--- Begin Message ---
Subject: |
[PATCH] gnu: Add quark. |
Date: |
Mon, 25 Jan 2021 14:00:23 -0500 |
From: Morgan Smith <Morgan.J.Smith@outlook.com>
* gnu/packages/web.scm (quark): New variable.
---
So linting this package brings up CVE-2019-15520. This CVE is for a completely
different program that also happens to be called quark.
---
gnu/packages/web.scm | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 16c99af9d3..63a5637c87 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8039,3 +8039,36 @@ handling library written in C89 (\"ANSI C\"). uriparser
is fast and supports
Unicode.")
(home-page "https://uriparser.github.io/")
(license license:bsd-3))))
+
+(define-public quark
+ ;; No releases yet
+ (let ((revision "0")
+ (commit "c6a9055e5a30be570e30da8d216c39662c3a3f99"))
+ (package
+ (name "quark")
+ (version "0.0.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.suckless.org/quark/")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1znvnr30xi5vgd6n3wvgv9pwj992zpzzjk0fmq28ydf1l6kqvkm7"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:tests? #f ; no tests
+ #:make-flags
+ (list (string-append "CC=" ,(cc-for-target))
+ (string-append "PREFIX=" %output))
+ #:phases
+ (modify-phases %standard-phases
+ (delete 'configure)))) ; no configure script
+ (home-page "https://tools.suckless.org/quark/")
+ (synopsis "Small and simple HTTP GET/HEAD-only web server for static
+content")
+ (description "An extremely small and simple HTTP GET/HEAD only web
+server for static content. TLS is not natively supported and should be
+provided by a TLS reverse proxy (e.g. tlstunnel, hitch or stunnel).")
+ (license license:isc))))
--
2.30.0
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#46106: [PATCH] gnu: Add quark. |
Date: |
Tue, 02 Feb 2021 11:03:30 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Hi,
Morgan.J.Smith@outlook.com skribis:
> From: Morgan Smith <Morgan.J.Smith@outlook.com>
>
> * gnu/packages/web.scm (quark): New variable.
Applied with the changes below.
Thanks,
Ludo’.
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 1366637de6..879eb160ea 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -8022,7 +8022,7 @@ Unicode.")
(commit "c6a9055e5a30be570e30da8d216c39662c3a3f99"))
(package
(name "quark")
- (version "0.0.0")
+ (version (git-version "0.0.0" revision commit))
(source (origin
(method git-fetch)
(uri (git-reference
@@ -8044,7 +8044,12 @@ Unicode.")
(home-page "https://tools.suckless.org/quark/")
(synopsis "Small and simple HTTP GET/HEAD-only web server for static
content")
- (description "An extremely small and simple HTTP GET/HEAD only web
-server for static content. TLS is not natively supported and should be
+ (description "Quark is an extremely small and simple HTTP GET/HEAD only
+web server for static content. TLS is not natively supported and should be
provided by a TLS reverse proxy (e.g. tlstunnel, hitch or stunnel).")
- (license license:isc))))
+ (license license:isc)
+
+ ;; XXX: Ignore this CVE to work around a name clash with the unrelated
+ ;; "cpe:2.3:a:comelz:quark" package. The proper fix is for (guix cve)
+ ;; to account for "vendor names".
+ (properties '((lint-hidden-cve . ("CVE-2019-15520")))))))
--- End Message ---