guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m


From: Leo Famulari
Subject: Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.
Date: Fri, 4 Nov 2016 11:48:56 -0400
User-agent: Mutt/1.7.1 (2016-10-04)

On Fri, Nov 04, 2016 at 10:52:55AM -0400, Kei Kebreau wrote:
> > Leo Famulari <address@hidden> skribis:
> >> I think we build from their Git repo:
> >>
> >> https://anonscm.debian.org/cgit/collab-maint/w3m.git
> >>
> >> They even offer non-Debian-ized release tags, such as
> >> <v0.5.3+git20161031>.

> Here it is!

Thanks!

> From cc7a61d61160817ceb395b648b18c885175441e8 Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <address@hidden>
> Date: Fri, 4 Nov 2016 10:48:53 -0400
> Subject: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.
> 
> Fixes some security issues seen here:
> <http://www.openwall.com/lists/oss-security/2016/11/03/3>
> 
> * gnu/packages/w3m.scm (w3m): Switch to Debian's actively maintained
> fork of w3m.

No need to rewrite the commit title here :)

> [source]: Use Debian's git tree. Remove obsolete patches.
> [arguments]: Remove unnecessary modification of %standard-phases.
> * gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch: Delete file.
> * gnu/packages/patches/w3m-disable-weak-ciphers.patch: Delete file.
> * gnu/packages/patches/w3m-force-ssl_verify_server-on.patch: Delete file.
> * gnu/packages/patches/w3m-libgc.patch: Delete file.

Or:
* gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch,
gnu/packages/patches/w3m-disable-weak-ciphers.patch,
gnu/packages/patches/w3m-force-ssl_verify_server-on.patch,
gnu/packages/patches/w3m-libgc.patch: Delete files.

By the way, I double-checked that all these patches are indeed
integrated into the release tag used by this package definition.

>  (define-public w3m
> @@ -36,33 +37,16 @@
>      (name "w3m")
>      (version "0.5.3")

This should reflect the tag used in (commit).

>      (source (origin
> -             (method url-fetch)
> -             (uri (string-append "mirror://sourceforge/" name "/" name "/"
> -                                 name "-" version "/"
> -                                 name "-" version ".tar.gz"))
> -             (sha256
> -              (base32
> -               "1qx9f0kprf92r1wxl3sacykla0g04qsi0idypzz24b7xy9ix5579"))
> -
> -             ;; cf. https://bugs.archlinux.org/task/33397
> -             (patches (search-patches "w3m-libgc.patch"
> -                                      "w3m-force-ssl_verify_server-on.patch"
> -                                      "w3m-disable-sslv2-and-sslv3.patch"
> -                                      "w3m-disable-weak-ciphers.patch"))))
> +              (method git-fetch)
> +              ;; Debian's fork of w3m is the only one that is still 
> maintained.
> +              (uri (git-reference
> +                    (url 
> "https://anonscm.debian.org/cgit/collab-maint/w3m.git";)
> +                    (commit "v0.5.3+git20161031")))

> -                             (substitute* '("scripts/w3mmail.cgi.in"
> -                                            "scripts/dirlist.cgi.in")
> -                               (("@PERL@") (which "perl"))))

Does this @PERL@ get patched correctly?

Thanks for taking this on!

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]