GNU bug report logs -
#34036
[PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882].
Previous Next
Reported by: Kei Kebreau <kkebreau <at> posteo.net>
Date: Thu, 10 Jan 2019 18:04:02 UTC
Severity: normal
Tags: patch
Done: Kei Kebreau <kkebreau <at> posteo.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34036 in the body.
You can then email your comments to 34036 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#34036; Package
guix-patches.
(Thu, 10 Jan 2019 18:04:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Kei Kebreau <kkebreau <at> posteo.net>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 10 Jan 2019 18:04:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/irc.scm (irssi): Update to 1.1.2.
[source]: Use 'git-fetch'.
[arguments]: Add 'patch-scripts' phase.
[native-inputs]: Add autoconf, automake, and libtool.
---
gnu/packages/irc.scm | 39 +++++++++++++++++++++++++++++----------
1 file changed, 29 insertions(+), 10 deletions(-)
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index ba31d36b9..1e491db0a 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -25,6 +25,7 @@
(define-module (gnu packages irc)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix download)
+ #:use-module (guix git-download)
#:use-module (guix packages)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
@@ -126,19 +127,34 @@ irssi, but graphical.")
(define-public irssi
(package
(name "irssi")
- (version "1.1.1")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/irssi/irssi/"
- "releases/download/" version "/irssi-"
- version ".tar.xz"))
- (sha256
- (base32
- "1gx1flfh4a09nb3b5pvf0ygnbl7rry3l4gph8wij29dsl7khfj3q"))))
+ (version "1.1.2")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/irssi/irssi.git")
+ (commit version)))
+ (sha256
+ (base32
+ "0kypqcm0hcxsqifbkq4fzrhvmqh6s6h65d0b8kq5w6fwjqj37z3z"))))
(build-system gnu-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'patch-scripts
+ (lambda _
+ (substitute* "autogen.sh"
+ ;; git is not available in the build environment.
+ (("git log > ChangeLog")
+ ;; Don't let autogen.sh run by setting an environment variable
+ ;; that is checked later in the script.
+ "NOCONFIGURE=t"))
+ (substitute* "utils/irssi-version.sh"
+ (("^DATE=`GIT_DIR=\\$1/\\.git git.*$") "")
+ ;; This is the date of the release of Irssi version 1.1.2.
+ (("^VERSION_DATE=`.*`") "VERSION_DATE=20190109")
+ (("^VERSION_TIME=.*$") "VERSION_TIME=0"))
+ #t))
(replace 'configure
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
@@ -154,7 +170,10 @@ irssi, but graphical.")
("openssl" ,openssl)
("perl" ,perl)))
(native-inputs
- `(("pkg-config" ,pkg-config)))
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)
+ ("pkg-config" ,pkg-config)))
(home-page "https://irssi.org/")
(synopsis "Terminal-based IRC client")
(description
--
2.20.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#34036; Package
guix-patches.
(Thu, 10 Jan 2019 20:06:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 34036 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Jan 10, 2019 at 01:03:20PM -0500, Kei Kebreau wrote:
> * gnu/packages/irc.scm (irssi): Update to 1.1.2.
> [source]: Use 'git-fetch'.
> [arguments]: Add 'patch-scripts' phase.
> [native-inputs]: Add autoconf, automake, and libtool.
Thanks!
But why switch to git-fetch when they offer a tarball? All else being
equal, we should stick to tarballs when they are offered by upstream.
Specifically, let's use this one:
https://github.com/irssi/irssi/releases/download/1.1.2/irssi-1.1.2.tar.xz
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#34036; Package
guix-patches.
(Thu, 10 Jan 2019 21:09:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 34036 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Oh, it's not an auto-generated tarball! In that case I've attached the
much simpler update patch.
Leo Famulari <leo <at> famulari.name> writes:
> On Thu, Jan 10, 2019 at 01:03:20PM -0500, Kei Kebreau wrote:
>> * gnu/packages/irc.scm (irssi): Update to 1.1.2.
>> [source]: Use 'git-fetch'.
>> [arguments]: Add 'patch-scripts' phase.
>> [native-inputs]: Add autoconf, automake, and libtool.
>
> Thanks!
>
> But why switch to git-fetch when they offer a tarball? All else being
> equal, we should stick to tarballs when they are offered by upstream.
>
> Specifically, let's use this one:
>
> https://github.com/irssi/irssi/releases/download/1.1.2/irssi-1.1.2.tar.xz
[0001-gnu-irssi-Update-to-1.1.2-fixes-CVE-2019-5882.patch (text/plain, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#34036; Package
guix-patches.
(Thu, 10 Jan 2019 21:16:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 34036 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Thu, Jan 10, 2019 at 04:08:19PM -0500, Kei Kebreau wrote:
> Oh, it's not an auto-generated tarball! In that case I've attached the
> much simpler update patch.
Thanks :) Please push!
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Kei Kebreau <kkebreau <at> posteo.net>:
You have taken responsibility.
(Thu, 10 Jan 2019 21:35:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Kei Kebreau <kkebreau <at> posteo.net>:
bug acknowledged by developer.
(Thu, 10 Jan 2019 21:35:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 34036-done <at> debbugs.gnu.org (full text, mbox):
Leo Famulari <leo <at> famulari.name> writes:
> On Thu, Jan 10, 2019 at 04:08:19PM -0500, Kei Kebreau wrote:
>> Oh, it's not an auto-generated tarball! In that case I've attached the
>> much simpler update patch.
>
> Thanks :) Please push!
Pushed! Thanks for the review.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 08 Feb 2019 12:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 76 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.