GNU bug report logs -
#41840
Transmission 3.00
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Sat, 13 Jun 2020 21:15:01 UTC
Severity: normal
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41840 in the body.
You can then email your comments to 41840 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#41840; Package
guix-patches.
(Sat, 13 Jun 2020 21:15:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Sat, 13 Jun 2020 21:15:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
These patches update the Transmission bittorrent program to 3.00 and
also update the helper program tremc so that it keeps working.
I've tested the patches and would push them, but I have a question about
the license.
Our package has described it as GPL3+, but the COPYING file specifically
allows GPL2 and GPL3, but there is no "or later" clause. And the source
file headers match this.
So, I think the license should be a list of GPL2 and GPL3. Is that
correct?
Information forwarded
to
guix-patches <at> gnu.org:
bug#41840; Package
guix-patches.
(Sat, 13 Jun 2020 21:17:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 41840 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/bittorrent.scm (transmission): Update to 0.9.2.
---
gnu/packages/bittorrent.scm | 60 ++++++++++++++++++-------------------
1 file changed, 29 insertions(+), 31 deletions(-)
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index c132aaead6..37a02952b4 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -181,38 +181,36 @@ XML-RPC over SCGI.")
(license l:gpl2+)))
(define-public tremc
- (let ((commit "4d50dab7376601daca13f7be6eabc0eaa057c1b0")
- (revision "0"))
- (package
- (name "tremc")
- (version (git-version "0.9.1" revision commit))
- (source
- (origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/tremc/tremc.git")
- (commit commit)))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "0qpi65n8rv7l9mg8qyqx70z83inkl8v5r5nks65c99lhscdki0w7"))))
- (build-system gnu-build-system)
- (arguments
- `(#:tests? #f ; no test suite
- #:make-flags
- (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
- #:phases
- (modify-phases %standard-phases
- ;; The software is just a Python script that must be copied into place.
- (delete 'configure)
- (delete 'build))))
- (inputs
- `(("python" ,python)))
- (synopsis "Console client for the Transmission BitTorrent daemon")
- (description "Tremc is a console client, with a curses interface, for the
+ (package
+ (name "tremc")
+ (version "0.9.2")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/tremc/tremc.git")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1fqspp2ckafplahgba54xmx0sjidx1pdzyjaqjhz0ivh98dkx2n5"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f ; no test suite
+ #:make-flags
+ (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
+ #:phases
+ (modify-phases %standard-phases
+ ;; The software is just a Python script that must be copied into place.
+ (delete 'configure)
+ (delete 'build))))
+ (inputs
+ `(("python" ,python)))
+ (synopsis "Console client for the Transmission BitTorrent daemon")
+ (description "Tremc is a console client, with a curses interface, for the
Transmission BitTorrent daemon.")
- (home-page "https://github.com/tremc/tremc")
- (license l:gpl3+))))
+ (home-page "https://github.com/tremc/tremc")
+ (license l:gpl3+)))
(define-public transmission-remote-cli
(package
--
2.26.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#41840; Package
guix-patches.
(Sat, 13 Jun 2020 21:17:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 41840 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/bittorrent.scm (transmission): Update to 3.0.0.
[source]: Remove obsolete patch.
[inputs]: Remove unused inputs inotify-tools, cyrus-sasl, and file.
[license]: Correct the license field.
* gnu/packages/patches/transmission-CVE-2018-10756.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/bittorrent.scm | 25 +++----
.../patches/transmission-CVE-2018-10756.patch | 71 -------------------
3 files changed, 9 insertions(+), 88 deletions(-)
delete mode 100644 gnu/packages/patches/transmission-CVE-2018-10756.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 583274235b..3b7415b540 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1541,7 +1541,6 @@ dist_patch_DATA = \
%D%/packages/patches/tipp10-fix-compiling.patch \
%D%/packages/patches/tipp10-remove-license-code.patch \
%D%/packages/patches/tk-find-library.patch \
- %D%/packages/patches/transmission-CVE-2018-10756.patch \
%D%/packages/patches/ttf2eot-cstddef.patch \
%D%/packages/patches/ttfautohint-source-date-epoch.patch \
%D%/packages/patches/tomb-fix-errors-on-open.patch \
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index 8b041cb3f5..c132aaead6 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Taylan Ulrich Bayirli/Kammer <taylanbayirli <at> gmail.com>
;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo <at> gnu.org>
-;;; Copyright © 2016, 2017, 2018, 2019 Leo Famulari <leo <at> famulari.name>
+;;; Copyright © 2016, 2017, 2018, 2019, 2020 Leo Famulari <leo <at> famulari.name>
;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim <at> flashner.co.il>
;;; Copyright © 2016 Tomáš Čech <sleep_walker <at> gnu.org>
;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me <at> tobias.gr>
@@ -42,7 +42,6 @@
#:use-module (gnu packages crypto)
#:use-module (gnu packages curl)
#:use-module (gnu packages cyrus-sasl)
- #:use-module (gnu packages file)
#:use-module (gnu packages freedesktop)
#:use-module (gnu packages glib)
#:use-module (gnu packages gnome)
@@ -50,7 +49,6 @@
#:use-module (gnu packages gstreamer)
#:use-module (gnu packages gtk)
#:use-module (gnu packages libevent)
- #:use-module (gnu packages linux)
#:use-module (gnu packages multiprecision)
#:use-module (gnu packages nettle)
#:use-module (gnu packages ncurses)
@@ -67,16 +65,15 @@
(define-public transmission
(package
(name "transmission")
- (version "2.94")
+ (version "3.00")
(source (origin
(method url-fetch)
- (uri (string-append
- "https://github.com/transmission/transmission-releases/raw/"
- "master/transmission-" version ".tar.xz"))
- (patches (search-patches "transmission-CVE-2018-10756.patch"))
+ (uri (string-append "https://github.com/transmission/transmission"
+ "/releases/download/" version "/transmission-"
+ version ".tar.xz"))
(sha256
(base32
- "0zbbj7rlm6m7vb64x68a64cwmijhsrwx9l63hbwqs7zr9742qi1m"))))
+ "1wjmn96zrvmk8j1yz2ysmqd7a2x6ilvnwwapcvfzgxs2wwpnai4i"))))
(build-system glib-or-gtk-build-system)
(outputs '("out" ; library and command-line interface
"gui")) ; graphical user interface
@@ -92,8 +89,7 @@
(gui (assoc-ref outputs "gui")))
(mkdir-p (string-append gui "/bin"))
(rename-file (string-append out "/bin/transmission-gtk")
- (string-append gui
- "/bin/transmission-gtk"))
+ (string-append gui "/bin/transmission-gtk"))
;; Move the '.desktop' and icon files as well.
(mkdir (string-append gui "/share"))
@@ -104,12 +100,9 @@
'("applications" "icons" "pixmaps")))
#t)))))
(inputs
- `(("inotify-tools" ,inotify-tools)
- ("libevent" ,libevent)
+ `(("libevent" ,libevent)
("curl" ,curl)
- ("cyrus-sasl" ,cyrus-sasl)
("openssl" ,openssl)
- ("file" ,file)
("zlib" ,zlib)
("gtk+" ,gtk+)))
(native-inputs
@@ -131,7 +124,7 @@ DHT, µTP, PEX and Magnet Links.")
;; or any future license endorsed by Mnemosyne LLC.
;;
;; A few files files carry an MIT/X11 license header.
- (license l:gpl3+)))
+ (license (list l:gpl2 l:gpl3))))
(define-public libtorrent
(package
diff --git a/gnu/packages/patches/transmission-CVE-2018-10756.patch b/gnu/packages/patches/transmission-CVE-2018-10756.patch
deleted file mode 100644
index f9bdcf60aa..0000000000
--- a/gnu/packages/patches/transmission-CVE-2018-10756.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-Fix CVE-2018-10756:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10756
-
-Patch copied from Fedora:
-
-https://src.fedoraproject.org/rpms/transmission/blob/master/f/2123adf8e5e1c2b48791f9d22fc8c747e974180e.patch
-
---- a/libtransmission/variant.c 2018-05-01 12:21:08.000000000 -0500
-+++ b/libtransmission/variant.c 2020-05-18 10:21:27.554214128 -0500
-@@ -820,7 +820,7 @@
- struct SaveNode
- {
- const tr_variant * v;
-- tr_variant sorted;
-+ tr_variant* sorted;
- size_t childIndex;
- bool isVisited;
- };
-@@ -849,26 +849,33 @@
-
- qsort (tmp, n, sizeof (struct KeyIndex), compareKeyIndex);
-
-- tr_variantInitDict (&node->sorted, n);
-+ node->sorted = tr_new(tr_variant, 1);
-+ tr_variantInitDict (node->sorted, n);
- for (i=0; i<n; ++i)
-- node->sorted.val.l.vals[i] = *tmp[i].val;
-+ node->sorted->val.l.vals[i] = *tmp[i].val;
- node->sorted.val.l.count = n;
-
- tr_free (tmp);
-
-- node->v = &node->sorted;
-+ v = node->sorted;
- }
- else
- {
-- node->v = v;
-+ node->sorted = NULL;
- }
-+
-+ node->v = v;
- }
-
- static void
- nodeDestruct (struct SaveNode * node)
- {
-- if (node->v == &node->sorted)
-- tr_free (node->sorted.val.l.vals);
-+ //TR_ASSERT(node != NULL);
-+ if (node->sorted != NULL)
-+ {
-+ tr_free(node->sorted->val.l.vals);
-+ tr_free(node->sorted);
-+ }
- }
-
- /**
---- a/libtransmission/variant.c 2020-05-18 10:21:49.000000000 -0500
-+++ b/libtransmission/variant.c 2020-05-18 10:24:34.673648865 -0500
-@@ -853,7 +853,7 @@
- tr_variantInitDict (node->sorted, n);
- for (i=0; i<n; ++i)
- node->sorted->val.l.vals[i] = *tmp[i].val;
-- node->sorted.val.l.count = n;
-+ node->sorted->val.l.count = n;
-
- tr_free (tmp);
-
-
--
2.26.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#41840; Package
guix-patches.
(Sun, 14 Jun 2020 18:20:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 41840 <at> debbugs.gnu.org (full text, mbox):
Hello Leo!
Leo Famulari <leo <at> famulari.name> writes:
> These patches update the Transmission bittorrent program to 3.00 and
> also update the helper program tremc so that it keeps working.
>
> I've tested the patches and would push them, but I have a question about
> the license.
>
> Our package has described it as GPL3+, but the COPYING file specifically
> allows GPL2 and GPL3, but there is no "or later" clause. And the source
> file headers match this.
>
> So, I think the license should be a list of GPL2 and GPL3. Is that
> correct?
Their copying file says:
Transmission can be redistributed and/or modified under the terms of
the GNU GPLv2 (http://www.gnu.org/licenses/license-list.html#GPLv2),
the GNU GPLv3 (http://www.gnu.org/licenses/license-list.html#GNUGPLv3),
or any future license endorsed by Mnemosyne LLC.
So just based on that file, it looks like GPLv2+ or GPLv3+ could be
used, since they just point to the official license.
The header in source files typically says:
/*
* This file Copyright (C) 2007-2014 Mnemosyne LLC
*
* It may be used under the GNU GPL versions 2 or 3
* or any future license endorsed by Mnemosyne LLC.
*
*/
This tells me (disclaimer: I am not a lawyer) that to use any other
license than GPL version 2 or 3, you'd need the agreement of Mnemosyne
LLC.
I'd say that unless you reach out to them and ask, it's probably safer
to list it as GPL2 and GPL3 only.
My 2 cents.
Maxim
Information forwarded
to
guix-patches <at> gnu.org:
bug#41840; Package
guix-patches.
(Wed, 17 Jun 2020 05:32:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 41840 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sun, Jun 14, 2020 at 02:18:51PM -0400, Maxim Cournoyer wrote:
> This tells me (disclaimer: I am not a lawyer) that to use any other
> license than GPL version 2 or 3, you'd need the agreement of Mnemosyne
> LLC.
I also read it that way. Thanks for the review!
> I'd say that unless you reach out to them and ask, it's probably safer
> to list it as GPL2 and GPL3 only.
Done in 559491ea5b36b89b2a2f9d48dacf6a2d7e219910.
I haven't updated the package yet because it doesn't work reliably for
me — sometimes it can connect to trackers, and sometimes it can't. I
don't know why yet.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#41840; Package
guix-patches.
(Thu, 09 Jul 2020 20:51:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 41840 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Wed, Jun 17, 2020 at 01:31:31AM -0400, Leo Famulari wrote:
> I haven't updated the package yet because it doesn't work reliably for
> me — sometimes it can connect to trackers, and sometimes it can't. I
> don't know why yet.
For some reason, this new version of Transmission fails to find the
X.509 certificate bundle in its default location while using curl.
It works fine when I set, for example:
CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
I wonder, what's the best way for us to handle this? Our curl package
has a CURL_CA_BUNDLE search path. And some other packages have bits to
make things work.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#41840; Package
guix-patches.
(Sat, 11 Jul 2020 22:54:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 41840 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> On Wed, Jun 17, 2020 at 01:31:31AM -0400, Leo Famulari wrote:
>> I haven't updated the package yet because it doesn't work reliably for
>> me — sometimes it can connect to trackers, and sometimes it can't. I
>> don't know why yet.
>
> For some reason, this new version of Transmission fails to find the
> X.509 certificate bundle in its default location while using curl.
>
> It works fine when I set, for example:
>
> CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
>
> I wonder, what's the best way for us to handle this? Our curl package
> has a CURL_CA_BUNDLE search path. And some other packages have bits to
> make things work.
This is <https://issues.guix.gnu.org/22138>, right?
I think setting native-search-paths on Transmission as a workaround is
OK for now.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Wed, 15 Jul 2020 19:45:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Wed, 15 Jul 2020 19:45:02 GMT)
Full text and
rfc822 format available.
Message #28 received at 41840-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sun, Jul 12, 2020 at 12:53:04AM +0200, Marius Bakke wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> > It works fine when I set, for example:
> >
> > CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
>
> This is <https://issues.guix.gnu.org/22138>, right?
>
> I think setting native-search-paths on Transmission as a workaround is
> OK for now.
I found that it also honors SSL_CERT_DIR and SSL_CERT_FILE.
Since these variables are handled automatically on Guix System and we
suggest in the manual that foreign distro users set them, I pushed the
Transmission update without setting up any search paths.
Guix profile search paths do not effect the environment of systemd
services, so they would not help the majority of people using
Transmission on foreign distros anyway.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 13 Aug 2020 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 257 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.