From: Kei Kebreau <kei@openmailbox.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.
Date: Fri, 04 Nov 2016 10:52:55 -0400 [thread overview]
Message-ID: <87d1ibwb3s.fsf@openmailbox.org> (raw)
In-Reply-To: <8760o31il3.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Fri, 04 Nov 2016 14:27:04 +0100")
[-- Attachment #1.1: Type: text/plain, Size: 1928 bytes --]
ludo@gnu.org (Ludovic Courtès) writes:
> Leo Famulari <leo@famulari.name> skribis:
>
>> On Thu, Nov 03, 2016 at 10:17:18PM -0500, Eric Bavier wrote:
>>> On Thu, 03 Nov 2016 18:54:55 -0400
>>> Kei Kebreau <kei@openmailbox.org> wrote:
>>>
>>> > From b837111e3ddf406a3b9235538f63af678e3ac741 Mon Sep 17 00:00:00 2001
>>> > From: Kei Kebreau <kei@openmailbox.org>
>>> > Date: Thu, 3 Nov 2016 17:58:48 -0400
>>> > Subject: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.
>>> >
>>> > Fixes some security issues seen here:
>>> > <http://www.openwall.com/lists/oss-security/2016/11/03/3>
>>> >
>>> > * gnu/packages/patches/w3m-upstream-20120522.patch: New file.
>>> > * gnu/packages/patches/w3m-debian-updates.patch: New file.
>>> > * gnu/packages/w3m.scm (w3m): Switch to Debian's actively maintained
>>> > fork of w3m.
>>> > [source]: Use Debian's tarball and patches. Remove obsolete patches.
>>> > [arguments]: Remove unnecessary modification of %standard-phases.
>>> > * gnu/local.mk (dist_patch_DATA): Register new patches. Remove obsolete
>>> > patches.
>>> > ---
>>> > gnu/local.mk | 6 +-
>>> > gnu/packages/patches/w3m-debian-updates.patch | 28498 +++++++++++++++++++
>>>
>>> So theirs is the only actively maintained version of w3m and all they
>>> can provide is a 28.5 thousand line patch? No VCS repository? There
>>> must be some point at which it would be better for us to fetch the
>>> patch in an origin rather than importing it into our repo.
>>
>> I think we build from their Git repo:
>>
>> https://anonscm.debian.org/cgit/collab-maint/w3m.git
>>
>> They even offer non-Debian-ized release tags, such as
>> <v0.5.3+git20161031>.
>
> Then we should use that instead of importing all the patches in our own
> repo, IMO.
>
> Kei: would that work for you?
>
> Thanks,
> Ludo’.
Here it is!
[-- Attachment #1.2: 0001-gnu-w3m-Switch-to-Debian-s-actively-maintained-fork-.patch --]
[-- Type: text/plain, Size: 8960 bytes --]
From cc7a61d61160817ceb395b648b18c885175441e8 Mon Sep 17 00:00:00 2001
From: Kei Kebreau <kei@openmailbox.org>
Date: Fri, 4 Nov 2016 10:48:53 -0400
Subject: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.
Fixes some security issues seen here:
<http://www.openwall.com/lists/oss-security/2016/11/03/3>
* gnu/packages/w3m.scm (w3m): Switch to Debian's actively maintained
fork of w3m.
[source]: Use Debian's git tree. Remove obsolete patches.
[arguments]: Remove unnecessary modification of %standard-phases.
* gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch: Delete file.
* gnu/packages/patches/w3m-disable-weak-ciphers.patch: Delete file.
* gnu/packages/patches/w3m-force-ssl_verify_server-on.patch: Delete file.
* gnu/packages/patches/w3m-libgc.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
gnu/local.mk | 4 ---
.../patches/w3m-disable-sslv2-and-sslv3.patch | 24 --------------
.../patches/w3m-disable-weak-ciphers.patch | 24 --------------
.../patches/w3m-force-ssl_verify_server-on.patch | 24 --------------
gnu/packages/patches/w3m-libgc.patch | 28 ----------------
gnu/packages/w3m.scm | 38 +++++++---------------
6 files changed, 11 insertions(+), 131 deletions(-)
delete mode 100644 gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch
delete mode 100644 gnu/packages/patches/w3m-disable-weak-ciphers.patch
delete mode 100644 gnu/packages/patches/w3m-force-ssl_verify_server-on.patch
delete mode 100644 gnu/packages/patches/w3m-libgc.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index a23d536..a34d8ae 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -891,10 +891,6 @@ dist_patch_DATA = \
%D%/packages/patches/vte-CVE-2012-2738-pt1.patch \
%D%/packages/patches/vte-CVE-2012-2738-pt2.patch \
%D%/packages/patches/vtk-mesa-10.patch \
- %D%/packages/patches/w3m-libgc.patch \
- %D%/packages/patches/w3m-force-ssl_verify_server-on.patch \
- %D%/packages/patches/w3m-disable-sslv2-and-sslv3.patch \
- %D%/packages/patches/w3m-disable-weak-ciphers.patch \
%D%/packages/patches/weechat-python.patch \
%D%/packages/patches/weex-vacopy.patch \
%D%/packages/patches/wicd-bitrate-none-fix.patch \
diff --git a/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch b/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch
deleted file mode 100644
index 5b78f2d..0000000
--- a/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: Disable SSLv2 and SSLv3.
-
-The only remaining methods are TLSv1.* (the code never distinguishes
-between TLSv1.0, TLSv1.1, and TLSv1.2).
----
- fm.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fm.h b/fm.h
-index 320906c..ddcd4fc 100644
---- a/fm.h
-+++ b/fm.h
-@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE);
- #endif /* defined(USE_SSL) &&
- * defined(USE_SSL_VERIFY) */
- #ifdef USE_SSL
--global char *ssl_forbid_method init(NULL);
-+global char *ssl_forbid_method init("2, 3");
- #endif
-
- global int is_redisplay init(FALSE);
---
-2.6.4
-
diff --git a/gnu/packages/patches/w3m-disable-weak-ciphers.patch b/gnu/packages/patches/w3m-disable-weak-ciphers.patch
deleted file mode 100644
index 4780d54..0000000
--- a/gnu/packages/patches/w3m-disable-weak-ciphers.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: Disable weak ciphers
-
-Disable RC4, "export ciphers", and all keys < 128 bits.
-
-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
----
- url.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/url.c b/url.c
-index ed6062e..e86b1f3 100644
---- a/url.c
-+++ b/url.c
-@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
- SSL_load_error_strings();
- if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
- goto eend;
-+ SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP");
- option = SSL_OP_ALL;
- if (ssl_forbid_method) {
- if (strchr(ssl_forbid_method, '2'))
---
-2.6.4
-
diff --git a/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch b/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch
deleted file mode 100644
index dc9f117..0000000
--- a/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Subject: Force ssl_verify_server on.
-
-By default, SSL/TLS certificates are not verified. This enables the
-verification.
----
- fm.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fm.h b/fm.h
-index 8378939..320906c 100644
---- a/fm.h
-+++ b/fm.h
-@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE);
- #endif
-
- #if defined(USE_SSL) && defined(USE_SSL_VERIFY)
--global int ssl_verify_server init(FALSE);
-+global int ssl_verify_server init(TRUE);
- global char *ssl_cert_file init(NULL);
- global char *ssl_key_file init(NULL);
- global char *ssl_ca_path init(NULL);
---
-2.6.4
-
diff --git a/gnu/packages/patches/w3m-libgc.patch b/gnu/packages/patches/w3m-libgc.patch
deleted file mode 100644
index 0dc6a40..0000000
--- a/gnu/packages/patches/w3m-libgc.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-This patch fixes w3m compilation with libgc > 7.2.
-
-Reported:
-https://bugs.archlinux.org/task/33397
-
-Patch with explanation:
-http://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=770eec8304bdbe458
----
- main.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/main.c b/main.c
-index b421943..249eb1a 100644
---- a/main.c
-+++ b/main.c
-@@ -833,7 +833,8 @@ main(int argc, char **argv, char **envp)
- mySignal(SIGPIPE, SigPipe);
- #endif
-
-- orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc);
-+ orig_GC_warn_proc = GC_get_warn_proc();
-+ GC_set_warn_proc(wrap_GC_warn_proc);
- err_msg = Strnew();
- if (load_argc == 0) {
- /* no URL specified */
---
-2.6.4
-
diff --git a/gnu/packages/w3m.scm b/gnu/packages/w3m.scm
index e7dd583..80171de 100644
--- a/gnu/packages/w3m.scm
+++ b/gnu/packages/w3m.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -28,7 +29,7 @@
#:use-module (gnu packages tls)
#:use-module (gnu packages)
#:use-module (guix packages)
- #:use-module (guix download)
+ #:use-module (guix git-download)
#:use-module (guix build-system gnu))
(define-public w3m
@@ -36,33 +37,16 @@
(name "w3m")
(version "0.5.3")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://sourceforge/" name "/" name "/"
- name "-" version "/"
- name "-" version ".tar.gz"))
- (sha256
- (base32
- "1qx9f0kprf92r1wxl3sacykla0g04qsi0idypzz24b7xy9ix5579"))
-
- ;; cf. https://bugs.archlinux.org/task/33397
- (patches (search-patches "w3m-libgc.patch"
- "w3m-force-ssl_verify_server-on.patch"
- "w3m-disable-sslv2-and-sslv3.patch"
- "w3m-disable-weak-ciphers.patch"))))
+ (method git-fetch)
+ ;; Debian's fork of w3m is the only one that is still maintained.
+ (uri (git-reference
+ (url "https://anonscm.debian.org/cgit/collab-maint/w3m.git")
+ (commit "v0.5.3+git20161031")))
+ (sha256
+ (base32
+ "142vkkmsk76wj9w6r4y2pa1hmy1kkzmc73an9zchx0ikm2z92x6s"))))
(build-system gnu-build-system)
- (arguments `(#:tests? #f ; no check target
- #:phases (alist-cons-before
- 'configure 'fix-perl
- (lambda _
- ;; https://launchpad.net/bugs/935540
- ;; 'struct file_handle' is used by 'glibc'
- (substitute* '("istream.c" "istream.h")
- (("struct[[:blank:]]+file_handle")
- "struct w3m_file_handle"))
- (substitute* '("scripts/w3mmail.cgi.in"
- "scripts/dirlist.cgi.in")
- (("@PERL@") (which "perl"))))
- %standard-phases)))
+ (arguments `(#:tests? #f)) ; no check target
(inputs
`(("libgc" ,libgc)
("ncurses" ,ncurses)
--
2.10.2
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 800 bytes --]
next prev parent reply other threads:[~2016-11-04 14:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-03 22:54 [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m Kei Kebreau
2016-11-04 3:17 ` Eric Bavier
2016-11-04 4:03 ` Leo Famulari
2016-11-04 13:27 ` Ludovic Courtès
2016-11-04 13:59 ` Kei Kebreau
2016-11-04 14:52 ` Kei Kebreau [this message]
2016-11-04 15:48 ` Leo Famulari
2016-11-04 17:05 ` Kei Kebreau
2016-11-04 23:54 ` Leo Famulari
2016-11-05 0:08 ` Kei Kebreau
2016-11-05 0:16 ` Leo Famulari
-- strict thread matches above, loose matches on Subject: below --
2016-11-03 22:08 Kei Kebreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d1ibwb3s.fsf@openmailbox.org \
--to=kei@openmailbox.org \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).