From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id mAmeKXsJYWamxQAAe85BDQ:P1 (envelope-from ) for ; Thu, 06 Jun 2024 02:57:31 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id mAmeKXsJYWamxQAAe85BDQ (envelope-from ) for ; Thu, 06 Jun 2024 02:57:31 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=TL9D7gXA; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1717635450; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=Pk8ZklKWjqc61fOHxOdGL+G67JvDaCfDZtYXTK4D5Fc=; b=mSEWX80caYKDLDDHt106m2QlZ5MlIMxGcT0mJ06qtJIL+Fu3dSRyYubtC8dM+W/udRRWh6 VVT8vH/CzvJTtDOm6CcAlXoJrs9kj5VQ4uxNws7Yh2MqTRInrQo5Dzyy2OBr6azIhMlm2f ZaBmT47pdWTScyIjO5g5SMCtrUFo9pmsS4WUux+TG7kpb3tUZsJ3TSS+Yp7+MqCROQsdZz yZLU9uJHdOc+cCQl8/qUVOhM5pqe+R0rXEkGsw5govUlHpELMI4bJAMzqgaP279KHqfBHX oIT/2DHLlVaUhubUJ6y7ms6Dd73kq8G5wfYwmvaT4Nhkc58B5xj2gZMWroNyiA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=TL9D7gXA; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1717635450; a=rsa-sha256; cv=none; b=dUxOaOsa+PUbjjICBk/0Hn8C3sSoFmMX6IIy2y8v1tt7KFG44Dyr01x2V7+3yhpdiYVHwP abuJr83szuokMNnXuDDxX4mkUoft7lpPCtUreUhimZvlcQ6DXOr9fi+8YVzlGQLXI9Rjry 1rMTSbQRhPAc4YCvMN8o16jEH7OOtwKMDS3DBSuB05/ZPtMUFqHSXTMHUFQdFsOzo41f6t iq51tSQomXQUVbq1HwCz0pdYA0Zw2s7bjTV+MLbRbZn4Hbie0RNXXoQrwCzix1WdFhHLYs 3FIcFopOvf3gX63WcHCgQ4F4ZQROb3A8H0SA++NBXxdOVoXAdbW8o+gv7Y92CA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 954B9242EA for ; Thu, 6 Jun 2024 02:57:30 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sF1RI-00035I-6m; Wed, 05 Jun 2024 20:57:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sF1RH-00035A-1K for bug-guix@gnu.org; Wed, 05 Jun 2024 20:57:11 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sF1RG-0003H2-90; Wed, 05 Jun 2024 20:57:10 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sF1R8-00042L-1n; Wed, 05 Jun 2024 20:57:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47144: [PATCH v4 3/3] gnu: patch: Update to latest commit [security fixes]. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: mhw@netris.org, ludo@gnu.org, lle-bout@zaclys.net, leo@famulari.name, maxim.cournoyer@gmail.com, zimon.toutoune@gmail.com, guix@cbaines.net, efraim@flashner.co.il, ekaitz@elenq.tech, glv@posteo.net, dev@jpoiret.xyz, cox.katherine.e+guix@gmail.com, othacehe@gnu.org, me@bonfacemunyoki.com, rekado@elephly.net, sharlatanus@gmail.com, me@tobias.gr, jgart@dismail.de, bug-guix@gnu.org Resent-Date: Thu, 06 Jun 2024 00:57:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47144 X-GNU-PR-Package: guix X-GNU-PR-Keywords: security To: 47144@debbugs.gnu.org Cc: Mark H Weaver , Maxim Cournoyer , Mark H Weaver , Ludovic =?UTF-8?Q?Court=C3=A8s?= , =?UTF-8?Q?L=C3=A9o?= Le Bouter , Leo Famulari , Maxim Cournoyer , Simon Tournier , Christopher Baines , Efraim Flashner , Ekaitz Zarraga , Guillaume Le Vaillant , Josselin Poiret , Katherine Cox-Buday , Mathieu Othacehe , Munyoki Kilyungi , Ricardo Wurmus , Sharlatan Hellseher , Tobias Geerinckx-Rice , jgart X-Debbugs-Original-Xcc: Mark H Weaver , Ludovic =?UTF-8?Q?Court=C3=A8s?= , =?UTF-8?Q?L=C3=A9o?= Le Bouter , Leo Famulari , Maxim Cournoyer , Simon Tournier , Christopher Baines , Efraim Flashner , Ekaitz Zarraga , Guillaume Le Vaillant , Josselin Poiret , Katherine Cox-Buday , Mathieu Othacehe , Munyoki Kilyungi , Ricardo Wurmus , Sharlatan Hellseher , Tobias Geerinckx-Rice , jgart Received: via spool by 47144-submit@debbugs.gnu.org id=B47144.171763536815378 (code B ref 47144); Thu, 06 Jun 2024 00:57:02 +0000 Received: (at 47144) by debbugs.gnu.org; 6 Jun 2024 00:56:08 +0000 Received: from localhost ([127.0.0.1]:52472 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sF1QF-0003zu-G8 for submit@debbugs.gnu.org; Wed, 05 Jun 2024 20:56:08 -0400 Received: from mail-qt1-f173.google.com ([209.85.160.173]:53397) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sF1QC-0003z6-Pf for 47144@debbugs.gnu.org; Wed, 05 Jun 2024 20:56:06 -0400 Received: by mail-qt1-f173.google.com with SMTP id d75a77b69052e-44028fc3d22so1475501cf.2 for <47144@debbugs.gnu.org>; Wed, 05 Jun 2024 17:55:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717635284; x=1718240084; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Pk8ZklKWjqc61fOHxOdGL+G67JvDaCfDZtYXTK4D5Fc=; b=TL9D7gXAMnBRhhL2Kru1Onk42ZCMEG71xP+ecjN/qjhFzJKObQXaPdcXZTP+Y2FP1K ib4kTZaVCoWsa8Y1TA8EagmMZe3QFiUVGPkw/wdZUME5PjKr40X/zNLsxT6Z48uErlbl em1QSZh909UBRCbGwXUTLlHNWXqgWhAFXbqqOvzW6tfnXOH1WpMabS5P0ykuxQK/iZBh cIbVNHXrcow2OVBdgUMcnSNcr8134PwJxyZXRRenvaso4NgK+itR7eZal3Z91zB1E0Vr 7cClde93Nt4dJy7Q3ULZXvT32BsvF5mUqZ7R8Gb6uOlxfrAKqsPtgZ/wVABByTXdp2xZ Y7Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717635284; x=1718240084; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Pk8ZklKWjqc61fOHxOdGL+G67JvDaCfDZtYXTK4D5Fc=; b=M5T4Y6vlHNsPjGh2oxU9xmPrLmqNO3cYpcqMUU8DsXAFLeoH29S6+ERWop4yhg6Ukt prb0OyCaJih9AkpUezs4f9p/0tqcfcYZOQxOwJ8lraENoi1abOE5o065E6I1Up5lftFA 2u5Gg2n5z2qmvP6qBrxoyDedFH0mTnIOfRojPnE+bFfEXcvTGZcfs1h1+PnCcInCOh98 I/WHUx0Ed2ALKimsohVCV/Feb/WnOyF2pEk5o7W8HlZDzmqoqMHPII6CC1Mm5DxFOeI+ EGZht2F47cqzh3mqPCFj30G9FgIya9CJsRlrGRXSNhmXrUBo/0BJwIiR3n9j7bXAyWZr eFpQ== X-Gm-Message-State: AOJu0YwS0vGjMSjfeQM9N7P2Jf86PzQzHjVIOcCyPZLZ/VntrSn4hVDu o2N4Cj2VbtPWmUoH4P+FwUjvbgW6d5oaqgaUf6l+u+CHuwcFA21y9yx79+gW X-Google-Smtp-Source: AGHT+IFKYlTCLT/Yxly3CNZh3Z17P5dwdD4WPla8cOHN8pSFXGR8hyZcaDFioBQ2L1odKK5xUXkq1g== X-Received: by 2002:a05:620a:c44:b0:792:9662:9473 with SMTP id af79cd13be357-79523d3f3d8mr483324885a.14.1717634799008; Wed, 05 Jun 2024 17:46:39 -0700 (PDT) Received: from localhost.localdomain (dsl-10-133-150.b2b2c.ca. [72.10.133.150]) by smtp.gmail.com with ESMTPSA id af79cd13be357-795332df9b0sm8751085a.126.2024.06.05.17.46.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 17:46:38 -0700 (PDT) From: Maxim Cournoyer Date: Wed, 5 Jun 2024 20:46:21 -0400 Message-ID: <7663177c58ca72f54b6c715561701952b35910ec.1717634752.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: 5.66 X-Migadu-Queue-Id: 954B9242EA X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: 5.66 X-TUID: uySefdTECXOo * gnu/packages/base.scm (patch): Rename to... (patch/pinned): ... this. Hide package. (patch): New variable. * gnu/packages/commencement.scm (patch-mesboot): Inherit from patch/pinned. (patch-boot0): Likewise. (%final-inputs): Replace patch with patch/pinned. * gnu/packages/lisp.scm (cl-asdf): Likewise. * guix/packages.scm (%standard-patch-inputs): Replace patch with patch/pinned. Fixes: https://issues.guix.gnu.org/47144 Reported-by: Mark H Weaver Change-Id: I54ae41b735f5ba0ebad30ebdfaabe0ccdc3f9873 --- Changes in v4: - Use a hidden patch/pinned and patch variables instead of a graft Changes in v3: - Do not use inheritance for patch/fixed origin Changes in v2: - Use same version to have the same store length, a graft requirement - Copy the gnulib source in a phase to avoid introducing a dependency cycle gnu/packages/base.scm | 102 +++++++++++++++++++++++++--------- gnu/packages/commencement.scm | 8 +-- gnu/packages/lisp.scm | 2 +- guix/packages.scm | 2 +- 4 files changed, 82 insertions(+), 32 deletions(-) diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index bbe5b8cf57..66c5b7d237 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -19,7 +19,7 @@ ;;; Copyright © 2021 Leo Le Bouter ;;; Copyright © 2021 Maxime Devos ;;; Copyright © 2021 Guillaume Le Vaillant -;;; Copyright © 2021 Maxim Cournoyer +;;; Copyright © 2021, 2024 Maxim Cournoyer ;;; Copyright © 2022 zamfofex ;;; Copyright © 2022 John Kehayias ;;; Copyright © 2023 Josselin Poiret @@ -46,8 +46,10 @@ (define-module (gnu packages base) #:use-module (gnu packages acl) #:use-module (gnu packages algebra) #:use-module (gnu packages attr) + #:use-module (gnu packages autotools) #:use-module (gnu packages bash) #:use-module (gnu packages bison) + #:use-module (gnu packages build-tools) #:use-module (gnu packages gcc) #:use-module (gnu packages guile) #:use-module (gnu packages multiprecision) @@ -261,35 +263,83 @@ (define-public tar (license gpl3+) (home-page "https://www.gnu.org/software/tar/"))) -(define-public patch - (package - (name "patch") - (version "2.7.6") - (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/patch/patch-" - version ".tar.xz")) - (sha256 - (base32 - "1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc")) - (patches (search-patches "patch-hurd-path-max.patch")))) - (build-system gnu-build-system) - (arguments - ;; Work around a cross-compilation bug whereby libpatch.a would provide - ;; '__mktime_internal', which conflicts with the one in libc.a. - (if (%current-target-system) - `(#:configure-flags '("gl_cv_func_working_mktime=yes")) - '())) - (native-inputs (list ed)) - (synopsis "Apply differences to originals, with optional backups") - (description - "Patch is a program that applies changes to files based on differences +;;; TODO: Replace/merge with 'patch' on core-updates. +(define-public patch/pinned + (hidden-package + (package + (name "patch") + (version "2.7.6") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/patch/patch-" + version ".tar.xz")) + (sha256 + (base32 + "1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc")) + (patches (search-patches "patch-hurd-path-max.patch")))) + (build-system gnu-build-system) + (arguments + ;; Work around a cross-compilation bug whereby libpatch.a would provide + ;; '__mktime_internal', which conflicts with the one in libc.a. + (if (%current-target-system) + `(#:configure-flags '("gl_cv_func_working_mktime=yes")) + '())) + (native-inputs (list ed)) + (synopsis "Apply differences to originals, with optional backups") + (description + "Patch is a program that applies changes to files based on differences laid out as by the program \"diff\". The changes may be applied to one or more files depending on the contents of the diff file. It accepts several different diff formats. It may also be used to revert previously applied differences.") - (license gpl3+) - (home-page "https://savannah.gnu.org/projects/patch/"))) + (license gpl3+) + (home-page "https://savannah.gnu.org/projects/patch/")))) + +(define-public patch + ;; The latest release is from 2018, and lacks multiple security related + ;; patches. Since Fedora carries 23 patches, simply use the latest commit + ;; until a proper release is made. + (let ((revision "0") + (commit "f144b35425d9d7732ea5485034c1a6b7a106ab92") + (base patch/pinned)) + (package + (inherit base) + (name "patch") + (version (git-version "2.7.6" revision commit)) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://git.savannah.gnu.org/git/patch.git") + (commit commit))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1bk38169c0xh01b0q0zmnrjqz8k9byz3arp4q7q66sn6xwf94nvz")) + (patches (search-patches "patch-hurd-path-max.patch")))) + (arguments + (substitute-keyword-arguments (package-arguments base) + ((#:phases phases '%standard-phases) + #~(modify-phases #$phases + (add-after 'unpack 'copy-gnulib-sources + (lambda _ + ;; XXX: We copy the source instead of using 'gnulib' as a + ;; native input to avoid introducing a dependency cycle. + (copy-recursively #+gnulib "gnulib") + (setenv "GNULIB_SRCDIR" + (string-append (getcwd) "/gnulib/src/gnulib")))) + (add-after 'copy-gnulib-sources 'update-bootstrap-script + (lambda _ + (copy-file "gnulib/src/gnulib/build-aux/bootstrap" + "bootstrap"))) + (add-after 'unpack 'patch-configure.ac + (lambda _ + (substitute* "configure.ac" + ;; The gnulib-provided git-version-gen script has a plain + ;; shebang of #!/bin/sh; avoid using it. + (("build-aux/git-version-gen" all) + (string-append "sh " all))))))))) + (native-inputs (list autoconf automake bison ed)) + (properties '())))) (define-public diffutils (package diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index b4d236c35b..0433059493 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -878,7 +878,7 @@ (define tcc-boot (define patch-mesboot ;; The initial patch. (package - (inherit patch) + (inherit patch/pinned) (name "patch-mesboot") (version "2.5.9") (source (origin @@ -2167,8 +2167,8 @@ (define gawk-boot0 (define patch-boot0 (package - (inherit patch) - (source (bootstrap-origin (package-source patch))) + (inherit patch/pinned) + (source (bootstrap-origin (package-source patch/pinned))) (name "patch-boot0") (native-inputs '()) (inputs @@ -3482,7 +3482,7 @@ (define-public %final-inputs ("bzip2" ,bzip2) ("file" ,file) ("diffutils" ,diffutils) - ("patch" ,patch) + ("patch" ,patch/pinned) ("findutils" ,findutils) ("gawk" ,gawk))) ("sed" ,sed-final) diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm index 6bf93d83c7..6f3bd126cc 100644 --- a/gnu/packages/lisp.scm +++ b/gnu/packages/lisp.scm @@ -121,7 +121,7 @@ (define-public cl-asdf (build-system trivial-build-system) (native-inputs `(("config-patch" ,@(search-patches "cl-asdf-config-directories.patch")) - ("patch" ,patch))) + ("patch" ,patch/pinned))) (arguments `(#:modules ((guix build utils) (guix build lisp-utils)) diff --git a/guix/packages.scm b/guix/packages.scm index abe89cdb07..f3a9a61785 100644 --- a/guix/packages.scm +++ b/guix/packages.scm @@ -899,7 +899,7 @@ (define (%standard-patch-inputs system) ("gzip" ,(ref '(gnu packages compression) 'gzip)) ("lzip" ,(ref '(gnu packages compression) 'lzip)) ("unzip" ,(ref '(gnu packages compression) 'unzip)) - ("patch" ,(ref '(gnu packages base) 'patch)) + ("patch" ,(ref '(gnu packages base) 'patch/pinned)) ("locales" ,(parameterize ((%current-target-system #f) (%current-system system)) -- 2.45.1