* [bug#34036] [PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882].
@ 2019-01-10 18:03 Kei Kebreau
2019-01-10 20:05 ` Leo Famulari
0 siblings, 1 reply; 5+ messages in thread
From: Kei Kebreau @ 2019-01-10 18:03 UTC (permalink / raw)
To: 34036; +Cc: Kei Kebreau
* gnu/packages/irc.scm (irssi): Update to 1.1.2.
[source]: Use 'git-fetch'.
[arguments]: Add 'patch-scripts' phase.
[native-inputs]: Add autoconf, automake, and libtool.
---
gnu/packages/irc.scm | 39 +++++++++++++++++++++++++++++----------
1 file changed, 29 insertions(+), 10 deletions(-)
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index ba31d36b9..1e491db0a 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -25,6 +25,7 @@
(define-module (gnu packages irc)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (guix download)
+ #:use-module (guix git-download)
#:use-module (guix packages)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
@@ -126,19 +127,34 @@ irssi, but graphical.")
(define-public irssi
(package
(name "irssi")
- (version "1.1.1")
- (source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/irssi/irssi/"
- "releases/download/" version "/irssi-"
- version ".tar.xz"))
- (sha256
- (base32
- "1gx1flfh4a09nb3b5pvf0ygnbl7rry3l4gph8wij29dsl7khfj3q"))))
+ (version "1.1.2")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/irssi/irssi.git")
+ (commit version)))
+ (sha256
+ (base32
+ "0kypqcm0hcxsqifbkq4fzrhvmqh6s6h65d0b8kq5w6fwjqj37z3z"))))
(build-system gnu-build-system)
(arguments
`(#:phases
(modify-phases %standard-phases
+ (add-after 'unpack 'patch-scripts
+ (lambda _
+ (substitute* "autogen.sh"
+ ;; git is not available in the build environment.
+ (("git log > ChangeLog")
+ ;; Don't let autogen.sh run by setting an environment variable
+ ;; that is checked later in the script.
+ "NOCONFIGURE=t"))
+ (substitute* "utils/irssi-version.sh"
+ (("^DATE=`GIT_DIR=\\$1/\\.git git.*$") "")
+ ;; This is the date of the release of Irssi version 1.1.2.
+ (("^VERSION_DATE=`.*`") "VERSION_DATE=20190109")
+ (("^VERSION_TIME=.*$") "VERSION_TIME=0"))
+ #t))
(replace 'configure
(lambda* (#:key inputs outputs #:allow-other-keys)
(let ((out (assoc-ref outputs "out")))
@@ -154,7 +170,10 @@ irssi, but graphical.")
("openssl" ,openssl)
("perl" ,perl)))
(native-inputs
- `(("pkg-config" ,pkg-config)))
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)
+ ("pkg-config" ,pkg-config)))
(home-page "https://irssi.org/")
(synopsis "Terminal-based IRC client")
(description
--
2.20.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#34036] [PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882].
2019-01-10 18:03 [bug#34036] [PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882] Kei Kebreau
@ 2019-01-10 20:05 ` Leo Famulari
2019-01-10 21:08 ` Kei Kebreau
0 siblings, 1 reply; 5+ messages in thread
From: Leo Famulari @ 2019-01-10 20:05 UTC (permalink / raw)
To: Kei Kebreau; +Cc: 34036
[-- Attachment #1: Type: text/plain, Size: 499 bytes --]
On Thu, Jan 10, 2019 at 01:03:20PM -0500, Kei Kebreau wrote:
> * gnu/packages/irc.scm (irssi): Update to 1.1.2.
> [source]: Use 'git-fetch'.
> [arguments]: Add 'patch-scripts' phase.
> [native-inputs]: Add autoconf, automake, and libtool.
Thanks!
But why switch to git-fetch when they offer a tarball? All else being
equal, we should stick to tarballs when they are offered by upstream.
Specifically, let's use this one:
https://github.com/irssi/irssi/releases/download/1.1.2/irssi-1.1.2.tar.xz
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [bug#34036] [PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882].
2019-01-10 20:05 ` Leo Famulari
@ 2019-01-10 21:08 ` Kei Kebreau
2019-01-10 21:15 ` Leo Famulari
0 siblings, 1 reply; 5+ messages in thread
From: Kei Kebreau @ 2019-01-10 21:08 UTC (permalink / raw)
To: Leo Famulari; +Cc: 34036
[-- Attachment #1: Type: text/plain, Size: 660 bytes --]
Oh, it's not an auto-generated tarball! In that case I've attached the
much simpler update patch.
Leo Famulari <leo@famulari.name> writes:
> On Thu, Jan 10, 2019 at 01:03:20PM -0500, Kei Kebreau wrote:
>> * gnu/packages/irc.scm (irssi): Update to 1.1.2.
>> [source]: Use 'git-fetch'.
>> [arguments]: Add 'patch-scripts' phase.
>> [native-inputs]: Add autoconf, automake, and libtool.
>
> Thanks!
>
> But why switch to git-fetch when they offer a tarball? All else being
> equal, we should stick to tarballs when they are offered by upstream.
>
> Specifically, let's use this one:
>
> https://github.com/irssi/irssi/releases/download/1.1.2/irssi-1.1.2.tar.xz
[-- Attachment #2: 0001-gnu-irssi-Update-to-1.1.2-fixes-CVE-2019-5882.patch --]
[-- Type: text/plain, Size: 1462 bytes --]
From c954fe6622660f1511ced2be955c35acfb8b124a Mon Sep 17 00:00:00 2001
From: Kei Kebreau <kkebreau@posteo.net>
Date: Thu, 10 Jan 2019 12:56:04 -0500
Subject: [PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882].
* gnu/packages/irc.scm (irssi): Update to 1.1.2.
---
gnu/packages/irc.scm | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index ba31d36b9..ec1c4aae9 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -126,15 +126,15 @@ irssi, but graphical.")
(define-public irssi
(package
(name "irssi")
- (version "1.1.1")
+ (version "1.1.2")
(source (origin
- (method url-fetch)
- (uri (string-append "https://github.com/irssi/irssi/"
- "releases/download/" version "/irssi-"
- version ".tar.xz"))
- (sha256
- (base32
- "1gx1flfh4a09nb3b5pvf0ygnbl7rry3l4gph8wij29dsl7khfj3q"))))
+ (method url-fetch)
+ (uri (string-append "https://github.com/irssi/irssi/"
+ "releases/download/" version "/irssi-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "0clppwqhllrmqjg1dd47v9v1qiqx7cf9afm81bm1pscllf4jpk2w"))))
(build-system gnu-build-system)
(arguments
`(#:phases
--
2.20.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [bug#34036] [PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882].
2019-01-10 21:08 ` Kei Kebreau
@ 2019-01-10 21:15 ` Leo Famulari
2019-01-10 21:33 ` bug#34036: " Kei Kebreau
0 siblings, 1 reply; 5+ messages in thread
From: Leo Famulari @ 2019-01-10 21:15 UTC (permalink / raw)
To: Kei Kebreau; +Cc: 34036
[-- Attachment #1: Type: text/plain, Size: 187 bytes --]
On Thu, Jan 10, 2019 at 04:08:19PM -0500, Kei Kebreau wrote:
> Oh, it's not an auto-generated tarball! In that case I've attached the
> much simpler update patch.
Thanks :) Please push!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#34036: [PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882].
2019-01-10 21:15 ` Leo Famulari
@ 2019-01-10 21:33 ` Kei Kebreau
0 siblings, 0 replies; 5+ messages in thread
From: Kei Kebreau @ 2019-01-10 21:33 UTC (permalink / raw)
To: Leo Famulari; +Cc: 34036-done
Leo Famulari <leo@famulari.name> writes:
> On Thu, Jan 10, 2019 at 04:08:19PM -0500, Kei Kebreau wrote:
>> Oh, it's not an auto-generated tarball! In that case I've attached the
>> much simpler update patch.
>
> Thanks :) Please push!
Pushed! Thanks for the review.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-01-10 21:35 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-10 18:03 [bug#34036] [PATCH] gnu: irssi: Update to 1.1.2 [fixes CVE-2019-5882] Kei Kebreau
2019-01-10 20:05 ` Leo Famulari
2019-01-10 21:08 ` Kei Kebreau
2019-01-10 21:15 ` Leo Famulari
2019-01-10 21:33 ` bug#34036: " Kei Kebreau
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.