From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id KHxRMs1iM2dPfAEAe85BDQ:P1 (envelope-from ) for ; Tue, 12 Nov 2024 14:14:38 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id KHxRMs1iM2dPfAEAe85BDQ (envelope-from ) for ; Tue, 12 Nov 2024 15:14:37 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=WRxLX8Da; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Bhj5TuNT; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1731420877; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=bVNhmP/GyxAQ2WLrDUdTRI3eYYrud5DVaBKHDOLh4JM=; b=uSUWnA+5aym8P/An7j9nTXrVvftPq7yPizfqYphuDwMFPrQEZ7DImP5eVj4qVte15dW15P aGSW6C+8fMdu0Rb6JlQaQvc5wFC5F3qE+0yzH8YLzGXibdVUP1tBDpUfH7o0dvWVl1Qr9I XPdn0euMruwWdoruC5EvBQHFhroaZCh7tJ/roC21voE8ClIXOVq3Wjy5Eu0eN415839cZu kNd084MTQCDlNjv/tiM55pSVJ5dEiwQrbJpCzre2CGajRPYOjUXNzfj1ktpSDRxFoyg9Wi T5z08gsEMG17qfh75d77EJOsUra5nDY2iAB8U/KYwKTrUoXIiq1WiqKqnoKwZA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=WRxLX8Da; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=Bhj5TuNT; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1731420877; a=rsa-sha256; cv=none; b=Hme5yPCF4gVmGaeF7d948NAGsttO9pNPZDwzAY4JUatrTZJ1n8ID7JzPEFkVHqLhZftvwY 14vzM+7y345Es2Si4gpHyeHXN+3TZoNJT3K1VwcxUffdj8Gdcd9TL05xiv6lJIFs4IlsJd ne7atB3SQPNvcIyuLdsHRYkf/rVYXYtiQqH6HdQNIDpDNw8obM6NP7xyW7FSXr7Vl2AiC0 O1lR/LPCqcfGqXURUoFHbVyba17DU8CEck200uAs5cS65qa0YYvvm4t+WhRn56j3ZOJoGk Bf5Ehg9FyiHn1mYEf5iBpyplUKzD5QcLNFzvh06zh4tX9J1oAWkWizXkaNNimg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 621E77B02A for ; Tue, 12 Nov 2024 15:14:37 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tAreh-0003zt-23; Tue, 12 Nov 2024 09:14:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tAree-0003ya-S5 for guix-patches@gnu.org; Tue, 12 Nov 2024 09:14:04 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tAree-0005nc-K4 for guix-patches@gnu.org; Tue, 12 Nov 2024 09:14:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=bVNhmP/GyxAQ2WLrDUdTRI3eYYrud5DVaBKHDOLh4JM=; b=WRxLX8DaH57p3uC5vBCGic/FdxE9HJgFPtnue/+6iKcXWQxRMi3eguc7VQNA6byLpl0vT0zSU0p0eadthNjasUH5JngSt+pkZHHmovToQtlWvB8sv+JU6i5A+w8gx1mquDWgIOSYlUqE0AOP/JlTush9/Wtot17lc+NQwTxSXPlNMpl6vTefw7RuKk6LjC0A7YTywQwt0aBhw8QLGWlzuEuhQYqgwtRwkG6F95dqi5AdaVHYAqRSWOzN09DKV4VUPa+SwhrXSqwWtIem4W7NF9YWp54G3okXzjb9r7TaKYWUJZManITImLrxQFhI+Mj53TSRZhxn9D0cfxmEv5U7lQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tAred-00013J-Iw for guix-patches@gnu.org; Tue, 12 Nov 2024 09:14:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74035] [PATCH v4 8/8] gnu: rnp: Update to 0.17.1. [security fixes] Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 12 Nov 2024 14:14:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74035 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Nicolas Graves Cc: 74035@debbugs.gnu.org Received: via spool by 74035-submit@debbugs.gnu.org id=B74035.17314208113960 (code B ref 74035); Tue, 12 Nov 2024 14:14:03 +0000 Received: (at 74035) by debbugs.gnu.org; 12 Nov 2024 14:13:31 +0000 Received: from localhost ([127.0.0.1]:33005 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tAre7-00011o-0Q for submit@debbugs.gnu.org; Tue, 12 Nov 2024 09:13:31 -0500 Received: from mail-pj1-f43.google.com ([209.85.216.43]:59774) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tAre4-00011a-6s for 74035@debbugs.gnu.org; Tue, 12 Nov 2024 09:13:28 -0500 Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-2e34a089cd3so4617373a91.3 for <74035@debbugs.gnu.org>; Tue, 12 Nov 2024 06:13:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1731420741; x=1732025541; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=bVNhmP/GyxAQ2WLrDUdTRI3eYYrud5DVaBKHDOLh4JM=; b=Bhj5TuNTjrWO7RnuJg34JJnCWaig2un4cZa4j7JXGdRBoajJ1hu+KM1+ONVxImz2pX wQRdfgyEWJhMSThvmHdqyDwcMUQrfb4SVxq/BHuA234rI9fK0Z7WWk4rrZYlRqiSKcZJ CKcMDQ/amS5WsvGtgdrQnpkxuvq2kxgzmpbTXDDLjLISEbCycqQDAAjTgWVbwbFze29K l3IYOSfV2u5VnSQQ37wSLs5cZRAUTOSpTbinF5ZisEodxBzqD5qjMw/YsNCZlKuRgEVK qcdQ7cNJuugyw9s4Z23T/851w2DbKJNdkCpsU7GbXdvg/txVnN3jHCn+ng3y8bv/0QyG IiKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731420741; x=1732025541; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=bVNhmP/GyxAQ2WLrDUdTRI3eYYrud5DVaBKHDOLh4JM=; b=MPzFGeYsvtWQrs/p+VFyInHALhs1nYkOaZPkXz4wdemQt0re6dtCnbEgIfJnSP4bOL 9ZvXSqsTLougPuwXoObjkNDUKqlhqvQD9TzvD/2Uh1wRL8i0bAIMrvxXD5UzpaL+9xhY ei0J3kv2MWWkXODH03G1rex/sv3yjyONAuKit/YnIXbLdeKqRSE/TMI551nQagO0cLyR NBHeczeQF4cvJSr2ysysmt25ApxPJJAhQ0VDHhtiKj3qBA+GH71QPKmAtxBFErSeJkhN Yo+EIOxiZQRHSoUwbAf7UlIgAGo+CMbs2q5gjFJfMkZOtEy22gCGV/N6LyM+n/VfHdEk Nc9g== X-Gm-Message-State: AOJu0Yw/zaqKXikQLSsUMH5McBEylrokYOReWy3GOYYit+0yu/ZzzsS6 WxN6TLeHJVRHFmkC834rF1EB4tsGLw15Ers840qsazeXgfCACXhEefzge/Pl X-Google-Smtp-Source: AGHT+IHJaiYrdyUrwH1mZh5jVkg67lCfOsASFOmpnwIuCmcNoYgB/P2BBzaqHsntwE7RaDWLkjFcNQ== X-Received: by 2002:a17:90b:17cd:b0:2e2:d82b:d144 with SMTP id 98e67ed59e1d1-2e9b178fe07mr20663724a91.37.1731420741127; Tue, 12 Nov 2024 06:12:21 -0800 (PST) Received: from terra ([2405:6586:be0:0:c8ff:1707:9b9:af89]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2e9a5f5e5bcsm10613499a91.15.2024.11.12.06.12.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Nov 2024 06:12:20 -0800 (PST) From: Maxim Cournoyer In-Reply-To: <20241105231405.21806-8-ngraves@ngraves.fr> (Nicolas Graves's message of "Wed, 6 Nov 2024 00:13:58 +0100") References: <20241105231405.21806-1-ngraves@ngraves.fr> <20241105231405.21806-8-ngraves@ngraves.fr> Date: Tue, 12 Nov 2024 23:12:13 +0900 Message-ID: <87frnw1qyq.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: 3.59 X-Spam-Score: 3.59 X-Migadu-Queue-Id: 621E77B02A X-TUID: 4w+3Y/yiDs4g Hi, Nicolas Graves writes: > This fixes CVE-2023-29479 and CVE-2023-29480. > > * gnu/packages/openpgp.scm (rnp): Update to 0.17.1. > [arguments]: Improve style using gexps. > <#:phases>: Add phase 'inject-sexpp-source. > [inputs]: Add sexpp. I could work it out with this: --8<---------------cut here---------------start------------->8--- modified gnu/packages/openpgp.scm @@ -117,6 +117,9 @@ (define-public rnp (list #:configure-flags ''("-DBUILD_SHARED_LIBS=on" + ;; Lower the minimum tuning ratio from 6 to 4, as suggested + ;; upstream to avoid the s2k_iteration_tuning failing. + "-DS2K_MINIMUM_TUNING_RATIO=4" "-DBUILD_TESTING=on" "-DDOWNLOAD_GTEST=off" "-DDOWNLOAD_RUBYRNP=off") @@ -129,22 +132,27 @@ (define-public rnp (add-after 'unpack 'inject-sexpp-source (lambda _ (rmdir "src/libsexpp") - (symlink #$(package-source (this-package-input "sexpp")) + (symlink #$(package-source (this-package-native-input "sexpp")) "src/libsexpp"))) (replace 'check - (lambda* (#:key tests? #:allow-other-keys) + (lambda* (#:key tests? parallel-tests? #:allow-other-keys) (when tests? ;; Some OpenPGP certificates used by the tests expire. ;; To work around that, set the time to roughly the ;; release date. - (invoke "faketime" #$day-of-release "make" "test"))))))) + (setenv "CTEST_OUTPUT_ON_FAILURE" "1") + (invoke "faketime" #$day-of-release "ctest" + "-j" (if parallel-tests? + (number->string (parallel-job-count)) + "1")))))))) (native-inputs - (list gnupg ; for tests - googletest ; for tests - libfaketime ; for tests + (list gnupg ;for tests + googletest ;for tests + libfaketime ;for tests pkg-config - python)) - (inputs (list botan bzip2 json-c sexpp zlib)) + python + sexpp)) ;sexpp is used as source only + (inputs (list botan bzip2 json-c zlib)) (synopsis "RFC4880-compliant OpenPGP library written in C++") (description --8<---------------cut here---------------end--------------->8--- Thanks to upstream's extreme responsiveness (answered in seconds!) Nitpick: inline comments shouldn't have a space between the ';' and the text. I've also made the test suite run in parallel and restored the CTEST_OUTPUT_ON_FAILURE behavior of the stock check phase, as that's very useful in case of problems. -- Thanks, Maxim