guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m

From: Kei Kebreau
Subject: Re: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of w3m.
Date: Fri, 04 Nov 2016 13:05:02 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Attachment: 0001-gnu-w3m-Switch-to-Debian-s-actively-maintained-fork-.patch
Description: Text document

Updated patch attached!

Leo Famulari <address@hidden> writes:

> On Fri, Nov 04, 2016 at 10:52:55AM -0400, Kei Kebreau wrote:
>
> Thanks!
>
>> From cc7a61d61160817ceb395b648b18c885175441e8 Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <address@hidden>
>> Date: Fri, 4 Nov 2016 10:48:53 -0400
>> Subject: [PATCH] gnu: w3m: Switch to Debian's actively maintained fork of 
>> w3m.
>> 
>> Fixes some security issues seen here:
>> <http://www.openwall.com/lists/oss-security/2016/11/03/3>
>> 
>> * gnu/packages/w3m.scm (w3m): Switch to Debian's actively maintained
>> fork of w3m.
>
> No need to rewrite the commit title here :)
>

Got it. :)

>> [source]: Use Debian's git tree. Remove obsolete patches.
>> [arguments]: Remove unnecessary modification of %standard-phases.
>> * gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch: Delete file.
>> * gnu/packages/patches/w3m-disable-weak-ciphers.patch: Delete file.
>> * gnu/packages/patches/w3m-force-ssl_verify_server-on.patch: Delete file.
>> * gnu/packages/patches/w3m-libgc.patch: Delete file.
>
> Or:
> * gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch,
> gnu/packages/patches/w3m-disable-weak-ciphers.patch,
> gnu/packages/patches/w3m-force-ssl_verify_server-on.patch,
> gnu/packages/patches/w3m-libgc.patch: Delete files.
>

Fixed.

> By the way, I double-checked that all these patches are indeed
> integrated into the release tag used by this package definition.
>

I checked, too! Nice to know that we're doubly safe.

>>  (define-public w3m
>> @@ -36,33 +37,16 @@
>>      (name "w3m")
>>      (version "0.5.3")
>
> This should reflect the tag used in (commit).
>

I adjusted this according to what some other packages have done. Please
tell me if I did it correctly.

>>      (source (origin
>> -             (method url-fetch)
>> -             (uri (string-append "mirror://sourceforge/" name "/" name "/"
>> -                                 name "-" version "/"
>> -                                 name "-" version ".tar.gz"))
>> -             (sha256
>> -              (base32
>> -               "1qx9f0kprf92r1wxl3sacykla0g04qsi0idypzz24b7xy9ix5579"))
>> -
>> -             ;; cf. https://bugs.archlinux.org/task/33397
>> -             (patches (search-patches "w3m-libgc.patch"
>> -                                      "w3m-force-ssl_verify_server-on.patch"
>> -                                      "w3m-disable-sslv2-and-sslv3.patch"
>> -                                      "w3m-disable-weak-ciphers.patch"))))
>> +              (method git-fetch)
>> +              ;; Debian's fork of w3m is the only one that is still 
>> maintained.
>> +              (uri (git-reference
>> +                    (url 
>> "https://anonscm.debian.org/cgit/collab-maint/w3m.git";)
>> +                    (commit "v0.5.3+git20161031")))
>
>> -                             (substitute* '("scripts/w3mmail.cgi.in"
>> -                                            "scripts/dirlist.cgi.in")
>> -                               (("@PERL@") (which "perl"))))
>
> Does this @PERL@ get patched correctly?
>

No, it does not! I added the substitution back in. The other
substitution appears to be handled by Debian upstream.

> Thanks for taking this on!

You're welcome! It frees up other developers' time to handle larger
hacking targets than I can muster.

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]