[PATCH 00/24] [security fixes] for near-leaf packages

  • Open
  • quality assurance status badge
Details
One participant
  • Nicolas Graves
Owner
unassigned
Submitted by
Nicolas Graves
Severity
normal
N
N
Nicolas Graves wrote 7 days ago
(address . guix-patches@gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026223238.26667-1-ngraves@ngraves.fr
This patch series adds updates and security fixes for packages that
have less than 10 dependent packages.

Nicolas Graves (24):
gnu: python-django-4.2: Update to 4.2.16. [security fixes]
gnu: maradns: Update to 3.5.0036. [security fixes]
gnu: maradns: Improve style.
gnu: libmobi: Update to 0.12. [security fixes]
gnu: bart: Update to 0.9.00. [security fixes]
gnu: wireshark: Update to 4.4.1. [security fixes]
gnu: pam-u2f: Update to 1.3.0. [security fixes]
gnu: darkhttpd: Update to 1.16. [security fixes]
gnu: xlsxio: Update to 0.2.35. [security fixes]
gnu: pypy: Update to 7.3.17. [security fixes]
gnu: indent: Remove uneeded arguments.
gnu: indent: Add patch for CVE-2024-0911. [security fixes]
gnu: squashfs-tools: Update to 4.6.1. [security fixes]
gnu: shapelib: Update to 1.6.1. [security fixes]
gnu: libzapojit: Update to 0.0.3-1.99d49ba. [security fixes]
gnu: gifsicle: Update to 1.95. [security fixes]
gnu: sendmail: Update to 8.18.1. [security fixes]
gnu: openvpn: Update to 2.6.12. [security fixes]
gnu: youtube-dl: Deprecate package.
gnu: liblouis: Update to 3.31.0. [security fixes]
gnu: unicorn: Update to 2.1.1. [security fixes]
gnu: Add sexpp.
gnu: rnp: Update to 0.17.1. [security fixes]
gnu: cjson: Update to 1.7.18. [security fixes]

gnu/local.mk | 1 +
gnu/packages/code.scm | 31 +-------
gnu/packages/compression.scm | 52 ++++++-------
gnu/packages/django.scm | 8 +-
gnu/packages/dns.scm | 64 ++++++++--------
gnu/packages/ebook.scm | 4 +-
gnu/packages/emulators.scm | 9 ++-
gnu/packages/geo.scm | 8 +-
gnu/packages/gnome.scm | 45 ++++++-----
gnu/packages/image-processing.scm | 8 +-
gnu/packages/image.scm | 4 +-
gnu/packages/javascript.scm | 4 +-
gnu/packages/language.scm | 47 ++++++------
gnu/packages/mail.scm | 5 +-
gnu/packages/networking.scm | 4 +-
gnu/packages/openpgp.scm | 76 +++++++++++++------
.../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++
gnu/packages/pypy.scm | 4 +-
gnu/packages/security-token.scm | 9 +--
gnu/packages/video.scm | 3 +-
gnu/packages/vpn.scm | 4 +-
gnu/packages/web.scm | 24 +++---
gnu/packages/xml.scm | 4 +-
23 files changed, 278 insertions(+), 201 deletions(-)
create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch

--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 01/24] gnu: python-django-4.2: Update to 4.2.16. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-1-ngraves@ngraves.fr
This fixes CVE-2024-24680, CVE-2024-41989, CVE-2024-41990,
CVE-2024-41991, CVE-2024-42005, CVE-2024-45230, CVE-2024-45231,
CVE-2023-43665 and CVE-2023-46695.

* gnu/packages/django.scm (python-django-4.2): Update to 4.2.16.
[properties]: Add lint-hidden-cve property.
---
gnu/packages/django.scm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

Toggle diff (33 lines)
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index 4404c8368d..4cf043f7c1 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -57,13 +57,13 @@ (define-module (gnu packages django)
(define-public python-django-4.2
(package
(name "python-django")
- (version "4.2.5")
+ (version "4.2.16")
(source (origin
(method url-fetch)
(uri (pypi-uri "Django" version))
(sha256
(base32
- "1ha6c5j3pizbsfzw37r52lvdz8z5lblq4iwa99mpkdzz92aiqp2y"))))
+ "1b8xgwg3gjr974j60x3vgcpp85cg5dwhzqdpdbl8qh3cg311c5kg"))))
(build-system pyproject-build-system)
(arguments
'(#:test-flags
@@ -140,7 +140,9 @@ (define-public python-django-4.2
any Web site. Django focuses on automating as much as possible and adhering
to the @dfn{don't repeat yourself} (DRY) principle.")
(license license:bsd-3)
- (properties `((cpe-name . "django")))))
+ (properties `((cpe-name . "django")
+ ;; This CVE seems fixed since 4.2.1.
+ (lint-hidden-cve . ("CVE-2023-31047"))))))
(define-public python-django-3.2
(package
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 02/24] gnu: maradns: Update to 3.5.0036. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-2-ngraves@ngraves.fr
This fixes CVE-2023-31137.

* gnu/packages/dns.scm (maradns): Update to 3.5.0036.
[properties]: Add release-monitoring-url property.
---
gnu/packages/dns.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

Toggle diff (33 lines)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index e911a142ef..bd2df30f01 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1181,7 +1181,7 @@ (define-public public-suffix-list
(define-public maradns
(package
(name "maradns")
- (version "3.5.0022")
+ (version "3.5.0036")
(source
(origin
(method url-fetch)
@@ -1189,7 +1189,7 @@ (define-public maradns
(version-major+minor version) "/"
version "/maradns-" version ".tar.xz"))
(sha256
- (base32 "1sw267jxxxngjcar8cj3jpxnpiz0szgkhlz5l46c67qs690w9kdi"))))
+ (base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
`(#:tests? #f ; need to be root to run tests
@@ -1226,6 +1226,8 @@ (define-public maradns
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
consists of a UDP-only authoritative DNS server for hosting domains, and a UDP
and TCP-capable recursive DNS server for finding domains on the internet.")
+ (properties '((release-monitoring-url
+ . "https://maradns.samiam.org/download.html")))
(license license:bsd-2)))
(define-public openresolv
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 03/24] gnu: maradns: Improve style.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-3-ngraves@ngraves.fr
* gnu/packages/dns.scm (maradns)[arguments]: Use gexps.
---
gnu/packages/dns.scm | 58 ++++++++++++++++++++++----------------------
1 file changed, 29 insertions(+), 29 deletions(-)

Toggle diff (71 lines)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index bd2df30f01..7a78fb0308 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -1192,35 +1192,35 @@ (define-public maradns
(base32 "185kl7zfvnwzfpyxbzpwck13m468av74kbqijp0s4v33iicfpnvc"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; need to be root to run tests
- #:make-flags
- (list
- ,(string-append "CC=" (cc-for-target))
- (string-append "PREFIX=" %output)
- (string-append "RPM_BUILD_ROOT=" %output))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda* (#:key native-inputs target #:allow-other-keys)
- ;; make_32bit_tables generates a header file that is used during
- ;; compilation. Hence, during cross compilation, it should be
- ;; built for the host system.
- (when target
- (substitute* "rng/Makefile"
- (("\\$\\(CC\\) -o make_32bit_tables")
- (string-append (assoc-ref native-inputs "gcc")
- "/bin/gcc -o make_32bit_tables"))))
- (invoke "./configure")))
- (add-before 'install 'create-install-directories
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out")))
- (for-each (lambda (dir)
- (mkdir-p (string-append out dir)))
- (list "/bin" "/sbin" "/etc"
- "/share/man/man1"
- "/share/man/man5"
- "/share/man/man8"))
- #t))))))
+ (list
+ #:tests? #f ; need to be root to run tests
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ (string-append "PREFIX=" #$output)
+ (string-append "RPM_BUILD_ROOT=" #$output))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda* (#:key native-inputs target #:allow-other-keys)
+ ;; make_32bit_tables generates a header file that is used during
+ ;; compilation. Hence, during cross compilation, it should be
+ ;; built for the host system.
+ (when target
+ (substitute* "rng/Makefile"
+ (("\\$\\(CC\\) -o make_32bit_tables")
+ (string-append (search-input-file native-inputs "/bin/gcc")
+ " -o make_32bit_tables"))))
+ ;; ./configure doesn't support default flags
+ (invoke "./configure")))
+ (add-before 'install 'create-install-directories
+ (lambda _
+ (for-each (lambda (dir)
+ (mkdir-p (string-append #$output dir)))
+ (list "/bin" "/sbin" "/etc"
+ "/share/man/man1"
+ "/share/man/man5"
+ "/share/man/man8")))))))
(home-page "https://maradns.samiam.org")
(synopsis "Small lightweight DNS server")
(description "MaraDNS is a small and lightweight DNS server. MaraDNS
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 04/24] gnu: libmobi: Update to 0.12. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-4-ngraves@ngraves.fr
This fixes CVE-2022-1533, CVE-2022-1534, CVE-2022-1907, CVE-2022-1908,
CVE-2022-1987, CVE-2022-2279, CVE-2022-29788, CVE-2021-3751,
CVE-2021-3881, CVE-2021-3888 and CVE-2021-3889.

* gnu/packages/ebook.scm (libmobi): Update to 0.12.
---
gnu/packages/ebook.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/ebook.scm b/gnu/packages/ebook.scm
index dc30c98fdf..bf8dcfad09 100644
--- a/gnu/packages/ebook.scm
+++ b/gnu/packages/ebook.scm
@@ -648,7 +648,7 @@ (define-public xchm
(define-public libmobi
(package
(name "libmobi")
- (version "0.6")
+ (version "0.12")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -657,7 +657,7 @@ (define-public libmobi
(file-name (git-file-name name version))
(sha256
(base32
- "0yps72cm609xn2k7alflkdhp9kgr1w7zzyxjygz0n1kqrdcplihh"))))
+ "0cwya9n0rd97ai0fcqjwq7b3sjzigf3ywp7bnkbbw541f3knpds9"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 05/24] gnu: bart: Update to 0.9.00. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-5-ngraves@ngraves.fr
This fixes bart reproducibility and CVE-2022-45387.

* gnu/packages/image-processing.scm (bart): Update to 0.9.00.
---
gnu/packages/image-processing.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (38 lines)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index a79eaf6aed..3a7c67362f 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -115,20 +115,19 @@ (define-module (gnu packages image-processing)
#:use-module (ice-9 match)
#:use-module (srfi srfi-1))
-;; TODO: this is not reproducible.
(define-public bart
(package
(name "bart")
- (version "0.8.00")
+ (version "0.9.00")
(source
(origin
(method git-fetch)
(uri (git-reference
(url "https://github.com/mrirecon/bart")
- (commit "eacc67b95cf128487ecc48f0e6541ea4dca08818")))
+ (commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "05lcf7c3g7ms5h82bw1mi4kzkdv5wpqi1zrfhqfkgbcpd3irj6aq"))))
+ (base32 "0mj6jmw31rsnvqmpfqahhj4cy9iv5xgrhzmcsrikdz5dgd45lmjz"))))
(build-system gnu-build-system)
(arguments
(list
@@ -140,6 +139,7 @@ (define-public bart
"OPENBLAS=1"
"SCALAPACK=1"
(string-append "BLAS_BASE=" #$(this-package-input "openblas"))
+ (string-append "CC=" #$(cc-for-target))
(string-append "FFTW_BASE=" #$(this-package-input "fftw")))
#:parallel-build? #false ;leads to non-deterministic output
#:phases
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 06/24] gnu: wireshark: Update to 4.4.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-6-ngraves@ngraves.fr
This fixes CVE-2024-9780.

* gnu/packages/networking.scm (wireshark): Update to 4.4.1.
---
gnu/packages/networking.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 7ed011a7f4..31b72f1104 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -1805,14 +1805,14 @@ (define-public whois
(define-public wireshark
(package
(name "wireshark")
- (version "4.4.0")
+ (version "4.4.1")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.wireshark.org/download/src/wireshark-"
version ".tar.xz"))
(sha256
- (base32 "0s8jqxcvq7ibfsq8v4scl8dq7y5hqgpivq4iw9y2x6jj136cvmga"))))
+ (base32 "1v2nflm8rdifc6pwlzn1ciz22wl15zwkqs3r7gjw60kh59brd7ib"))))
(build-system qt-build-system)
(arguments
(list
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 07/24] gnu: pam-u2f: Update to 1.3.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-7-ngraves@ngraves.fr
This fixes CVE-2021-31924.

* gnu/packages/security-token.scm (pam-u2f): Update to 1.3.0.
[inputs]: Add libfido2, openssl. Remove libu2f-host, libu2f-server.
[native-inputs]: Sort packages.
---
gnu/packages/security-token.scm | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)

Toggle diff (36 lines)
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index 5abb461c0c..156a7d5e28 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -682,7 +682,7 @@ (define-public libu2f-server
(define-public pam-u2f
(package
(name "pam-u2f")
- (version "1.0.8")
+ (version "1.3.0")
(source (origin
(method git-fetch)
(uri
@@ -691,17 +691,16 @@ (define-public pam-u2f
(commit (string-append "pam_u2f-" version))))
(file-name (git-file-name name version))
(sha256
- (base32
- "04d9davyi33gqbvga1rvh9fijp6f16mx2xmnn4n61rnhcn2jac98"))))
+ (base32 "1swvys98mw7ailllgqicvhj315qajhvqrmm314cp3bj0l76s9qpv"))))
(build-system gnu-build-system)
(arguments
`(#:configure-flags
(list (string-append "--with-pam-dir="
(assoc-ref %outputs "out") "/lib/security"))))
(inputs
- (list libu2f-host libu2f-server linux-pam))
+ (list libfido2 linux-pam openssl))
(native-inputs
- (list autoconf automake libtool asciidoc pkg-config))
+ (list asciidoc autoconf automake libtool pkg-config))
(home-page "https://developers.yubico.com/pam-u2f/")
(synopsis "PAM module for U2F authentication")
(description
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 08/24] gnu: darkhttpd: Update to 1.16. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-8-ngraves@ngraves.fr
This fixes CVE-2024-23770 and CVE-2024-23771.

* gnu/packages/web.scm (darkhttpd): Update to 1.16.
[arguments]: Improve style.
---
gnu/packages/web.scm | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)

Toggle diff (46 lines)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 34739bf088..eb27d3448c 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6417,7 +6417,7 @@ (define-public surfraw
(define-public darkhttpd
(package
(name "darkhttpd")
- (version "1.13")
+ (version "1.16")
(source
(origin
(method git-fetch)
@@ -6426,20 +6426,18 @@ (define-public darkhttpd
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk"))))
+ (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm"))))
(build-system gnu-build-system)
(arguments
- `(#:make-flags
- (list (string-append "CC=" ,(cc-for-target)))
- #:tests? #f ; No test suite
- #:phases
- (modify-phases %standard-phases
- (delete 'configure) ; no configure script
- (replace 'install
- (lambda* (#:key outputs #:allow-other-keys)
- (install-file "darkhttpd"
- (string-append (assoc-ref outputs "out")
- "/bin")))))))
+ (list
+ #:make-flags #~(list (string-append "CC=" #$(cc-for-target)))
+ #:tests? #f ; No test suite
+ #:phases
+ #~(modify-phases %standard-phases
+ (delete 'configure) ; no configure script
+ (replace 'install
+ (lambda _
+ (install-file "darkhttpd" (string-append #$output "/bin")))))))
(synopsis "Simple static web server")
(description "darkhttpd is a simple static web server. It is
standalone and does not need inetd or ucspi-tcp. It does not need any
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 09/24] gnu: xlsxio: Update to 0.2.35. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-9-ngraves@ngraves.fr
This fixes CVE-2023-34795.

* gnu/packages/xml.scm (xlsxio): Update to 0.2.35.
---
gnu/packages/xml.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index cfd53a291a..4a3936b66d 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -1545,7 +1545,7 @@ (define-public xerces-c
(define-public xlsxio
(package
(name "xlsxio")
- (version "0.2.33")
+ (version "0.2.35")
(source
(origin
(method git-fetch)
@@ -1554,7 +1554,7 @@ (define-public xlsxio
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "16i3yd168kb63za7jpycpb2by4831gz7wi90vzifdf85csc8c70s"))))
+ (base32 "140ap2l3qy27z1fhqpkq3a44aikhr3v5zlnm9m8vag42qiagiznx"))))
(native-inputs
(list expat gnu-make minizip which))
(build-system gnu-build-system)
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 10/24] gnu: pypy: Update to 7.3.17. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-10-ngraves@ngraves.fr
This fixes CVE-2022-37454.

* gnu/packages/pypy.scm (pypy): Update to 7.3.17.
---
gnu/packages/pypy.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/pypy.scm b/gnu/packages/pypy.scm
index a39621b5ad..90986ac096 100644
--- a/gnu/packages/pypy.scm
+++ b/gnu/packages/pypy.scm
@@ -42,14 +42,14 @@ (define-module (gnu packages pypy)
(define-public pypy
(package
(name "pypy")
- (version "7.3.13")
+ (version "7.3.17")
(source (origin
(method url-fetch)
(uri (string-append "https://downloads.python.org/pypy/"
"pypy3.10-v" version "-src.tar.bz2"))
(sha256
(base32
- "0v9s6pwrnaxqi5h1pvmaphj6kgyczx07ykl07hcx656h34y77haa"))))
+ "1xsbn9mbxi2kai4gg1nz6n6cbqsq60qh65f5l6ld7ip9g32lpmva"))))
(build-system gnu-build-system)
(arguments
(list
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 11/24] gnu: indent: Remove uneeded arguments.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-11-ngraves@ngraves.fr
* gnu/packages/code.scm (indent)
[arguments]: Remove field.
[native-inputs]: Remove automake.
---
gnu/packages/code.scm | 27 +--------------------------
1 file changed, 1 insertion(+), 26 deletions(-)

Toggle diff (41 lines)
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index bbf10be987..094dd32982 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -881,33 +881,8 @@ (define-public indent
(sha256
(base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
(build-system gnu-build-system)
- (arguments
- `(#:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'fix-docdir
- (lambda _
- ;; Although indent uses a modern autoconf in which docdir
- ;; defaults to PREFIX/share/doc, the doc/Makefile.am
- ;; overrides this to be in PREFIX/doc. Fix this.
- (substitute* "doc/Makefile.in"
- (("^docdir = .*$") "docdir = @docdir@\n"))
- #t))
- (add-after 'unpack 'fix-configure
- (lambda* (#:key inputs native-inputs #:allow-other-keys)
- ;; Replace outdated config.sub and config.guess:
- (with-directory-excursion "config"
- (for-each (lambda (file)
- (install-file
- (string-append (assoc-ref
- (or native-inputs inputs) "automake")
- "/share/automake-"
- ,(version-major+minor
- (package-version automake))
- "/" file) "."))
- '("config.sub" "config.guess")))
- #t)))))
(native-inputs
- (list texinfo automake)) ; For up to date 'config.guess' and 'config.sub'.
+ (list texinfo))
(synopsis "Code reformatter")
(description
"Indent is a program that makes source code easier to read by
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 12/24] gnu: indent: Add patch for CVE-2024-0911. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-12-ngraves@ngraves.fr
* gnu/packages/patches/indent-CVE-2024-0911.patch: Add patch here...
* gnu/local.mk: ...here...
* gnu/packages/code.scm (indent)[source]<origin>: ...and here.
---
gnu/local.mk | 1 +
gnu/packages/code.scm | 4 +-
.../patches/indent-CVE-2024-0911.patch | 61 +++++++++++++++++++
3 files changed, 65 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/indent-CVE-2024-0911.patch

Toggle diff (96 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index d253b424bb..1a69a22aba 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1559,6 +1559,7 @@ dist_patch_DATA = \
%D%/packages/patches/idris-test-ffi008.patch \
%D%/packages/patches/igraph-fix-varargs-integer-size.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
+ %D%/packages/patches/indent-CVE-2024-0911.patch \
%D%/packages/patches/instead-use-games-path.patch \
%D%/packages/patches/intltool-perl-compatibility.patch \
%D%/packages/patches/irrlicht-use-system-libs.patch \
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 094dd32982..dda37528b8 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -879,7 +879,9 @@ (define-public indent
(uri (string-append "mirror://gnu/indent/indent-" version
".tar.gz"))
(sha256
- (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))))
+ (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))
+ ;; Remove patch when updating.
+ (patches (search-patches "indent-CVE-2024-0911.patch"))))
(build-system gnu-build-system)
(native-inputs
(list texinfo))
diff --git a/gnu/packages/patches/indent-CVE-2024-0911.patch b/gnu/packages/patches/indent-CVE-2024-0911.patch
new file mode 100644
index 0000000000..4687d3f59a
--- /dev/null
+++ b/gnu/packages/patches/indent-CVE-2024-0911.patch
@@ -0,0 +1,61 @@
+Upstream issue: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
+Signed-off-by: Petr Písa? <ppisar@redhat.com>
+---
+ regression/TEST | 2 +-
+ regression/input/comment-parent-heap-underread.c | 3 +++
+ regression/standard/comment-parent-heap-underread.c | 5 +++++
+ src/output.c | 2 +-
+ 4 files changed, 10 insertions(+), 2 deletions(-)
+ create mode 100644 regression/input/comment-parent-heap-underread.c
+ create mode 100644 regression/standard/comment-parent-heap-underread.c
+
+diff --git a/regression/TEST b/regression/TEST
+index 7c07c2e..951b1a2 100755
+--- a/regression/TEST
++++ b/regression/TEST
+@@ -40,6 +40,7 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
+ macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
+ bug-gnu-33364.c float-constant-suffix.c block-comments.c \
+- no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c"
++ no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c \
++ comment-parent-heap-underread.c"
+
+ INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
+ indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
+diff --git a/regression/input/comment-parent-heap-underread.c
+b/regression/input/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..68e13cf
+--- /dev/null
++++ b/regression/input/comment-parent-heap-underread.c
+@@ -0,0 +1,3 @@
++void foo(void) {
++/*a*/(1);
++}
+diff --git a/regression/standard/comment-parent-heap-underread.c
+b/regression/standard/comment-parent-heap-underread.c
+new file mode 100644
+index 0000000..9a1c6e3
+--- /dev/null
++++ b/regression/standard/comment-parent-heap-underread.c
+@@ -0,0 +1,5 @@
++void
++foo (void)
++{
++/*a*/ (1);
++}
+diff --git a/src/output.c b/src/output.c
+index ee01bcc..17eee6e 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -290,7 +290,7 @@ void set_buf_break (
+ /* Did we just parse a bracket that will be put on the next line
+ * by this line break? */
+
+- if ((*token == '(') || (*token == '['))
++ if (level > 0 && ((*token == '(') || (*token == '[')))
+ {
+ --level; /* then don't take it into account */
+ }
+--
+2.43.0
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 13/24] gnu: squashfs-tools: Update to 4.6.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-13-ngraves@ngraves.fr
This fixes CVE-2021-40153 and CVE-2021-41072.

* gnu/packages/compression.scm (squashfs-tools): Update to 4.6.1.
[arguments]: Improve style.
<#:make-flags>: Add INSTALL_MANPAGES_DIR value.
<#:phases>: Remove phase 'install-documentation. Add phase
'patch-generated-source-shebangs.
[native-inputs]: Add coreutils-minimal, help2man, which.
[inputs]: Rewrite.
---
gnu/packages/compression.scm | 52 ++++++++++++++++++------------------
1 file changed, 26 insertions(+), 26 deletions(-)

Toggle diff (75 lines)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index a32b15a64a..b3eca16191 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1023,7 +1023,7 @@ (define-public lz4
(define-public squashfs-tools
(package
(name "squashfs-tools")
- (version "4.5")
+ (version "4.6.1")
(source
(origin
(method git-fetch)
@@ -1032,34 +1032,34 @@ (define-public squashfs-tools
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "18d4nwa22vgb8j2badngjngw63f0lj501cvlh3920wqy2mqxwav6"))))
+ (base32 "14nisidxx2d2qivyv7xfcg59qkj4fjiniir7nvymazdsng63gcr1"))))
(build-system gnu-build-system)
(arguments
- `(#:tests? #f ; no check target
- #:make-flags
- (list (string-append "CC=" ,(cc-for-target))
- "XZ_SUPPORT=1"
- "LZO_SUPPORT=1"
- "LZ4_SUPPORT=1"
- "ZSTD_SUPPORT=1"
- (string-append "INSTALL_DIR=" (assoc-ref %outputs "out") "/bin"))
- #:phases
- (modify-phases %standard-phases
- (replace 'configure
- (lambda _
- (chdir "squashfs-tools")))
- (add-after 'install 'install-documentation
- ;; Install what very little usage documentation is provided.
- (lambda* (#:key outputs #:allow-other-keys)
- (let* ((out (assoc-ref outputs "out"))
- (doc (string-append out "/share/doc/" ,name)))
- (install-file "../USAGE" doc)))))))
+ (list
+ #:tests? #f ; no check target
+ #:make-flags
+ #~(list
+ (string-append "CC=" #$(cc-for-target))
+ "XZ_SUPPORT=1"
+ "LZO_SUPPORT=1"
+ "LZ4_SUPPORT=1"
+ "ZSTD_SUPPORT=1"
+ (string-append "INSTALL_DIR=" #$output "/bin")
+ (string-append "INSTALL_MANPAGES_DIR=" #$output "/share/man/man1"))
+ #:phases
+ #~(modify-phases %standard-phases
+ (replace 'configure
+ (lambda _
+ (chdir "squashfs-tools")))
+ (add-after 'patch-source-shebangs 'patch-generated-source-shebangs
+ (lambda _
+ (substitute* (find-files "generate-manpages" "\\.sh")
+ (("print \"#!/bin/sh")
+ (string-append "print \"#!" (which "sh")))))))))
+ (native-inputs
+ (list coreutils-minimal help2man which))
(inputs
- `(("lz4" ,lz4)
- ("lzo" ,lzo)
- ("xz" ,xz)
- ("zlib" ,zlib)
- ("zstd:lib" ,zstd "lib")))
+ (list lz4 lzo xz zlib `(,zstd "lib")))
(home-page "https://github.com/plougher/squashfs-tools")
(synopsis "Tools to create and extract squashfs file systems")
(description
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 14/24] gnu: shapelib: Update to 1.6.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-14-ngraves@ngraves.fr
This fixes CVE-2022-0699.

* gnu/packages/geo.scm (shapelib): Update to 1.6.1.
---
gnu/packages/geo.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

Toggle diff (35 lines)
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 5d120b3c98..affa50c515 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -2574,7 +2574,7 @@ (define-public readosm
(define-public shapelib
(package
(name "shapelib")
- (version "1.5.0")
+ (version "1.6.1")
(source
(origin
(method git-fetch)
@@ -2583,7 +2583,7 @@ (define-public shapelib
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1lzch0jf6yqhw391phhafzw4ghmiz98zkf698h4fmq109fa2vhqd"))))
+ (base32 "0l67gp1618lcw7fg2iclbh016cqyw85s3cmd3qzx6aw0jq19hj8n"))))
(build-system gnu-build-system)
(native-inputs
(list autoconf automake libtool))
@@ -2591,8 +2591,8 @@ (define-public shapelib
(synopsis "Provides C library to write and update ESRI Shapefiles")
(description
"The Shapefile C Library provides the ability to write simple C programs
-for reading, writing and updating (to a limited extent) ESRI Shapefiles, and the
-associated attribute file (@file{.dbf}).")
+for reading, writing and updating (to a limited extent) ESRI Shapefiles, and
+the associated attribute file (@file{.dbf}).")
(license license:gpl2+)))
(define-public spatialite-tools
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 15/24] gnu: libzapojit: Update to 0.0.3-1.99d49ba. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-15-ngraves@ngraves.fr
This fixes CVE-2021-39360.

* gnu/packages/gnome.scm (libzapojit): Update to 0.0.3-1.99d49ba.
---
gnu/packages/gnome.scm | 45 ++++++++++++++++++++++--------------------
1 file changed, 24 insertions(+), 21 deletions(-)

Toggle diff (59 lines)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 9b26819261..9abe433aa4 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -10591,28 +10591,31 @@ (define-public gsound
(license license:lgpl2.1+)))
(define-public libzapojit
- (package
- (name "libzapojit")
- (version "0.0.3")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnome/sources/" name "/"
- (version-major+minor version) "/"
- name "-" version ".tar.xz"))
- (sha256
- (base32
- "0zn3s7ryjc3k1abj4k55dr2na844l451nrg9s6cvnnhh569zj99x"))))
- (build-system gnu-build-system)
- (native-inputs
- (list gobject-introspection intltool pkg-config))
- (inputs
- (list gnome-online-accounts json-glib rest))
- (home-page "https://wiki.gnome.org/Projects/Zapojit")
- (synopsis "Library for accessing SkyDrive and Hotmail")
- (description
- "Libzapojit is a GLib-based library for accessing online service APIs of
+ (let ((revision "1")
+ (commit "99d49bac5edc4afdcac742a0a142908e405597b0"))
+ (package
+ (name "libzapojit")
+ (version (git-version "0.0.3" revision commit))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://gitlab.gnome.org/Archive/libzapojit")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "12frqg925rmic3rf37h5vs48xdy3mfi4ip24v0bl73h5sxy8n828"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ (list gobject-introspection intltool pkg-config))
+ (inputs
+ (list gnome-online-accounts json-glib rest))
+ (home-page "https://wiki.gnome.org/Projects/Zapojit")
+ (synopsis "Library for accessing SkyDrive and Hotmail")
+ (description
+ "Libzapojit is a GLib-based library for accessing online service APIs of
Microsoft SkyDrive and Hotmail, using their REST protocols.")
- (license license:lgpl2.1+)))
+ (license license:lgpl2.1+))))
(define-public gnome-clocks
(package
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 16/24] gnu: gifsicle: Update to 1.95. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-16-ngraves@ngraves.fr
This fixes CVE-2023-44821 and CVE-2023-46009.

* gnu/packages/image.scm (gifsicle): Update to 1.95.
---
gnu/packages/image.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 7f17c71aef..0d6593dc21 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -2172,14 +2172,14 @@ (define-public swappy
(define-public gifsicle
(package
(name "gifsicle")
- (version "1.94")
+ (version "1.95")
(source
(origin
(method url-fetch)
(uri (string-append "https://www.lcdf.org/gifsicle/gifsicle-"
version ".tar.gz"))
(sha256
- (base32 "16zq5wd6fyjgy0p0mak15k3mh1zpqb9rg6gqfpg215kqq02p1jab"))))
+ (base32 "0l69gn562l7a1l10zz1bfs756ipd682idgpk60qs3llz013icwdj"))))
(build-system gnu-build-system)
(arguments
'(#:phases
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 17/24] gnu: sendmail: Update to 8.18.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-17-ngraves@ngraves.fr
This fixes CVE-2023-51765 and CVE-2021-3618.

* gnu/packages/mail.scm (sendmail): Update to 8.18.1.
---
gnu/packages/mail.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

Toggle diff (25 lines)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 77be7626a9..63e0f24534 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3122,7 +3122,7 @@ (define-public mhonarc
(define-public sendmail
(package
(name "sendmail")
- (version "8.15.2")
+ (version "8.18.1")
(source
(origin
(method url-fetch)
@@ -3130,8 +3130,7 @@ (define-public sendmail
"ftp://ftp.sendmail.org/pub/sendmail/sendmail."
version ".tar.gz"))
(sha256
- (base32
- "0fdl9ndmspqspdlmghzxlaqk56j3yajk52d7jxcg21b7sxglpy94"))))
+ (base32 "0w07iw4imp9wvczd2mijns7zxl8p1wk29b9yrzvhcj4fqc4z7wfb"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 18/24] gnu: openvpn: Update to 2.6.12. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-18-ngraves@ngraves.fr
Thix fixes CVE-2024-24974, CVE-2024-27459 and CVE-2024-27903.

* gnu/packages/vpn.scm (openvpn): Update to 2.6.12.
---
gnu/packages/vpn.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 9f36595bfd..193b247779 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -867,7 +867,7 @@ (define-public openfortivpn
(define-public openvpn
(package
(name "openvpn")
- (version "2.6.7")
+ (version "2.6.12")
(source (origin
(method url-fetch)
(uri (string-append
@@ -875,7 +875,7 @@ (define-public openvpn
version ".tar.gz"))
(sha256
(base32
- "04wr0g97nmv81javym8r99mglmb86v1i49xmnmzf938x1cs7g67f"))))
+ "0a8r3bvg4aic9b7dix0h7990g3j1gq17wd3w6vqk8vk8xgfhyq8w"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-iproute2=yes")))
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 19/24] gnu: youtube-dl: Deprecate package.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-19-ngraves@ngraves.fr
This package is not developped anymore.

* gnu/packages/video.scm (youtube-dl): Deprecate package.
---
gnu/packages/video.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 92c0acef3c..9fca994b54 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -93,6 +93,7 @@ (define-module (gnu packages video)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix utils)
#:use-module (guix packages)
+ #:use-module (guix deprecation)
#:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix git-download)
@@ -3084,7 +3085,7 @@ (define-public yle-dl
video streaming services of the Finnish national broadcasting company Yle.")
(license license:gpl3+)))
-(define-public youtube-dl
+(define-deprecated/public youtube-dl #f
(package
(name "youtube-dl")
(version "2021.12.17")
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 20/24] gnu: liblouis: Update to 3.31.0. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-20-ngraves@ngraves.fr
This fixes CVE-2022-26981.

* gnu/packages/language.scm (liblouis): Update to 3.31.0.
[arguments]: Improve style using gexps.
[native-inputs]: Rewrite and replace python-wrapper by python.
---
gnu/packages/language.scm | 47 ++++++++++++++++++---------------------
1 file changed, 22 insertions(+), 25 deletions(-)

Toggle diff (78 lines)
diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
index 78fcba4287..6a5e7927b4 100644
--- a/gnu/packages/language.scm
+++ b/gnu/packages/language.scm
@@ -10,6 +10,7 @@
;;; Copyright © 2023 gemmaro <gemmaro.dev@gmail.com>
;;; Copyright © 2024 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2024 Charles <charles@charje.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -338,7 +339,7 @@ (define-public libchewing
(define-public liblouis
(package
(name "liblouis")
- (version "3.15.0")
+ (version "3.31.0")
(source
(origin
(method git-fetch)
@@ -348,34 +349,30 @@ (define-public liblouis
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "1ljy5xsy7vf2r0ix0d7bqcr6qvr6897f8madsx9zlm1mrj31n5px"))))
+ (base32 "02bga2l4jiyrgfqdl27wszz5yd6h80n2dmq3p6nb2br83jywisfh"))))
(build-system gnu-build-system)
(outputs '("out" "bin" "doc" "python"))
(arguments
- `(#:configure-flags
- (list
- "--disable-static"
- "--enable-ucs4")
- #:phases
- (modify-phases %standard-phases
- (add-after 'install 'install-python-extension
- (lambda* (#:key outputs #:allow-other-keys)
- (with-directory-excursion "python"
- (invoke "python" "setup.py" "install"
- (string-append "--prefix="
- (assoc-ref outputs "python"))
- "--root=/")))))))
+ (list
+ #:configure-flags #~(list "--disable-static" "--enable-ucs4")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'install 'install-python-extension
+ (lambda _
+ (with-directory-excursion "python"
+ (invoke "python3" "setup.py" "install" "--root=/"
+ (string-append "--prefix=" #$output:python))))))))
(native-inputs
- `(("autoconf" ,autoconf)
- ("automake" ,automake)
- ("clang-format" ,clang)
- ("help2man" ,help2man)
- ("libtool" ,libtool)
- ("libyaml" ,libyaml)
- ("makeinfo" ,texinfo)
- ("perl" ,perl)
- ("pkg-config" ,pkg-config)
- ("python" ,python-wrapper)))
+ (list autoconf
+ automake
+ clang
+ help2man
+ libtool
+ libyaml
+ texinfo
+ perl
+ pkg-config
+ python))
(synopsis "Braille translator and back-translator")
(description "Liblouis is a braille translator and back-translator named in
honor of Louis Braille. It features support for computer and literary braille,
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 22/24] gnu: Add sexpp.
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-22-ngraves@ngraves.fr
* gnu/packages/openpgp.scm (sexpp): New variable.
---
gnu/packages/openpgp.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

Toggle diff (40 lines)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 9b6f04b407..356908ab1f 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 Justus Winter <justus@sequoia-pgp.org>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -157,3 +158,26 @@ (define-public rnp
license:asl2.0
;; Nominet UK's BSD 3-Clause License (netpgp).
license:bsd-3)))))
+
+(define-public sexpp
+ (package
+ (name "sexpp")
+ (version "0.9.0")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/rnpgp/sexpp")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "16y9f42w6ay3w0s23xmigqm0qi1swdfvc93g2xn3xkg1r4kpmnwq"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:configure-flags '(list "-DDOWNLOAD_GTEST=off")))
+ (native-inputs (list googletest pkg-config))
+ (home-page "https://github.com/rnpgp/sexpp")
+ (synopsis "C++ library for S-expressions")
+ (description
+ "This package provides a C++ library for working with S-Expressions.")
+ (license license:expat)))
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 21/24] gnu: unicorn: Update to 2.1.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-21-ngraves@ngraves.fr
Thix fixes CVE-2021-4296.

* gnu/packages/emulators.scm (unicorn): Update to 2.1.1.
---
gnu/packages/emulators.scm | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (27 lines)
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index f0a60c0b49..948e588c4c 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -3508,13 +3508,18 @@ (define-public zsnes
(define-public unicorn
(package
(name "unicorn")
- (version "2.0.1.post1")
+ (version "2.1.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
- (base32 "0mlfs8qfi0clyncfkbxp6in0cpl747510i6bqymwid43xcirbikz"))))
+ (base32 "18sbrycr62wcs3a68a9q76ihpahfsd4bn3mryvyhimwwn1342kwh"))
+ (modules '((guix build utils)))
+ ;; cmake files are not in the cmake dir in pypi
+ (snippet #~(substitute* "src/CMakeLists.txt"
+ (("include\\(cmake/")
+ "include(")))))
(build-system pyproject-build-system)
(native-inputs (list cmake pkg-config))
(home-page "https://www.unicorn-engine.org")
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 23/24] gnu: rnp: Update to 0.17.1. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-23-ngraves@ngraves.fr
This fixes CVE-2023-29479 and CVE-2023-29480.

* gnu/packages/openpgp.scm (rnp): Update to 0.17.1.
[arguments]: Improve style using gexps.
<#:phases>: Add phase 'inject-sexpp-source.
[inputs]: Add sexpp.
---
gnu/packages/openpgp.scm | 52 +++++++++++++++++++++++-----------------
1 file changed, 30 insertions(+), 22 deletions(-)

Toggle diff (88 lines)
diff --git a/gnu/packages/openpgp.scm b/gnu/packages/openpgp.scm
index 356908ab1f..baf786c5ee 100644
--- a/gnu/packages/openpgp.scm
+++ b/gnu/packages/openpgp.scm
@@ -23,6 +23,7 @@ (define-module (gnu packages openpgp)
#:use-module (guix git-download)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix gexp)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages)
#:use-module (gnu packages check)
@@ -98,10 +99,10 @@ (define-public dkgpg
(license license:gpl2+)))
(define-public rnp
- (let ((day-of-release "2022-09-22"))
+ (let ((day-of-release "2024-05-14"))
(package
(name "rnp")
- (version "0.16.2")
+ (version "0.17.1")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -110,33 +111,40 @@ (define-public rnp
(file-name (git-file-name name version))
(sha256
(base32
- "13z5kxm48a72w4m2crwgdjdng4a4pwxsd72r2z3a4pcakfp2swi8"))))
+ "052872b6a88vkcc58alxcm532y6dra5qqd997jga41v72h3pnj4d"))))
(build-system cmake-build-system)
- (arguments `(#:configure-flags
- '("-DBUILD_SHARED_LIBS=on"
- "-DBUILD_TESTING=on"
- "-DDOWNLOAD_GTEST=off"
- "-DDOWNLOAD_RUBYRNP=off")
- #:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'patch-tests
- (lambda _
- (substitute* "src/tests/support.cpp"
- (("\"cp\"") (search-input-file inputs "/bin/cp")))))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (when tests?
- ;; Some OpenPGP certificates used by the tests expire.
- ;; To work around that, set the time to roughly the
- ;; release date.
- (invoke "faketime" ,day-of-release "make" "test")))))))
+ (arguments
+ (list
+ #:configure-flags
+ ''("-DBUILD_SHARED_LIBS=on"
+ "-DBUILD_TESTING=on"
+ "-DDOWNLOAD_GTEST=off"
+ "-DDOWNLOAD_RUBYRNP=off")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'patch-tests
+ (lambda _
+ (substitute* "src/tests/support.cpp"
+ (("\"cp\"") (search-input-file inputs "/bin/cp")))))
+ (add-after 'unpack 'inject-sexpp-source
+ (lambda _
+ (rmdir "src/libsexpp")
+ (symlink #$(package-source (this-package-input "sexpp"))
+ "src/libsexpp")))
+ (replace 'check
+ (lambda* (#:key tests? #:allow-other-keys)
+ (when tests?
+ ;; Some OpenPGP certificates used by the tests expire.
+ ;; To work around that, set the time to roughly the
+ ;; release date.
+ (invoke "faketime" #$day-of-release "make" "test")))))))
(native-inputs
(list gnupg ; for tests
googletest ; for tests
libfaketime ; for tests
pkg-config
python))
- (inputs (list botan bzip2 json-c zlib))
+ (inputs (list botan bzip2 json-c sexpp zlib))
(synopsis
"RFC4880-compliant OpenPGP library written in C++")
(description
--
2.46.0
N
N
Nicolas Graves wrote 7 days ago
[PATCH 24/24] gnu: cjson: Update to 1.7.18. [security fixes]
(address . 74035@debbugs.gnu.org)(name . Nicolas Graves)(address . ngraves@ngraves.fr)
20241026224300.30694-24-ngraves@ngraves.fr
This fixes CVE-2023-50471 and CVE-2023-50472.

* gnu/packages/javascript.scm (cjson): Update to 1.7.18.
---
gnu/packages/javascript.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)
diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
index 4f97dcfef6..b48acf47dc 100644
--- a/gnu/packages/javascript.scm
+++ b/gnu/packages/javascript.scm
@@ -49,7 +49,7 @@ (define-module (gnu packages javascript)
(define-public cjson
(package
(name "cjson")
- (version "1.7.16")
+ (version "1.7.18")
(source (origin
(method git-fetch)
(uri (git-reference
@@ -57,7 +57,7 @@ (define-public cjson
(commit (string-append "v" version))))
(file-name (git-file-name name version))
(sha256
- (base32 "00599lzzb0vszk317n0gln7wizdpchy4warxgpj3khrir73pphbb"))))
+ (base32 "08p37q4i3za3dgz7wynma1fh8y4rq7pyzyjzcda710nxrmsm1pyv"))))
(build-system cmake-build-system)
(arguments
`(#:configure-flags '("-DENABLE_CJSON_UTILS=On")))
--
2.46.0
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 74035@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 74035
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch