdir "src/libsexpp")
+ (symlink #$(package-source (this-package-input "sexpp"))
+ "src/libsexpp")))
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ ;; Some OpenPGP certificates used by the tests expire.
+ ;; To work around that, set the time to roughly the
+ ;; release date.
+ (invoke "faketime" #$day-of-release "make" "test")))))))
(native-inputs
(list gnupg ; for tests
googletest ; for tests
libfaketime ; for tests
pkg-config
python))
- (inputs (list botan bzip2 json-c zlib))
+ (inputs (list botan bzip2 json-c sexpp zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description
--
2.46.0
L
L
Ludovic Courtès wrote on 6 Nov 17:09 +0100
Re: [bug#74035] [PATCH v2 20/26] gnu: liblouis: Update to 3.31.0. [security fixes]
(name . Zheng Junjie)(address . zhengjunjie@iscas.ac.cn)
87ed3owdgo.fsf@gnu.org
Hi,

Zheng Junjie <zhengjunjie@iscas.ac.cn> skribis:

Toggle quote (8 lines)
> Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:
>
>> This fixes CVE-2022-26981.
>>
>> * gnu/packages/language.scm (liblouis): Update to 3.31.0.
>> [arguments]: Improve style using gexps.
>> [native-inputs]: Rewrite and replace python-wrapper by python.

[...]

Toggle quote (2 lines)
> apply, adjust message and use python-minimal, not python.

Apparently this broke liblouisutdml:

Many test failures like this:

Toggle snippet (12 lines)
warning: lou_getDataPath is deprecated.
../../lbu_files/wiskunde.ctb:43: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:44: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:45: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:46: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:47: warning: class is deprecated, use attribute instead
../../lbu_files/wiskunde.ctb:49: warning: class is deprecated, use attribute instead
unicode.dis,../../lbu_files/wiskunde.ctb,braille-patterns.cti: 6 warnings issued
warning: lou_getDataPath is deprecated.
FAIL test_mathml_woluwe/test_045.test (exit status: 1)

Ludo’.
Z
(name . Ludovic Courtès)(address . ludo@gnu.org)
87zfmbxpai.fsf@iscas.ac.cn
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (36 lines)
> Hi,
>
> Zheng Junjie <zhengjunjie@iscas.ac.cn> skribis:
>
>> Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:
>>
>>> This fixes CVE-2022-26981.
>>>
>>> * gnu/packages/language.scm (liblouis): Update to 3.31.0.
>>> [arguments]: Improve style using gexps.
>>> [native-inputs]: Rewrite and replace python-wrapper by python.
>
> [...]
>
>> apply, adjust message and use python-minimal, not python.
>
> Apparently this broke liblouisutdml:
> <https://ci.guix.gnu.org/build/6336033/details>.
>
> Many test failures like this:
>
> --8<---------------cut here---------------start------------->8---
> warning: lou_getDataPath is deprecated.
> ../../lbu_files/wiskunde.ctb:43: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:44: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:45: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:46: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:47: warning: class is deprecated, use attribute instead
> ../../lbu_files/wiskunde.ctb:49: warning: class is deprecated, use attribute instead
> unicode.dis,../../lbu_files/wiskunde.ctb,braille-patterns.cti: 6 warnings issued
> warning: lou_getDataPath is deprecated.
> FAIL test_mathml_woluwe/test_045.test (exit status: 1)
> --8<---------------cut here---------------end--------------->8---
>
> Ludo’.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcsorUACgkQO1qpk+Gi
3/D6UxAAgj+9kBiDy5JCwRZkXoYfsvU32HofhHvMV3JY/yMgAqvaxs1Hl2KPnCas
JV0Eg5MB3Ay9FFAWVky5ZsIPaHJn2jjjAC/tys5lg/qOiHUyW1/ZWjSpI/DVzOj/
Me6KoLQd3GI4OvIST6Tw/kBhQHei86dtc+qiB7k0zqbmJ19wq4NesGDpX43jLxE5
Wwavet5Cdj3hUWOW0ekeAQG44+rQGQcwwVTPCitBD8BzAYhk0HGNhYckrGsF7XB6
Jc8lKpdtSQZ3VF39W9RR0gaU+sM3+2MLMIo8xmbSLy1RjUihn6JJnTAUE+erD3+8
o0bKdyk/EVpHtVZ0badFpPfIqgtahv1enwoI+CI7hcitVnNKfJnt1NHGl+f9Tx9y
lvY4D0FnoE2DuMOiaLNueSUjTUsxqj1CLXs8BHQL2tJTOdXMjOElFMHsibqn5ckZ
Rx7WOCiYXo47A6FuYdROXKF+dkF58PG2nRyGw51Ph6K/xjBoH7LcZ53Wxcx7sR5y
CwPGLES2B9rPtG/XHev32jYdj3Z9OlVcb5nnwIJZ8nQX0uINZumzG9zT0pUYcH3C
QKSBzE9RMsg1XomCwTmZ85ywFh+RkySq3aAft45I4T5NWvZNcn4EiIQ6qpu33yi0
fq5q77qxfW5x8zbrz647l9KNGsa2lLCynazPFxw2UMLXkTJ/Smw=
=GonE
-----END PGP SIGNATURE-----

M
M
Maxim Cournoyer wrote on 11 Nov 12:47 +0100
Re: [bug#74035] [PATCH v4 1/8] gnu: bart: Update to 0.9.00. [security fixes]
(name . Nicolas Graves)(address . ngraves@ngraves.fr)(address . 74035@debbugs.gnu.org)
87r07i9em7.fsf@gmail.com
Hi,

Nicolas Graves <ngraves@ngraves.fr> writes:

Toggle quote (2 lines)
> This fixes bart reproducibility and CVE-2022-45387.

CVE-2022-45387 is about the Jenkins bart plugin, not this BART toolbox
software; so it's nice to update it but there's no CVE fix here.

--
Thanks,
Maxim
M
M
Maxim Cournoyer wrote on 11 Nov 12:48 +0100
Re: [bug#74035] [PATCH v4 5/8] gnu: youtube-dl: Deprecate package.
(name . Nicolas Graves)(address . ngraves@ngraves.fr)(address . 74035@debbugs.gnu.org)
87msi69eju.fsf@gmail.com
Hi Nicolas,

Nicolas Graves <ngraves@ngraves.fr> writes:

Toggle quote (4 lines)
> This package is not developped anymore.
>
> * gnu/packages/video.scm (youtube-dl): Deprecate package.

This is maybe a bit preposterous; the repository is still alive, last
touched in August of this year [0].


I've dropped this commit from my locally queued series.

--
Thanks,
Maxim
M
M
Maxim Cournoyer wrote on 11 Nov 14:14 +0100
Re: [bug#74035] [PATCH v4 8/8] gnu: rnp: Update to 0.17.1. [security fixes]
(name . Nicolas Graves)(address . ngraves@ngraves.fr)(address . 74035@debbugs.gnu.org)
875xotap5c.fsf@gmail.com
Hi,

Nicolas Graves <ngraves@ngraves.fr> writes:

Toggle quote (7 lines)
> This fixes CVE-2023-29479 and CVE-2023-29480.
>
> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
> [arguments]: Improve style using gexps.
> <#:phases>: Add phase 'inject-sexpp-source.
> [inputs]: Add sexpp.

This one fails its test suite for me:

Toggle snippet (7 lines)
Start 15: rnp_tests.s2k_iteration_tuning
16/263 Test #15: rnp_tests.s2k_iteration_tuning ................................................***Failed 8.02 sec
[...]
The following tests FAILED:
15 - rnp_tests.s2k_iteration_tuning (Failed)

It should probably be repoted upstream.

--
Thanks,
Maxim
N
N
Nicolas Graves wrote on 11 Nov 16:22 +0100
Re: [bug#74035] [PATCH v4 5/8] gnu: youtube-dl: Deprecate package.
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 74035@debbugs.gnu.org)
87o72l6bin.fsf@ngraves.fr
On 2024-11-11 20:48, Maxim Cournoyer wrote:

Toggle quote (15 lines)
> Hi Nicolas,
>
> Nicolas Graves <ngraves@ngraves.fr> writes:
>
>> This package is not developped anymore.
>>
>> * gnu/packages/video.scm (youtube-dl): Deprecate package.
>
> This is maybe a bit preposterous; the repository is still alive, last
> touched in August of this year [0].
>
> [0] https://github.com/ytdl-org/youtube-dl
>
> I've dropped this commit from my locally queued series.

My bad, I only checked the home-page because I thought development was
halted (and basically efforts for that functionality went to yt-dlp
instead) for legal reasons. At least the home-page is indeed blocked in
France. I haven't tested the package, OK to drop this commit.

--
Best regards,
Nicolas Graves
N
N
Nicolas Graves wrote on 11 Nov 16:23 +0100
Re: [bug#74035] [PATCH v4 8/8] gnu: rnp: Update to 0.17.1. [security fixes]
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 74035@debbugs.gnu.org)
87ldxp6bhe.fsf@ngraves.fr
On 2024-11-11 22:14, Maxim Cournoyer wrote:

Toggle quote (23 lines)
> Hi,
>
> Nicolas Graves <ngraves@ngraves.fr> writes:
>
>> This fixes CVE-2023-29479 and CVE-2023-29480.
>>
>> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
>> [arguments]: Improve style using gexps.
>> <#:phases>: Add phase 'inject-sexpp-source.
>> [inputs]: Add sexpp.
>
> This one fails its test suite for me:
>
> --8<---------------cut here---------------start------------->8---
> Start 15: rnp_tests.s2k_iteration_tuning
> 16/263 Test #15: rnp_tests.s2k_iteration_tuning ................................................***Failed 8.02 sec
> [...]
> The following tests FAILED:
> 15 - rnp_tests.s2k_iteration_tuning (Failed)
> --8<---------------cut here---------------end--------------->8---
>
> It should probably be repoted upstream.

Strange, it worked for me IIRC. Maybe tests are flaky and we should
exclude this one?

--
Best regards,
Nicolas Graves
N
N
Nicolas Graves wrote on 11 Nov 16:23 +0100
Re: [bug#74035] [PATCH v4 1/8] gnu: bart: Update to 0.9.00. [security fixes]
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 74035@debbugs.gnu.org)
87ikst6bga.fsf@ngraves.fr
On 2024-11-11 20:47, Maxim Cournoyer wrote:

Toggle quote (9 lines)
> Hi,
>
> Nicolas Graves <ngraves@ngraves.fr> writes:
>
>> This fixes bart reproducibility and CVE-2022-45387.
>
> CVE-2022-45387 is about the Jenkins bart plugin, not this BART toolbox
> software; so it's nice to update it but there's no CVE fix here.

Indeed, thanks for checking!

--
Best regards,
Nicolas Graves
M
M
Maxim Cournoyer wrote on 12 Nov 12:54 +0100
Re: [bug#74035] [PATCH v4 8/8] gnu: rnp: Update to 0.17.1. [security fixes]
(name . Nicolas Graves)(address . ngraves@ngraves.fr)(address . 74035-done@debbugs.gnu.org)
87jzd84qgr.fsf@gmail.com
Hi Nicolas,

Nicolas Graves <ngraves@ngraves.fr> writes:

Toggle quote (28 lines)
> On 2024-11-11 22:14, Maxim Cournoyer wrote:
>
>> Hi,
>>
>> Nicolas Graves <ngraves@ngraves.fr> writes:
>>
>>> This fixes CVE-2023-29479 and CVE-2023-29480.
>>>
>>> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
>>> [arguments]: Improve style using gexps.
>>> <#:phases>: Add phase 'inject-sexpp-source.
>>> [inputs]: Add sexpp.
>>
>> This one fails its test suite for me:
>>
>> --8<---------------cut here---------------start------------->8---
>> Start 15: rnp_tests.s2k_iteration_tuning
>> 16/263 Test #15: rnp_tests.s2k_iteration_tuning ................................................***Failed 8.02 sec
>> [...]
>> The following tests FAILED:
>> 15 - rnp_tests.s2k_iteration_tuning (Failed)
>> --8<---------------cut here---------------end--------------->8---
>>
>> It should probably be repoted upstream.
>
> Strange, it worked for me IIRC. Maybe tests are flaky and we should
> exclude this one?

The test appears to be sensitive to the CPU speed; upstream provided a
solution. I've now applied this series, culminating with commit
44b06b030d. Thank you!

--
Maxim
Closed
M
M
Maxim Cournoyer wrote on 12 Nov 15:12 +0100
(name . Nicolas Graves)(address . ngraves@ngraves.fr)(address . 74035@debbugs.gnu.org)
87frnw1qyq.fsf@gmail.com
Hi,

Nicolas Graves <ngraves@ngraves.fr> writes:

Toggle quote (7 lines)
> This fixes CVE-2023-29479 and CVE-2023-29480.
>
> * gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
> [arguments]: Improve style using gexps.
> <#:phases>: Add phase 'inject-sexpp-source.
> [inputs]: Add sexpp.

I could work it out with this:

Toggle snippet (49 lines)
modified gnu/packages/openpgp.scm
@@ -117,6 +117,9 @@ (define-public rnp
(list
#:configure-flags
''("-DBUILD_SHARED_LIBS=on"
+ ;; Lower the minimum tuning ratio from 6 to 4, as suggested
+ ;; upstream to avoid the s2k_iteration_tuning failing.
+ "-DS2K_MINIMUM_TUNING_RATIO=4"
"-DBUILD_TESTING=on"
"-DDOWNLOAD_GTEST=off"
"-DDOWNLOAD_RUBYRNP=off")
@@ -129,22 +132,27 @@ (define-public rnp
(add-after 'unpack 'inject-sexpp-source
(lambda _
(rmdir "src/libsexpp")
- (symlink #$(package-source (this-package-input "sexpp"))
+ (symlink #$(package-source (this-package-native-input "sexpp"))
"src/libsexpp")))
(replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
+ (lambda* (#:key tests? parallel-tests? #:allow-other-keys)
(when tests?
;; Some OpenPGP certificates used by the tests expire.
;; To work around that, set the time to roughly the
;; release date.
- (invoke "faketime" #$day-of-release "make" "test")))))))
+ (setenv "CTEST_OUTPUT_ON_FAILURE" "1")
+ (invoke "faketime" #$day-of-release "ctest"
+ "-j" (if parallel-tests?
+ (number->string (parallel-job-count))
+ "1"))))))))
(native-inputs
- (list gnupg ; for tests
- googletest ; for tests
- libfaketime ; for tests
+ (list gnupg ;for tests
+ googletest ;for tests
+ libfaketime ;for tests
pkg-config
- python))
- (inputs (list botan bzip2 json-c sexpp zlib))
+ python
+ sexpp)) ;sexpp is used as source only
+ (inputs (list botan bzip2 json-c zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description

Thanks to upstream's extreme responsiveness (answered in seconds!)

Nitpick: inline comments shouldn't have a space between the ';' and the text.

I've also made the test suite run in parallel and restored the
CTEST_OUTPUT_ON_FAILURE behavior of the stock check phase, as that's
very useful in case of problems.

--
Thanks,
Maxim
?
Your comment

This issue is archived.

To comment on this conversation send an email to 74035@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 74035
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch