From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp1.migadu.com ([2001:41d0:1008:1e59::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms1.migadu.com with LMTPS
	id eE6nGfi+X2YzPgAAA41jLg
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 05 Jun 2024 03:27:20 +0200
Received: from aspmx1.migadu.com ([2001:41d0:403:4876::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1.migadu.com with LMTPS
	id uEjmE/i+X2a7VgAA62LTzQ
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 05 Jun 2024 03:27:20 +0200
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=gAQBkGhs;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1717550840;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=2TbQm5uouq+AgGZASD/tOSuurtpedKIx2xqIQOjHWoE=;
	b=p8Otz0YwPJjVgdWZu08S7s15mh4afaHT3S8ohPi1z8yPEVvVczMj//8Urip3YL0Sx/b5Ty
	qjE0CtiomCrF+/zIwn4XcDdCbKD0koVi3zFqyX97esRLsRQT4TH7QShk1PXcy0IyvcOfVG
	ZC55mMRC302pN0jNB5KHLv7ATCppg2i/StbvjwzqHQKTOQO6TfkK8XMRNjcs1ug+PWMK5G
	lul59Srrzq1u2kCY287DSH5uTtpU6+H7ByaNR5CsCiKbCFqvBqhQan5e8doSM3P0lcg2Tt
	edmU74RFQZ2Nqk4SuL/g7V1g5LaR4v8VoRYUttUw5SzLaIuPv0LA9Uunh9T8dA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=gAQBkGhs;
	spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org";
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none)
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1717550840; a=rsa-sha256; cv=none;
	b=QAxkSx5blf4ZWwgGouSON58aPAim4qxRJ8+RQG9G8lKVRiK9mN5DQk+e6UmxIOkSRFhwJe
	mkipnlkTTrLvdRpF/vv95KbFutwDRPwYu4zotxCmVmyCZnHkJ1nqvlLDipI/NiodWVaDNG
	KMdHF15ykxe3xkVFy9Sv2vhVgTcFRoguk7slbD0Xq68T0IbdWZrX/zjFa6NG+kyu1QlBCA
	dJHK0YCqOIfcaMp2uLUOn74zCQ8zz61WrHCKDKbEUWRp/eD+fk1blsgck3rK6eFTfIA3y3
	U3BDAsvYEBTlHnMHew0eaLiPy/K7sK5jWdirx7/SVRNeco4tPXNp8L8eA/fU+Q==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id B190DE161
	for <larch@yhetil.org>; Wed,  5 Jun 2024 03:27:18 +0200 (CEST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces@gnu.org>)
	id 1sEfQV-0008Ga-HQ; Tue, 04 Jun 2024 21:26:55 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1sEfQU-0008G9-D0
 for bug-guix@gnu.org; Tue, 04 Jun 2024 21:26:54 -0400
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1sEfQU-0004Ch-5P; Tue, 04 Jun 2024 21:26:54 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1sEfQd-0007Ik-32; Tue, 04 Jun 2024 21:27:03 -0400
X-Loop: help-debbugs@gnu.org
Subject: bug#47144: [PATCH v3 3/3] gnu: patch: Graft to latest commit
 [security fixes].
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: mhw@netris.org, ludo@gnu.org, lle-bout@zaclys.net, leo@famulari.name,
 maxim.cournoyer@gmail.com, zimon.toutoune@gmail.com, bug-guix@gnu.org
Resent-Date: Wed, 05 Jun 2024 01:27:03 +0000
Resent-Message-ID: <handler.47144.B47144.171755077327859@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 47144
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: 47144@debbugs.gnu.org
Cc: Mark H Weaver <mhw@netris.org>, Maxim Cournoyer <maxim.cournoyer@gmail.com>,
 Mark H Weaver <mhw@netris.org>,
 Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>,
 =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@zaclys.net>,
 Leo Famulari <leo@famulari.name>, Maxim Cournoyer <maxim.cournoyer@gmail.com>,
 Simon Tournier <zimon.toutoune@gmail.com>
X-Debbugs-Original-Xcc: Mark H Weaver <mhw@netris.org>,
 Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>,
 =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@zaclys.net>,
 Leo Famulari <leo@famulari.name>, Maxim Cournoyer <maxim.cournoyer@gmail.com>,
 Simon Tournier <zimon.toutoune@gmail.com>
Received: via spool by 47144-submit@debbugs.gnu.org id=B47144.171755077327859
 (code B ref 47144); Wed, 05 Jun 2024 01:27:03 +0000
Received: (at 47144) by debbugs.gnu.org; 5 Jun 2024 01:26:13 +0000
Received: from localhost ([127.0.0.1]:41215 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1sEfPo-0007FC-6X
 for submit@debbugs.gnu.org; Tue, 04 Jun 2024 21:26:13 -0400
Received: from mail-yw1-f181.google.com ([209.85.128.181]:59852)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1sEfPk-0007ED-IJ
 for 47144@debbugs.gnu.org; Tue, 04 Jun 2024 21:26:10 -0400
Received: by mail-yw1-f181.google.com with SMTP id
 00721157ae682-62a0873c6e4so65090067b3.3
 for <47144@debbugs.gnu.org>; Tue, 04 Jun 2024 18:25:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1717550688; x=1718155488; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=2TbQm5uouq+AgGZASD/tOSuurtpedKIx2xqIQOjHWoE=;
 b=gAQBkGhsWI29sUTtJlzREeeMyfC1KB147NoMzrq/wA1asMa+4L+2PAPlGWryGxsqPD
 5dN/En53w7mmFgzIlsjgu/MK7lP6K2wXPpYxi9mKsEqsa/fT06SAFgZIvP0WSzkrGQTI
 h7kWSvDO2v79lXHvLCOZ1prll99orL2gB4Mi4qlJ38lO4VGsn7EU5GAvC+XP4rn+XYpM
 1uvs2e4Vk5Lt8RA+KHY8y9XX6LzhUNqLisLgvmmulePPzx/HWgo3LSAEg9zGWhqWXPac
 a13/3PHKrJTn9hDrdcXT0eUKuzl9o76BIlpT04gtmuc3EAycwTUbG4I5DpFbP2ER/H3H
 6BMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1717550688; x=1718155488;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=2TbQm5uouq+AgGZASD/tOSuurtpedKIx2xqIQOjHWoE=;
 b=BCzimBzetl0xWWKAEpO2KGW50kbzCmE6IE2nnss9Gz6BPgfhp90f7nyCqwPtXJkor+
 KAKoVY84KYcdGQKquUZGGytzZGJQryWzxuYnRqcXHUW8kKXEfPkr3MxoLrb6QVBDr4Dm
 7EQd/DEdo4m9ISfwgLQ7Lrkry0jYwCLDC5hQ6wBqXfYROUJisCI+KFd+1INZH36v6vpH
 Ol7jPCbcsD//NqwdADAn3WEe9yJUEiLlPprHiIYpyimgmZzRANBBF+9iAhOEvPjWdFtd
 fPz6TqqcToACXC14BoWsNlRsmuTMyIhQpgI1U9nciIO817V6NIGBPyOfGC6Q7C3qXXXs
 V9Ow==
X-Gm-Message-State: AOJu0Yw2h4rwh73Xja9bN0YhmNMIwrBcSR159Tiv+yyBP2YIYZW1oLGk
 qVb0fAd41HptnYJ4HilrX21WhYDDYdecEdVanUGmVofZgLVowDaU+20Y4emt
X-Google-Smtp-Source: AGHT+IFgdMjnJADOL/bafcoxEKHUwuzqbs+VAN5bKQmdNY0uVK4NzFYAZ23ByOhaiurlsyn3CvhWzA==
X-Received: by 2002:a25:d303:0:b0:dfa:6e39:95af with SMTP id
 3f1490d57ef6-dfacad0b47bmr1340124276.53.1717550687861; 
 Tue, 04 Jun 2024 18:24:47 -0700 (PDT)
Received: from localhost.localdomain (dsl-154-1.b2b2c.ca. [66.158.154.1])
 by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-6ae4b429a70sm43950116d6.128.2024.06.04.18.24.47
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 Jun 2024 18:24:47 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Tue,  4 Jun 2024 21:24:28 -0400
Message-ID: <6637c8e33997272ab489b7f35e587c3abd77b82b.1717550623.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <a3641c8501b839cb4490edca279bf15a8141b8ea.1717550623.git.maxim.cournoyer@gmail.com>
References: <a3641c8501b839cb4490edca279bf15a8141b8ea.1717550623.git.maxim.cournoyer@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: bug-guix-bounces+larch=yhetil.org@gnu.org
X-Migadu-Country: US
X-Migadu-Flow: FLOW_IN
X-Spam-Score: 4.16
X-Migadu-Queue-Id: B190DE161
X-Migadu-Scanner: mx10.migadu.com
X-Migadu-Spam-Score: 4.16
X-TUID: bNPhxNsTAUgv

* gnu/packages/base.scm (patch/fixed): New variable.
(patch) [replacement]: Graft with the above.

Fixes: https://issues.guix.gnu.org/47144
Reported-by: Mark H Weaver <mhw@netris.org>
Change-Id: I54ae41b735f5ba0ebad30ebdfaabe0ccdc3f9873
---

Changes in v3:
 - Do not use inheritance for patch/fixed origin

Changes in v2:
 - Use same version to have the same store length, a graft requirement
 - Copy the gnulib source in a phase to avoid introducing a dependency cycle

 gnu/packages/base.scm | 52 ++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 51 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index bbe5b8cf57..3246b7bd0a 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -19,7 +19,7 @@
 ;;; Copyright © 2021 Leo Le Bouter <lle-bout@zaclys.net>
 ;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
 ;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net>
-;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2021, 2024 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2022 zamfofex <zamfofex@twdb.moe>
 ;;; Copyright © 2022 John Kehayias <john.kehayias@protonmail.com>
 ;;; Copyright © 2023 Josselin Poiret <dev@jpoiret.xyz>
@@ -46,8 +46,10 @@ (define-module (gnu packages base)
   #:use-module (gnu packages acl)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages attr)
+  #:use-module (gnu packages autotools)
   #:use-module (gnu packages bash)
   #:use-module (gnu packages bison)
+  #:use-module (gnu packages build-tools)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages multiprecision)
@@ -263,6 +265,7 @@ (define-public tar
 
 (define-public patch
   (package
+    (replacement patch/fixed)
     (name "patch")
     (version "2.7.6")
     (source (origin
@@ -291,6 +294,53 @@ (define-public patch
     (license gpl3+)
     (home-page "https://savannah.gnu.org/projects/patch/")))
 
+(define patch/fixed
+  ;; The latest release is from 2018, and lacks multiple security related
+  ;; patches.  Since Fedora carries 23 patches, simply use the latest commit
+  ;; until a proper release is made.
+  (let ((revision "0")
+        (commit "f144b35425d9d7732ea5485034c1a6b7a106ab92"))
+    (package
+      (inherit patch)
+      (name "patch")
+      ;; TODO: Uncomment when ungrafting.
+      ;;(version (git-version "2.7.6" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://git.savannah.gnu.org/git/patch.git")
+                      (commit commit)))
+                ;; TODO: Uncomment when ungrafting and using the above
+                ;; 'git-version'-computed version.
+                ;;(file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "1bk38169c0xh01b0q0zmnrjqz8k9byz3arp4q7q66sn6xwf94nvz"))
+                (patches (search-patches "patch-hurd-path-max.patch"))))
+      (arguments
+       (substitute-keyword-arguments (package-arguments patch)
+         ((#:phases phases '%standard-phases)
+          #~(modify-phases #$phases
+              (add-after 'unpack 'copy-gnulib-sources
+                (lambda _
+                  ;; XXX: We copy the source instead of using 'gnulib' as a
+                  ;; native input to avoid introducing a dependency cycle with.
+                  (copy-recursively #+gnulib "gnulib")
+                  (setenv "GNULIB_SRCDIR"
+                          (string-append (getcwd) "/gnulib/src/gnulib"))))
+              (add-after 'copy-gnulib-sources 'update-bootstrap-script
+                (lambda _
+                  (copy-file "gnulib/src/gnulib/build-aux/bootstrap"
+                             "bootstrap")))
+              (add-after 'unpack 'patch-configure.ac
+                (lambda _
+                  (substitute* "configure.ac"
+                    ;; The gnulib-provided git-version-gen script has a plain
+                    ;; shebang of #!/bin/sh; avoid using it.
+                    (("build-aux/git-version-gen" all)
+                     (string-append "sh " all)))))))))
+      (native-inputs (list autoconf automake bison ed)))))
+
 (define-public diffutils
   (package
    (name "diffutils")
-- 
2.45.1