gnu: fossil: Update to 2.4.

* gnu/packages/version-control.scm (fossil): Update to 2.4. [source]: Remove patch. * gnu/packages/patches/fossil-CVE-2017-17459.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
2018-01-03 14:19:11 -05:00 · 2018-01-03 14:19:11 -05:00 · 7a66b68730
parent 4ed41f472b
commit 7a66b68730
3 changed files with 2 additions and 62 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -640,7 +640,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/foomatic-filters-CVE-2015-8327.patch	\
  %D%/packages/patches/foomatic-filters-CVE-2015-8560.patch	\
  %D%/packages/patches/fontconfig-remove-debug-printf.patch	\
-  %D%/packages/patches/fossil-CVE-2017-17459.patch		\
  %D%/packages/patches/freeimage-CVE-2015-0852.patch		\
  %D%/packages/patches/freeimage-CVE-2016-5684.patch		\
  %D%/packages/patches/freeimage-fix-build-with-gcc-5.patch	\
--- a/gnu/packages/patches/fossil-CVE-2017-17459.patch
+++ b/gnu/packages/patches/fossil-CVE-2017-17459.patch
@ -1,57 +0,0 @@
-Fix CVE-2017-17459:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17459
-
-Patch copied from upstream source repository:
-
-https://www.fossil-scm.org/xfer/info/1f63db591c77108c
-
-Index: src/http_transport.c
-==================================================================
--- src/http_transport.c
-+++ src/http_transport.c
-@@ -73,10 +73,23 @@
-   if( resetFlag ){
-     transport.nSent = 0;
-     transport.nRcvd = 0;
-   }
- }
-+
-+/*
-+** Remove leading "-" characters from the input string.
-+**
-+** This prevents attacks that try to trick a victim into using
-+** a ssh:// URI with a carefully crafted hostname of other
-+** parameter that ends up being interpreted as a command-line
-+** option by "ssh".
-+*/
-+static const char *stripLeadingMinus(const char *z){
-+  while( z[0]=='-' ) z++;
-+  return z;
-+}
- 
- /*
- ** Default SSH command
- */
- #ifdef _WIN32
-@@ -116,17 +129,17 @@
-   }else{
-     zHost = mprintf("%s", pUrlData->name);
-   }
-   n = blob_size(&zCmd);
-   blob_append(&zCmd, " ", 1);
-  shell_escape(&zCmd, zHost);
-+  shell_escape(&zCmd, stripLeadingMinus(zHost));
-   blob_append(&zCmd, " ", 1);
-   shell_escape(&zCmd, mprintf("%s", pUrlData->fossil));
-   blob_append(&zCmd, " test-http", 10);
-   if( pUrlData->path && pUrlData->path[0] ){
-     blob_append(&zCmd, " ", 1);
-    shell_escape(&zCmd, mprintf("%s", pUrlData->path));
-+    shell_escape(&zCmd, mprintf("%s", stripLeadingMinus(pUrlData->path)));
-   }
-   if( g.fSshTrace ){
-     fossil_print("%s\n", blob_str(&zCmd)+n);  /* Show tail of SSH command */
-   }
-   free(zHost);
-
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@ -1491,7 +1491,7 @@ (define-public git-annex-remote-hubic
 (define-public fossil
  (package
    (name "fossil")
-    (version "2.2")
+    (version "2.4")
    (source
     (origin
       (method url-fetch)
@ -1503,11 +1503,9 @@ (define-public fossil
             (string-append
              "https://www.fossil-scm.org/index.html/uv/"
              "fossil-src-" version ".tar.gz")))
-       (patches (search-patches "fossil-CVE-2017-17459.patch"))
-       (patch-flags '("-p0"))
       (sha256
        (base32
-         "0wfgacfg29dkl0c3l1rp5ji0kraa64gcbg5lh8p4m7mqdqcq53wv"))))
+         "0add35lk2ac4qg29d7ygj7pskv8lfln33f3kgf6x3548msv9hd6j"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("tcl" ,tcl)                     ;for configuration only