[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m
From: |
Leo Famulari |
Subject: |
Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m. |
Date: |
Fri, 4 Nov 2016 11:48:56 -0400 |
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Fri, Nov 04, 2016 at 10:52:55AM -0400, Kei Kebreau wrote:
> > Leo Famulari <address@hidden> skribis:
> >> I think we build from their Git repo:
> >>
> >> https://anonscm.debian.org/cgit/collab-maint/w3m.git
> >>
> >> They even offer non-Debian-ized release tags, such as
> >> <v0.5.3+git20161031>.
> Here it is!
Thanks!
> From cc7a61d61160817ceb395b648b18c885175441e8 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <address@hidden>
> Date: Fri, 4 Nov 2016 10:48:53 -0400
> Subject: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.
>
> Fixes some security issues seen here:
> <http://www.openwall.com/lists/oss-security/2016/11/03/3>
>
> * gnu/packages/w3m.scm (w3m): Switch to Debian's actively maintained
> fork of w3m.
No need to rewrite the commit title here :)
> [source]: Use Debian's git tree. Remove obsolete patches.
> [arguments]: Remove unnecessary modification of %standard-phases.
> * gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch: Delete file.
> * gnu/packages/patches/w3m-disable-weak-ciphers.patch: Delete file.
> * gnu/packages/patches/w3m-force-ssl_verify_server-on.patch: Delete file.
> * gnu/packages/patches/w3m-libgc.patch: Delete file.
Or:
* gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch,
gnu/packages/patches/w3m-disable-weak-ciphers.patch,
gnu/packages/patches/w3m-force-ssl_verify_server-on.patch,
gnu/packages/patches/w3m-libgc.patch: Delete files.
By the way, I double-checked that all these patches are indeed
integrated into the release tag used by this package definition.
> (define-public w3m
> @@ -36,33 +37,16 @@
> (name "w3m")
> (version "0.5.3")
This should reflect the tag used in (commit).
> (source (origin
> - (method url-fetch)
> - (uri (string-append "mirror://sourceforge/" name "/" name "/"
> - name "-" version "/"
> - name "-" version ".tar.gz"))
> - (sha256
> - (base32
> - "1qx9f0kprf92r1wxl3sacykla0g04qsi0idypzz24b7xy9ix5579"))
> -
> - ;; cf. https://bugs.archlinux.org/task/33397
> - (patches (search-patches "w3m-libgc.patch"
> - "w3m-force-ssl_verify_server-on.patch"
> - "w3m-disable-sslv2-and-sslv3.patch"
> - "w3m-disable-weak-ciphers.patch"))))
> + (method git-fetch)
> + ;; Debian's fork of w3m is the only one that is still
> maintained.
> + (uri (git-reference
> + (url
> "https://anonscm.debian.org/cgit/collab-maint/w3m.git")
> + (commit "v0.5.3+git20161031")))
> - (substitute* '("scripts/w3mmail.cgi.in"
> - "scripts/dirlist.cgi.in")
> - (("@PERL@") (which "perl"))))
Does this @PERL@ get patched correctly?
Thanks for taking this on!
signature.asc
Description: PGP signature
- [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Kei Kebreau, 2016/11/03
- [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Kei Kebreau, 2016/11/03
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Eric Bavier, 2016/11/03
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Leo Famulari, 2016/11/04
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Ludovic Courtès, 2016/11/04
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Kei Kebreau, 2016/11/04
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Kei Kebreau, 2016/11/04
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.,
Leo Famulari <=
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Kei Kebreau, 2016/11/04
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Leo Famulari, 2016/11/04
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Kei Kebreau, 2016/11/04
- Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m., Leo Famulari, 2016/11/04