GNU bug report logs -
#46106
[PATCH] gnu: Add quark.
Previous Next
Reported by: Morgan.J.Smith <at> outlook.com
Date: Mon, 25 Jan 2021 19:18:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 46106 in the body.
You can then email your comments to 46106 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#46106
; Package
guix-patches
.
(Mon, 25 Jan 2021 19:18:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Morgan.J.Smith <at> outlook.com
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Mon, 25 Jan 2021 19:18:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Morgan Smith <Morgan.J.Smith <at> outlook.com>
* gnu/packages/web.scm (quark): New variable.
---
So linting this package brings up CVE-2019-15520. This CVE is for a completely
different program that also happens to be called quark.
---
gnu/packages/web.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 16c99af9d3..63a5637c87 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8039,3 +8039,36 @@ handling library written in C89 (\"ANSI C\"). uriparser is fast and supports
Unicode.")
(home-page "https://uriparser.github.io/")
(license license:bsd-3))))
+
+(define-public quark
+ ;; No releases yet
+ (let ((revision "0")
+ (commit "c6a9055e5a30be570e30da8d216c39662c3a3f99"))
+ (package
+ (name "quark")
+ (version "0.0.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.suckless.org/quark/")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1znvnr30xi5vgd6n3wvgv9pwj992zpzzjk0fmq28ydf1l6kqvkm7"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f ; no tests
+ #:make-flags
+ (list (string-append "CC=" ,(cc-for-target))
+ (string-append "PREFIX=" %output))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)))) ; no configure script
+ (home-page "https://tools.suckless.org/quark/")
+ (synopsis "Small and simple HTTP GET/HEAD-only web server for static
+content")
+ (description "An extremely small and simple HTTP GET/HEAD only web
+server for static content. TLS is not natively supported and should be
+provided by a TLS reverse proxy (e.g. tlstunnel, hitch or stunnel).")
+ (license license:isc))))
--
2.30.0
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
You have taken responsibility.
(Tue, 02 Feb 2021 10:04:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Morgan.J.Smith <at> outlook.com
:
bug acknowledged by developer.
(Tue, 02 Feb 2021 10:04:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 46106-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
Morgan.J.Smith <at> outlook.com skribis:
> From: Morgan Smith <Morgan.J.Smith <at> outlook.com>
>
> * gnu/packages/web.scm (quark): New variable.
Applied with the changes below.
Thanks,
Ludo’.
[Message part 2 (text/x-patch, inline)]
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 1366637de6..879eb160ea 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8022,7 +8022,7 @@ Unicode.")
(commit "c6a9055e5a30be570e30da8d216c39662c3a3f99"))
(package
(name "quark")
- (version "0.0.0")
+ (version (git-version "0.0.0" revision commit))
(source (origin
(method git-fetch)
(uri (git-reference
@@ -8044,7 +8044,12 @@ Unicode.")
(home-page "https://tools.suckless.org/quark/")
(synopsis "Small and simple HTTP GET/HEAD-only web server for static
content")
- (description "An extremely small and simple HTTP GET/HEAD only web
-server for static content. TLS is not natively supported and should be
+ (description "Quark is an extremely small and simple HTTP GET/HEAD only
+web server for static content. TLS is not natively supported and should be
provided by a TLS reverse proxy (e.g. tlstunnel, hitch or stunnel).")
- (license license:isc))))
+ (license license:isc)
+
+ ;; XXX: Ignore this CVE to work around a name clash with the unrelated
+ ;; "cpe:2.3:a:comelz:quark" package. The proper fix is for (guix cve)
+ ;; to account for "vendor names".
+ (properties '((lint-hidden-cve . ("CVE-2019-15520")))))))
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Tue, 02 Mar 2021 12:24:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 56 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.