From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id iGtJIrOWKGeXNgAA62LTzQ:P1 (envelope-from ) for ; Mon, 04 Nov 2024 09:41:07 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id iGtJIrOWKGeXNgAA62LTzQ (envelope-from ) for ; Mon, 04 Nov 2024 10:41:07 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=ETvSYobC; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1730713267; a=rsa-sha256; cv=none; b=avCFPz4mWuQqiq8gPNbM8temfisV1fM3PO4y3MtgyPXkWJDZo104ybpxmj5A1fbUGxqx7s wHPTTuEkwSGzxLEZ0F3Yy9E9WRijpCV30EIr/Qpyr5nwtehmHGrlC2qzFRwH3NUHfb5iQT Wcfznf4Ij24cjcRGBHIFa6f8wljAj+J42YBg8INq6bOBr6QFrHnAIm9dmg1r65pEo+GKiS Ovn4edtlEzLG75ZivGTRRwgUS+ORLHFrwncq3ngy5tcme5QLu9/hPsvCtiAYtd9XmHoV92 5GtTtYvg7b+054jC2fwTOAkFnhWquq4P3GEg/fBvvP95Gfw2Ou7X2W1zJwTaXg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=ETvSYobC; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1730713267; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=Y7ySIGTkekRFrGdrAZo7Oy6KJOeVvWnFpC5+7rCdSOY=; b=e9oy/qQR1QAA7zGzfFYEQ/fMJCTKgW/rGJgFmtRBgJoWcMAhi0EIEJULbgOWjYJsU2Zoue C58yUuGL0hMalIDLFGbd60zGUeQzrgTdfYECavMjhrjs8qFFtUth9J0690m5Q565vvWsOA qZDsQsG9fzdkdxb9WU+fFQctt65O0pAXvkfSOp3KoK3qiftoBwbz1cyLsFXLwk0quPxnLo sbmDqS+Ppijxfd8FtWeOw5C9YCub/UQqw1CiVsYEXFmwm7xZ1v3xBalMSoBFsx6hW9FmX1 6SP/Dz3Ry+Bp56s6+c0wOvQFV51Uj5o77pQgaWcteXZZginNzdFyUhO6s/pz0w== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 50385657E3 for ; Mon, 04 Nov 2024 10:41:06 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t7ta5-0003gU-0Z; Mon, 04 Nov 2024 04:41:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t7ta3-0003fy-2Y for guix-patches@gnu.org; Mon, 04 Nov 2024 04:41:03 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1t7ta2-0000YV-QC for guix-patches@gnu.org; Mon, 04 Nov 2024 04:41:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=Y7ySIGTkekRFrGdrAZo7Oy6KJOeVvWnFpC5+7rCdSOY=; b=ETvSYobCSZJRCaNYcMveFHNXLFJVVmeIMvMe+Gdpy16G8XlprHydWjVqsB+zl1Qm1xdc8juSR57fFeyOV6mOYntEutOiPQIEhHW6VikjqY2k/CtmFc+izNG2z65+x2CAy0hyqEJ8tltIpSryyr4NSpScnHudnTmHewshAHr6Rh+eaLClyXyLEl1ux8evfeyyVkIj1PA0cYPKyQcYG9jTEkhx4sBh1hL/79N6bhSnyx1BX1WFw64bHGGVRxBBRTDUdxez7Dp9dXDdNo7Ab2LqdzHqR+lM8oM6myLybRkcLauQnf3gpGUTwTOmc3ip2AyBY/hN2SXRFp7nQtEjVrhENA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1t7ta2-0004FH-LC for guix-patches@gnu.org; Mon, 04 Nov 2024 04:41:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74035] [PATCH v2 09/26] gnu: darkhttpd: Update to 1.16. [security fixes] Resent-From: Z572 Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 04 Nov 2024 09:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74035 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 74035@debbugs.gnu.org Cc: ngraves@ngraves.fr X-Debbugs-Original-To: Nicolas Graves via Guix-patches via X-Debbugs-Original-Cc: Nicolas Graves , 74035@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.173071325116297 (code B ref -1); Mon, 04 Nov 2024 09:41:02 +0000 Received: (at submit) by debbugs.gnu.org; 4 Nov 2024 09:40:51 +0000 Received: from localhost ([127.0.0.1]:38684 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t7tZq-0004En-NP for submit@debbugs.gnu.org; Mon, 04 Nov 2024 04:40:50 -0500 Received: from lists.gnu.org ([209.51.188.17]:47874) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1t7tZo-0004Ea-CO for submit@debbugs.gnu.org; Mon, 04 Nov 2024 04:40:48 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t7tZn-0003Wd-CX for guix-patches@gnu.org; Mon, 04 Nov 2024 04:40:48 -0500 Received: from smtp81.cstnet.cn ([159.226.251.81] helo=cstnet.cn) by eggs.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1t7tZk-0000VG-Fz for guix-patches@gnu.org; Mon, 04 Nov 2024 04:40:46 -0500 Received: from m (unknown [107.174.64.25]) by APP-03 (Coremail) with SMTP id rQCowACHbQiSlihn_1R8DQ--.19454S2; Mon, 04 Nov 2024 17:40:38 +0800 (CST) From: Z572 In-Reply-To: <20241103160239.6772-9-ngraves@ngraves.fr> (Nicolas Graves via Guix-patches via's message of "Sun, 3 Nov 2024 17:02:04 +0100") References: <20241103160239.6772-1-ngraves@ngraves.fr> <20241103160239.6772-9-ngraves@ngraves.fr> Date: Mon, 04 Nov 2024 17:40:32 +0800 Message-ID: <87ikt3ibfz.fsf@iscas.ac.cn> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-CM-TRANSID: rQCowACHbQiSlihn_1R8DQ--.19454S2 X-Coremail-Antispam: 1UD129KBjvJXoW7WF4DWw1fGry8WF48tF47Jwb_yoW8Zr17p3 WSvw4jkrWrAa4DJw4fWF40qr43Ww1xKF1Y9rW7Awnakw1qyFW09rW2kFWrA3WxAw1Ig3W3 WFs3Kw1UXrWkua7anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUvGb7Iv0xC_Kw4lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Gr0_Xr1l84ACjcxK6xII jxv20xvEc7CjxVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVW8Jr0_Cr1UM28EF7xvwV C2z280aVCY1x0267AKxVW0oVCq3wAa7VASzI0EjI02j7AqF2xKxVCjxxvEa2IrM2AIxVAI cxkEcVAq07x20xvEncxIr21le4C267I2x7xF54xIwI1l5I8CrVACY4xI64kE6c02F40Ex7 xfMcIj6xIIjxv20xvE14v26r1Y6r17McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Y z7v_Jr0_Gr1lF7xvr2IY64vIr41l42xK82IYc2Ij64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr 0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK67AKxVWUGVWUWwC2zVAF1VAY 17CE14v26r1Y6r17MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcV C0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42xK8VAvwI8IcIk0rVWUJVWUCwCI42IY 6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCTnIWIevJa 73UjIFyTuYvjxUh_OzDUUUU X-Originating-IP: [107.174.64.25] X-CM-SenderInfo: x2kh0wxmxqyx3h6l2u1dvotugofq/ Received-SPF: pass client-ip=159.226.251.81; envelope-from=zhengjunjie@iscas.ac.cn; helo=cstnet.cn X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -3.43 X-Spam-Score: -3.43 X-Migadu-Queue-Id: 50385657E3 X-Migadu-Scanner: mx12.migadu.com X-TUID: PLtfwp/pluve --=-=-= Content-Type: text/plain Nicolas Graves via Guix-patches via writes: > This fixes CVE-2024-23770 and CVE-2024-23771. > > * gnu/packages/web.scm (darkhttpd): Update to 1.16. > [arguments]: Improve style. > --- > gnu/packages/web.scm | 24 +++++++++++------------- > 1 file changed, 11 insertions(+), 13 deletions(-) > > diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm > index 34739bf088..eb27d3448c 100644 > --- a/gnu/packages/web.scm > +++ b/gnu/packages/web.scm > @@ -6417,7 +6417,7 @@ (define-public surfraw > (define-public darkhttpd > (package > (name "darkhttpd") > - (version "1.13") > + (version "1.16") > (source > (origin > (method git-fetch) > @@ -6426,20 +6426,18 @@ (define-public darkhttpd > (commit (string-append "v" version)))) > (file-name (git-file-name name version)) > (sha256 > - (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk")))) > + (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm")))) > (build-system gnu-build-system) > (arguments > - `(#:make-flags > - (list (string-append "CC=" ,(cc-for-target))) > - #:tests? #f ; No test suite > - #:phases > - (modify-phases %standard-phases > - (delete 'configure) ; no configure script > - (replace 'install > - (lambda* (#:key outputs #:allow-other-keys) > - (install-file "darkhttpd" > - (string-append (assoc-ref outputs "out") > - "/bin"))))))) > + (list > + #:make-flags #~(list (string-append "CC=" #$(cc-for-target))) > + #:tests? #f ; No test suite > + #:phases > + #~(modify-phases %standard-phases > + (delete 'configure) ; no configure script > + (replace 'install > + (lambda _ > + (install-file "darkhttpd" (string-append #$output "/bin"))))))) > (synopsis "Simple static web server") > (description "darkhttpd is a simple static web server. It is > standalone and does not need inetd or ucspi-tcp. It does not need any apply, and enable tests. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmcolpAACgkQO1qpk+Gi 3/C6oxAApQDhw3Id12xLy8eUmkWkzzdrdPF2c5wDygP5g5P6y+6J/JQvZKcdkjVB H7OuXXR/YBfNtCKWu3mkhI8lXE8Yw924Tz+kVnkmMZ5rmdSs+bMezWQIt9gxW8NZ HepDpj9GSnk+g9lTAOHfZOuMk9G7B4f3tMB3Pu6niiduV1UMrH8c/HgurO2XJq8H Gt71o+7WLmepGmPb/mFv8CqR+cc6NAFTRtOwx8PI9JFuw0CTYuvBfxR47W5Z5KPm DNLpf8ZrDmpKVG6keBoKZoU/ZYGoaZgcIDDYU6GBbOABWJ6QzMIMDiHUrQbJLW9f jy9D9n6uxrHVNpt1Hs85b1MwdM2gLMy59KBWL1u10WnX0v8uO3pRR/wk3LSrzgsB X8WnPFPWc9OOOmPc0SzGj/vbgBHhBL/DT5yw14LTyruah54bTm2HgLK9WE02zIJq eqV+mwDOfl2hAlDurD7HcKHGDnEsVvzepVD6RQHLv+bsQAFoKKV93jUhiQhyPhU4 wkQIGneX4xE26jR5NRsIoOx/z8Qy9m6A1b0MiUwnUbkoV+IInOMyU9wtjeZOrhw2 hnZfNOASB86YUP+NPBKtqG0jqr85qXztlv8Hwffr41IH1Nq3rWxA8dgoBvJfUew+ 4O/XV6Wu3mnnypv9SZcr2ejnDELVga/pvqmtzNZBNLRxLfIdtPM= =tSxE -----END PGP SIGNATURE----- --=-=-=--