[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: gnu: fossil: Update to 2.4.
|
From: |
Leo Famulari |
|
Subject: |
02/02: gnu: fossil: Update to 2.4. |
|
Date: |
Wed, 3 Jan 2018 14:32:54 -0500 (EST) |
lfam pushed a commit to branch core-updates
in repository guix.
commit 7a66b6873002e44aeb9bbf647fe75b21925cf3aa
Author: Leo Famulari <address@hidden>
Date: Wed Jan 3 14:19:11 2018 -0500
gnu: fossil: Update to 2.4.
* gnu/packages/version-control.scm (fossil): Update to 2.4.
[source]: Remove patch.
* gnu/packages/patches/fossil-CVE-2017-17459.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/patches/fossil-CVE-2017-17459.patch | 57 ------------------------
gnu/packages/version-control.scm | 6 +--
3 files changed, 2 insertions(+), 62 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 37a3129..a9972a3 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -640,7 +640,6 @@ dist_patch_DATA =
\
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
%D%/packages/patches/fontconfig-remove-debug-printf.patch \
- %D%/packages/patches/fossil-CVE-2017-17459.patch \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
diff --git a/gnu/packages/patches/fossil-CVE-2017-17459.patch
b/gnu/packages/patches/fossil-CVE-2017-17459.patch
deleted file mode 100644
index e566235..0000000
--- a/gnu/packages/patches/fossil-CVE-2017-17459.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Fix CVE-2017-17459:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459
-
-Patch copied from upstream source repository:
-
-https://www.fossil-scm.org/xfer/info/1f63db591c77108c
-
-Index: src/http_transport.c
-==================================================================
---- src/http_transport.c
-+++ src/http_transport.c
-@@ -73,10 +73,23 @@
- if( resetFlag ){
- transport.nSent = 0;
- transport.nRcvd = 0;
- }
- }
-+
-+/*
-+** Remove leading "-" characters from the input string.
-+**
-+** This prevents attacks that try to trick a victim into using
-+** a ssh:// URI with a carefully crafted hostname of other
-+** parameter that ends up being interpreted as a command-line
-+** option by "ssh".
-+*/
-+static const char *stripLeadingMinus(const char *z){
-+ while( z[0]=='-' ) z++;
-+ return z;
-+}
-
- /*
- ** Default SSH command
- */
- #ifdef _WIN32
-@@ -116,17 +129,17 @@
- }else{
- zHost = mprintf("%s", pUrlData->name);
- }
- n = blob_size(&zCmd);
- blob_append(&zCmd, " ", 1);
-- shell_escape(&zCmd, zHost);
-+ shell_escape(&zCmd, stripLeadingMinus(zHost));
- blob_append(&zCmd, " ", 1);
- shell_escape(&zCmd, mprintf("%s", pUrlData->fossil));
- blob_append(&zCmd, " test-http", 10);
- if( pUrlData->path && pUrlData->path[0] ){
- blob_append(&zCmd, " ", 1);
-- shell_escape(&zCmd, mprintf("%s", pUrlData->path));
-+ shell_escape(&zCmd, mprintf("%s", stripLeadingMinus(pUrlData->path)));
- }
- if( g.fSshTrace ){
- fossil_print("%s\n", blob_str(&zCmd)+n); /* Show tail of SSH command */
- }
- free(zHost);
-
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index d400afd..e06aae1 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -1491,7 +1491,7 @@ repository\" with git-annex.")
(define-public fossil
(package
(name "fossil")
- (version "2.2")
+ (version "2.4")
(source
(origin
(method url-fetch)
@@ -1503,11 +1503,9 @@ repository\" with git-annex.")
(string-append
"https://www.fossil-scm.org/index.html/uv/";
"fossil-src-" version ".tar.gz")))
- (patches (search-patches "fossil-CVE-2017-17459.patch"))
- (patch-flags '("-p0"))
(sha256
(base32
- "0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv"))))
+ "0add35lk2ac4qg29d7ygj7pskv8lfln33f3kgf6x3548msv9hd6j"))))
(build-system gnu-build-system)
(native-inputs
`(("tcl" ,tcl) ;for configuration only