GNU bug report logs - #46106
[PATCH] gnu: Add quark.

Previous Next

Package: guix-patches;

Reported by: Morgan.J.Smith <at> outlook.com

Date: Mon, 25 Jan 2021 19:18:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 46106 in the body.
You can then email your comments to 46106 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#46106; Package guix-patches. (Mon, 25 Jan 2021 19:18:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Morgan.J.Smith <at> outlook.com:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 25 Jan 2021 19:18:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Morgan.J.Smith <at> outlook.com
To: guix-patches <at> gnu.org
Cc: Morgan Smith <Morgan.J.Smith <at> outlook.com>
Subject: [PATCH] gnu: Add quark.
Date: Mon, 25 Jan 2021 14:00:23 -0500

From: Morgan Smith <Morgan.J.Smith <at> outlook.com>

* gnu/packages/web.scm (quark): New variable.
---

So linting this package brings up CVE-2019-15520. This CVE is for a completely
different program that also happens to be called quark.

---
 gnu/packages/web.scm | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 16c99af9d3..63a5637c87 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8039,3 +8039,36 @@ handling library written in C89 (\"ANSI C\").  uriparser is fast and supports
 Unicode.")
       (home-page "https://uriparser.github.io/")
       (license license:bsd-3))))
+
+(define-public quark
+  ;; No releases yet
+  (let ((revision "0")
+        (commit "c6a9055e5a30be570e30da8d216c39662c3a3f99"))
+    (package
+      (name "quark")
+      (version "0.0.0")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://git.suckless.org/quark/")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "1znvnr30xi5vgd6n3wvgv9pwj992zpzzjk0fmq28ydf1l6kqvkm7"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f ; no tests
+         #:make-flags
+         (list (string-append "CC=" ,(cc-for-target))
+               (string-append "PREFIX=" %output))
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)))) ; no configure script
+      (home-page "https://tools.suckless.org/quark/")
+      (synopsis "Small and simple HTTP GET/HEAD-only web server for static
+content")
+      (description "An extremely small and simple HTTP GET/HEAD only web
+server for static content.  TLS is not natively supported and should be
+provided by a TLS reverse proxy (e.g. tlstunnel, hitch or stunnel).")
+      (license license:isc))))
-- 
2.30.0
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Tue, 02 Feb 2021 10:04:01 GMT) Full text and rfc822 format available.
Notification sent to Morgan.J.Smith <at> outlook.com:
bug acknowledged by developer. (Tue, 02 Feb 2021 10:04:02 GMT) Full text and rfc822 format available.

Message #10 received at 46106-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Morgan.J.Smith <at> outlook.com
Cc: 46106-done <at> debbugs.gnu.org
Subject: Re: bug#46106: [PATCH] gnu: Add quark.
Date: Tue, 02 Feb 2021 11:03:30 +0100

[Message part 1 (text/plain, inline)]
Hi,

Morgan.J.Smith <at> outlook.com skribis:

> From: Morgan Smith <Morgan.J.Smith <at> outlook.com>
>
> * gnu/packages/web.scm (quark): New variable.

Applied with the changes below.

Thanks,
Ludo’.


[Message part 2 (text/x-patch, inline)]
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 1366637de6..879eb160ea 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8022,7 +8022,7 @@ Unicode.")
         (commit "c6a9055e5a30be570e30da8d216c39662c3a3f99"))
     (package
       (name "quark")
-      (version "0.0.0")
+      (version (git-version "0.0.0" revision commit))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -8044,7 +8044,12 @@ Unicode.")
       (home-page "https://tools.suckless.org/quark/")
       (synopsis "Small and simple HTTP GET/HEAD-only web server for static
 content")
-      (description "An extremely small and simple HTTP GET/HEAD only web
-server for static content.  TLS is not natively supported and should be
+      (description "Quark is an extremely small and simple HTTP GET/HEAD only
+web server for static content.  TLS is not natively supported and should be
 provided by a TLS reverse proxy (e.g. tlstunnel, hitch or stunnel).")
-      (license license:isc))))
+      (license license:isc)
+
+      ;; XXX: Ignore this CVE to work around a name clash with the unrelated
+      ;; "cpe:2.3:a:comelz:quark" package.  The proper fix is for (guix cve)
+      ;; to account for "vendor names".
+      (properties '((lint-hidden-cve . ("CVE-2019-15520")))))))
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 02 Mar 2021 12:24:03 GMT) Full text and rfc822 format available.
This bug report was last modified 3 years and 56 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.