[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#32043] [PATCH] gnu: libgit2: Update to 0.26.4 [fixes CVE-2018-11235
From: |
Leo Famulari |
Subject: |
[bug#32043] [PATCH] gnu: libgit2: Update to 0.26.4 [fixes CVE-2018-11235]. |
Date: |
Mon, 2 Jul 2018 18:16:36 -0400 |
* gnu/packages/version-control.scm (libgit2): Update to 0.26.4.
(source): Adjust patch name.
* gnu/packages/patches/libgit2-0.25.1-mtime-0.patch: Rename to ...
* gnu/packages/patches/julia-libgit2-fix.patch: ... this.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
---
gnu/local.mk | 2 +-
gnu/packages/patches/julia-libgit2-fix.patch | 22 +++++++++++++++++++
.../patches/libgit2-0.25.1-mtime-0.patch | 14 ------------
gnu/packages/version-control.scm | 6 ++---
4 files changed, 26 insertions(+), 18 deletions(-)
create mode 100644 gnu/packages/patches/julia-libgit2-fix.patch
delete mode 100644 gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 10b61ba1b..2a1d2d42d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -860,7 +860,7 @@ dist_patch_DATA =
\
%D%/packages/patches/libevent-2.1-skip-failing-test.patch \
%D%/packages/patches/libexif-CVE-2016-6328.patch \
%D%/packages/patches/libexif-CVE-2017-7544.patch \
- %D%/packages/patches/libgit2-0.25.1-mtime-0.patch \
+ %D%/packages/patches/libgit2-mtime-0.patch \
%D%/packages/patches/libgdata-fix-tests.patch \
%D%/packages/patches/libgdata-glib-duplicate-tests.patch \
%D%/packages/patches/libgnome-encoding.patch \
diff --git a/gnu/packages/patches/julia-libgit2-fix.patch
b/gnu/packages/patches/julia-libgit2-fix.patch
new file mode 100644
index 000000000..599e01f4b
--- /dev/null
+++ b/gnu/packages/patches/julia-libgit2-fix.patch
@@ -0,0 +1,22 @@
+commit 782460f9bab4af35097c13c4dbab61cb263490b9
+Author: Milan Bouchet-Valat <address@hidden>
+Date: Tue Jul 11 10:02:32 2017 +0200
+
+ Fix libgit2 test failure with system libgit2 and OpenSSL (#22722)
+
+ The first letter of the error message is in lowercase in some systems,
+ notably Fedora Rawhide with libgit2 0.26 and OpenSSL 1.1.0f.
+
+diff --git a/test/libgit2.jl b/test/libgit2.jl
+index d7e32d21a9..f5104e9ec7 100644
+--- a/test/libgit2.jl
++++ b/test/libgit2.jl
+@@ -1905,7 +1905,8 @@ mktempdir() do dir
+ deserialize(f)
+ end
+ @test err.code == LibGit2.Error.ECERTIFICATE
+- @test startswith(err.msg, "The SSL certificate is
invalid")
++ @test startswith(lowercase(err.msg),
++ lowercase("The SSL certificate is
invalid"))
+
+ rm(errfile)
diff --git a/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
b/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
deleted file mode 100644
index a6fdb50ff..000000000
--- a/gnu/packages/patches/libgit2-0.25.1-mtime-0.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-The Clar test framework has a bug whereby it skips the parsing phase
-on files with mtime=0.
-
-Reported upstream at <https://github.com/vmg/clar/pull/78>.
-
-diff --git a/tests/generate.py b/tests/generate.py
-index b639c8f..111ca41 100644
---- a/tests/generate.py
-+++ b/tests/generate.py
-@@ -63,3 +63,3 @@ class Module(object):
-
-- self.mtime = 0
-+ self.mtime = None # Guix sets all file mtimes to '0'
- self.enabled = True
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 86d6afef3..2bd59ae95 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -419,7 +419,7 @@ everything from small to very large projects with speed and
efficiency.")
(define-public libgit2
(package
(name "libgit2")
- (version "0.26.0")
+ (version "0.26.4")
(source (origin
(method url-fetch)
(uri (string-append "https://github.com/libgit2/libgit2/"
@@ -427,8 +427,8 @@ everything from small to very large projects with speed and
efficiency.")
(file-name (string-append name "-" version ".tar.gz"))
(sha256
(base32
- "1b3figbhp5l83vd37vq6j2narrq4yl9pfw6mw0px0dzb1hz3jqka"))
- (patches (search-patches "libgit2-0.25.1-mtime-0.patch"))
+ "15ybzypyggx64ba7i0zxnnbvzh7z34fcrkwk2xj54kmv1dha4br9"))
+ (patches (search-patches "libgit2-mtime-0.patch"))
;; Remove bundled software.
(snippet '(begin
--
2.18.0
- [bug#32043] [PATCH] gnu: libgit2: Update to 0.26.4 [fixes CVE-2018-11235].,
Leo Famulari <=