From b6a726222a8ef3bfe46402a46b15d79c6b19b6d6 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 6 Dec 2021 14:04:30 +0200 Subject: gnu: go-github-com-golang-snappy: Adjust test-suite on 32-bit systems. * gnu/packages/syncthing.scm (go-github-com-golang-snappy)[source]: Add patch to skip a test on 32-bit systems. * gnu/packages/patches/go-github-com-golang-snappy-32bit-test.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/local.mk | 1 + 1 file changed, 1 insertion(+) (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index e61e825ba3..b91d6eaa62 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1196,6 +1196,7 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ %D%/packages/patches/go-fix-script-tests.patch \ + %D%/packages/patches/go-github-com-golang-snappy-32bit-test.patch \ %D%/packages/patches/go-github-com-urfave-cli-fix-tests.patch \ %D%/packages/patches/go-github-com-urfave-cli-v2-fix-tests.patch \ %D%/packages/patches/go-skip-gc-test.patch \ -- cgit v1.2.3 From 906dd9ff6322fd7aaf3ceace95ec8c443d35c1e5 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 7 Dec 2021 17:15:56 -0500 Subject: gnu: icecat: Update to 91.4.0-guix0-preview1 [security fixes]. Includes fixes for CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546, and MOZ-2021-0009. * gnu/packages/gnuzilla.scm (%icecat-version, %icecat-build-id): Update. (icecat-source): Remove icecat-CVE-2021-43527.patch, which is now included in upstream icecat. Update the gnuzilla commit, base version, and hashes. * gnu/packages/patches/icecat-CVE-2021-43527.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. --- gnu/local.mk | 1 - gnu/packages/gnuzilla.scm | 13 +- gnu/packages/patches/icecat-CVE-2021-43527.patch | 354 ----------------------- 3 files changed, 6 insertions(+), 362 deletions(-) delete mode 100644 gnu/packages/patches/icecat-CVE-2021-43527.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index b91d6eaa62..d8b9a78949 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1263,7 +1263,6 @@ dist_patch_DATA = \ %D%/packages/patches/hydra-disable-darcs-test.patch \ %D%/packages/patches/icecat-makeicecat.patch \ %D%/packages/patches/icecat-avoid-bundled-libraries.patch \ - %D%/packages/patches/icecat-CVE-2021-43527.patch \ %D%/packages/patches/icecat-use-older-reveal-hidden-html.patch \ %D%/packages/patches/icecat-use-system-graphite2+harfbuzz.patch \ %D%/packages/patches/icecat-use-system-media-libs.patch \ diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm index 36b8a35efe..bc4ef2ce45 100644 --- a/gnu/packages/gnuzilla.scm +++ b/gnu/packages/gnuzilla.scm @@ -697,8 +697,8 @@ in C/C++.") ;; XXXX: Workaround 'snippet' limitations. (define computed-origin-method (@@ (guix packages) computed-origin-method)) -(define %icecat-version "91.3.0-guix0-preview1") -(define %icecat-build-id "20211102000000") ;must be of the form YYYYMMDDhhmmss +(define %icecat-version "91.4.0-guix0-preview1") +(define %icecat-build-id "20211207000000") ;must be of the form YYYYMMDDhhmmss ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat' @@ -720,11 +720,11 @@ in C/C++.") "firefox-" upstream-firefox-version ".source.tar.xz")) (sha256 (base32 - "0v79c435vfbhsx7pqyq4jm5rv8iysig69wwqhvys1n0jy54m72qj")))) + "09xkzk27krzyj1qx8cjjn2zpnws1cncka75828kk7ychnjfq48p7")))) - (upstream-icecat-base-version "91.3.0") ; maybe older than base-version + (upstream-icecat-base-version "91.4.0") ; maybe older than base-version ;;(gnuzilla-commit (string-append "v" upstream-icecat-base-version)) - (gnuzilla-commit "32631cac00953abbac61dc7ab1a0eafbdd59b53a") + (gnuzilla-commit "dd79d69e5dc6e6e751195001f322b30746be6903") (gnuzilla-source (origin (method git-fetch) @@ -736,7 +736,7 @@ in C/C++.") (string-take gnuzilla-commit 8))) (sha256 (base32 - "13ckga49h5azf0c6q3c6b6wcmahzyywryxgwmwr1dahsjgy0wwrw")))) + "1vv97wmgdmkwddh8n30dak5l8akzbw49ca0w6krhq9dnj7n74cxh")))) ;; 'search-patch' returns either a valid file name or #f, so wrap it ;; in 'assume-valid-file-name' to avoid 'local-file' warnings. @@ -750,7 +750,6 @@ in C/C++.") (origin (method computed-origin-method) (file-name (string-append "icecat-" %icecat-version ".tar.xz")) - (patches (search-patches "icecat-CVE-2021-43527.patch")) (sha256 #f) (uri (delay diff --git a/gnu/packages/patches/icecat-CVE-2021-43527.patch b/gnu/packages/patches/icecat-CVE-2021-43527.patch deleted file mode 100644 index 66706ea5e0..0000000000 --- a/gnu/packages/patches/icecat-CVE-2021-43527.patch +++ /dev/null @@ -1,354 +0,0 @@ -Fixes CVE-2021-43527. -Copied from , -but with the file names adjusted to allow easy use within GNU Guix. - -# HG changeset patch -# User Dennis Jackson -# Date 1637577642 0 -# Node ID dea71cbef9e03636f37c6cb120f8deccce6e17dd -# Parent da3d22d708c9cc0a32cff339658aeb627575e371 -Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea - -Differential Revision: https://phabricator.services.mozilla.com/D129514 - ---- a/security/nss/lib/cryptohi/secvfy.c -+++ b/security/nss/lib/cryptohi/secvfy.c -@@ -159,58 +159,89 @@ verifyPKCS1DigestInfo(const VFYContext * - SECItem pkcs1DigestInfo; - pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo; - pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen; - return _SGN_VerifyPKCS1DigestInfo( - cx->hashAlg, digest, &pkcs1DigestInfo, - PR_FALSE /*XXX: unsafeAllowMissingParameters*/); - } - -+static unsigned int -+checkedSignatureLen(const SECKEYPublicKey *pubk) -+{ -+ unsigned int sigLen = SECKEY_SignatureLen(pubk); -+ if (sigLen == 0) { -+ /* Error set by SECKEY_SignatureLen */ -+ return sigLen; -+ } -+ unsigned int maxSigLen; -+ switch (pubk->keyType) { -+ case rsaKey: -+ case rsaPssKey: -+ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8; -+ break; -+ case dsaKey: -+ maxSigLen = DSA_MAX_SIGNATURE_LEN; -+ break; -+ case ecKey: -+ maxSigLen = 2 * MAX_ECKEY_LEN; -+ break; -+ default: -+ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -+ return 0; -+ } -+ if (sigLen > maxSigLen) { -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return 0; -+ } -+ return sigLen; -+} -+ - /* - * decode the ECDSA or DSA signature from it's DER wrapping. - * The unwrapped/raw signature is placed in the buffer pointed - * to by dsig and has enough room for len bytes. - */ - static SECStatus - decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig, - unsigned int len) - { - SECItem *dsasig = NULL; /* also used for ECDSA */ -- SECStatus rv = SECSuccess; - -- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) && -- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { -- if (sig->len != len) { -- PORT_SetError(SEC_ERROR_BAD_DER); -- return SECFailure; -+ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */ -+ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) { -+ if (len > DSA_MAX_SIGNATURE_LEN) { -+ goto loser; - } -- -- PORT_Memcpy(dsig, sig->data, sig->len); -- return SECSuccess; -+ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { -+ if (len > MAX_ECKEY_LEN * 2) { -+ goto loser; -+ } -+ } else { -+ goto loser; - } - -- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) { -- if (len > MAX_ECKEY_LEN * 2) { -- PORT_SetError(SEC_ERROR_BAD_DER); -- return SECFailure; -- } -+ /* Decode and pad to length */ -+ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); -+ if (dsasig == NULL) { -+ goto loser; - } -- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len); -- -- if ((dsasig == NULL) || (dsasig->len != len)) { -- rv = SECFailure; -- } else { -- PORT_Memcpy(dsig, dsasig->data, dsasig->len); -+ if (dsasig->len != len) { -+ SECITEM_FreeItem(dsasig, PR_TRUE); -+ goto loser; - } - -- if (dsasig != NULL) -- SECITEM_FreeItem(dsasig, PR_TRUE); -- if (rv == SECFailure) -- PORT_SetError(SEC_ERROR_BAD_DER); -- return rv; -+ PORT_Memcpy(dsig, dsasig->data, len); -+ SECITEM_FreeItem(dsasig, PR_TRUE); -+ -+ return SECSuccess; -+ -+loser: -+ PORT_SetError(SEC_ERROR_BAD_DER); -+ return SECFailure; - } - - const SEC_ASN1Template hashParameterTemplate[] = - { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) }, - { SEC_ASN1_OBJECT_ID, 0 }, - { SEC_ASN1_SKIP_REST }, - { 0 } -@@ -276,17 +307,17 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg - * - * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the - * algorithm was not found or was not a signing algorithm. - */ - SECStatus - sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg, - const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg) - { -- int len; -+ unsigned int len; - PLArenaPool *arena; - SECStatus rv; - SECItem oid; - SECOidTag encalg; - - PR_ASSERT(hashalg != NULL); - PR_ASSERT(encalgp != NULL); - -@@ -461,58 +492,62 @@ vfy_CreateContext(const SECKEYPublicKey - cx->wincx = wincx; - cx->hasSignature = (sig != NULL); - cx->encAlg = encAlg; - cx->hashAlg = hashAlg; - cx->key = SECKEY_CopyPublicKey(key); - cx->pkcs1RSADigestInfo = NULL; - rv = SECSuccess; - if (sig) { -- switch (type) { -- case rsaKey: -- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, -- &cx->pkcs1RSADigestInfo, -- &cx->pkcs1RSADigestInfoLen, -- cx->key, -- sig, wincx); -- break; -- case rsaPssKey: -- sigLen = SECKEY_SignatureLen(key); -- if (sigLen == 0) { -- /* error set by SECKEY_SignatureLen */ -- rv = SECFailure; -+ rv = SECFailure; -+ if (type == rsaKey) { -+ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg, -+ &cx->pkcs1RSADigestInfo, -+ &cx->pkcs1RSADigestInfoLen, -+ cx->key, -+ sig, wincx); -+ } else { -+ sigLen = checkedSignatureLen(key); -+ /* Check signature length is within limits */ -+ if (sigLen == 0) { -+ /* error set by checkedSignatureLen */ -+ rv = SECFailure; -+ goto loser; -+ } -+ if (sigLen > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ rv = SECFailure; -+ goto loser; -+ } -+ switch (type) { -+ case rsaPssKey: -+ if (sig->len != sigLen) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ rv = SECFailure; -+ goto loser; -+ } -+ PORT_Memcpy(cx->u.buffer, sig->data, sigLen); -+ rv = SECSuccess; - break; -- } -- if (sig->len != sigLen) { -- PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ case ecKey: -+ case dsaKey: -+ /* decodeECorDSASignature will check sigLen == sig->len after padding */ -+ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); -+ break; -+ default: -+ /* Unreachable */ - rv = SECFailure; -- break; -- } -- PORT_Memcpy(cx->u.buffer, sig->data, sigLen); -- break; -- case dsaKey: -- case ecKey: -- sigLen = SECKEY_SignatureLen(key); -- if (sigLen == 0) { -- /* error set by SECKEY_SignatureLen */ -- rv = SECFailure; -- break; -- } -- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen); -- break; -- default: -- rv = SECFailure; -- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); -- break; -+ goto loser; -+ } -+ } -+ if (rv != SECSuccess) { -+ goto loser; - } - } - -- if (rv) -- goto loser; -- - /* check hash alg again, RSA may have changed it.*/ - if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) { - /* error set by HASH_GetHashTypeByOidTag */ - goto loser; - } - /* check the policy on the hash algorithm. Do this after - * the rsa decode because some uses of this function get hash implicitly - * from the RSA signature itself. */ -@@ -645,21 +680,26 @@ VFY_EndWithSignature(VFYContext *cx, SEC - if (cx->hashcx == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final)); - switch (cx->key->keyType) { - case ecKey: - case dsaKey: -- dsasig.data = cx->u.buffer; -- dsasig.len = SECKEY_SignatureLen(cx->key); -+ dsasig.len = checkedSignatureLen(cx->key); - if (dsasig.len == 0) { - return SECFailure; - } -+ if (dsasig.len > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -+ return SECFailure; -+ } -+ dsasig.data = cx->u.buffer; -+ - if (sig) { - rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data, - dsasig.len); - if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - } -@@ -681,18 +721,23 @@ VFY_EndWithSignature(VFYContext *cx, SEC - cx->params, - &mech); - PORT_DestroyCheapArena(&tmpArena); - if (rv != SECSuccess) { - return SECFailure; - } - - rsasig.data = cx->u.buffer; -- rsasig.len = SECKEY_SignatureLen(cx->key); -+ rsasig.len = checkedSignatureLen(cx->key); - if (rsasig.len == 0) { -+ /* Error set by checkedSignatureLen */ -+ return SECFailure; -+ } -+ if (rsasig.len > sizeof(cx->u)) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - if (sig) { - if (sig->len != rsasig.len) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - return SECFailure; - } - PORT_Memcpy(rsasig.data, sig->data, rsasig.len); -@@ -744,37 +789,42 @@ VFY_End(VFYContext *cx) - static SECStatus - vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key, - const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg, - void *wincx) - { - SECStatus rv; - VFYContext *cx; - SECItem dsasig; /* also used for ECDSA */ -- - rv = SECFailure; - - cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx); - if (cx != NULL) { - switch (key->keyType) { - case rsaKey: - rv = verifyPKCS1DigestInfo(cx, digest); -+ /* Error (if any) set by verifyPKCS1DigestInfo */ - break; -- case dsaKey: - case ecKey: -+ case dsaKey: - dsasig.data = cx->u.buffer; -- dsasig.len = SECKEY_SignatureLen(cx->key); -+ dsasig.len = checkedSignatureLen(cx->key); - if (dsasig.len == 0) { -+ /* Error set by checkedSignatureLen */ -+ rv = SECFailure; - break; - } -- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) != -- SECSuccess) { -+ if (dsasig.len > sizeof(cx->u)) { - PORT_SetError(SEC_ERROR_BAD_SIGNATURE); -- } else { -- rv = SECSuccess; -+ rv = SECFailure; -+ break; -+ } -+ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx); -+ if (rv != SECSuccess) { -+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE); - } - break; - default: - break; - } - VFY_DestroyContext(cx, PR_TRUE); - } - return rv; - -- cgit v1.2.3 From 4ca0e9d5f77ec309a5a8a7eba3d97fd3bb4852d5 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 9 Dec 2021 01:18:03 +0100 Subject: gnu: bind: Update to 9.16.23 [fixes CVE-2021-25218, CVE-2021-25219]. * gnu/packages/dns.scm (isc-bind): Update to 9.16.23. [source]: Add patch. * gnu/packages/patches/bind-re-add-attr-constructor-priority.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/dns.scm | 20 ++++---- .../bind-re-add-attr-constructor-priority.patch | 57 ++++++++++++++++++++++ 3 files changed, 69 insertions(+), 9 deletions(-) create mode 100644 gnu/packages/patches/bind-re-add-attr-constructor-priority.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index d8b9a78949..2afd025b52 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -879,6 +879,7 @@ dist_patch_DATA = \ %D%/packages/patches/bazaar-CVE-2017-14176.patch \ %D%/packages/patches/bc-fix-cross-compilation.patch \ %D%/packages/patches/bear-disable-preinstall-tests.patch \ + %D%/packages/patches/bind-re-add-attr-constructor-priority.patch \ %D%/packages/patches/brightnessctl-elogind-support.patch \ %D%/packages/patches/bsd-games-2.17-64bit.patch \ %D%/packages/patches/bsd-games-add-configure-config.patch \ diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm index 0c2e037b4f..c4c4bd2b3a 100644 --- a/gnu/packages/dns.scm +++ b/gnu/packages/dns.scm @@ -373,15 +373,17 @@ and BOOTP/TFTP for network booting of diskless machines.") ;; When updating, check whether isc-dhcp's bundled copy should be as well. ;; The BIND release notes are available here: ;; https://www.isc.org/bind/ - (version "9.16.16") - (source (origin - (method url-fetch) - (uri (string-append - "https://ftp.isc.org/isc/bind9/" version - "/bind-" version ".tar.xz")) - (sha256 - (base32 - "0yqxfq7qc26x7qhk0nkp8h7x9jggzaafm712bvfffy7qml13k4bc")))) + (version "9.16.23") + (source + (origin + (method url-fetch) + (uri (string-append + "https://ftp.isc.org/isc/bind9/" version + "/bind-" version ".tar.xz")) + (sha256 + (base32 "0g0pxzhzcz6nzkiab4cs9sgbjdzqgy44aa477v7akdlwm8kmxnyy")) + (patches + (search-patches "bind-re-add-attr-constructor-priority.patch")))) (build-system gnu-build-system) (outputs `("out" "utils")) (inputs diff --git a/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch b/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch new file mode 100644 index 0000000000..5d6765dd92 --- /dev/null +++ b/gnu/packages/patches/bind-re-add-attr-constructor-priority.patch @@ -0,0 +1,57 @@ +From 6361de07a35f2e9dc1d7201d6b26ca31da93ee69 Mon Sep 17 00:00:00 2001 +From: Tobias Geerinckx-Rice +Date: Thu, 9 Dec 2021 01:07:32 +0100 +Subject: [PATCH] Revert "Remove priority from attribute + constructor/destructor" + +This reverts commit 0340df46ec5897636dd071bc8b5c4272cfa7d7be. It works +around an irrelevant operating system and breaks compilation on Guix: + +mem.c:873: fatal error: RUNTIME_CHECK(((pthread_mutex_lock(((&contextslock))) == 0) ? 0 : 34) == 0) failed +/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash: line 1: 13768 Aborted ./${fuzzer} + +Let's simply revert it for now---there are securities at stake! +--- + lib/isc/include/isc/util.h | 8 ++++---- + lib/isc/lib.c | 4 ++-- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h +index f0f7f85fa4..64c26587ac 100644 +--- a/lib/isc/include/isc/util.h ++++ b/lib/isc/include/isc/util.h +@@ -49,11 +49,11 @@ + #endif /* __GNUC__ */ + + #if HAVE_FUNC_ATTRIBUTE_CONSTRUCTOR && HAVE_FUNC_ATTRIBUTE_DESTRUCTOR +-#define ISC_CONSTRUCTOR __attribute__((constructor)) +-#define ISC_DESTRUCTOR __attribute__((destructor)) ++#define ISC_CONSTRUCTOR(priority) __attribute__((constructor(priority))) ++#define ISC_DESTRUCTOR(priority) __attribute__((destructor(priority))) + #elif WIN32 +-#define ISC_CONSTRUCTOR +-#define ISC_DESTRUCTOR ++#define ISC_CONSTRUCTOR(priority) ++#define ISC_DESTRUCTOR(priority) + #endif + + /*% +diff --git a/lib/isc/lib.c b/lib/isc/lib.c +index f3576b2659..2a167fec21 100644 +--- a/lib/isc/lib.c ++++ b/lib/isc/lib.c +@@ -35,9 +35,9 @@ isc_lib_register(void) { + } + + void +-isc__initialize(void) ISC_CONSTRUCTOR; ++isc__initialize(void) ISC_CONSTRUCTOR(101); + void +-isc__shutdown(void) ISC_DESTRUCTOR; ++isc__shutdown(void) ISC_DESTRUCTOR(101); + + void + isc__initialize(void) { +-- +2.34.0 + -- cgit v1.2.3 From 7c2d84df1c05d41ba9eafb6f64abd694166e55c3 Mon Sep 17 00:00:00 2001 From: Philip McGrath Date: Sat, 20 Nov 2021 00:43:53 -0500 Subject: gnu: sendgmail: Don't limit domain name of sender. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are three open pull requests adding this functionality: - https://github.com/google/gmail-oauth2-tools/pull/17 (October 2019) - https://github.com/google/gmail-oauth2-tools/pull/26 (May 2020) - https://github.com/google/gmail-oauth2-tools/pull/37 (May 2021) (The patch here is identical to #26, so I just closed this one.) Meanwhile, the most recent commit to the upstream repository was in May 2019: that was the commit that first added `sendgmail`. This commit adjusts Guix's `sendgmail`, following Postel's advice, to make the command "liberal in its receiving behavior" (RFC 760): it always accepts email addresses with any domain name, as in #26, and it accepts (and ignores) the `-gsuite` flag used in #17. * gnu/packages/patches/sendgmail-remove-domain-restriction.patch: New file. This is the patch from #26. * gnu/packages/patches/sendgmail-accept-ignored-gsuite-flag.patch: New file, based on #17. * gnu/local.mk (dist_patch_DATA): Add the new patches. * gnu/packages/mail.scm (sendgmail)[source]: Apply the new patches. Increment the "revision" argument to `git-version` from 0 to 1. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 2 ++ gnu/packages/mail.scm | 11 ++++-- .../sendgmail-accept-ignored-gsuite-flag.patch | 39 ++++++++++++++++++++++ .../sendgmail-remove-domain-restriction.patch | 34 +++++++++++++++++++ 4 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/sendgmail-accept-ignored-gsuite-flag.patch create mode 100644 gnu/packages/patches/sendgmail-remove-domain-restriction.patch (limited to 'gnu/local.mk') diff --git a/gnu/local.mk b/gnu/local.mk index 2afd025b52..223055c3e2 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1760,6 +1760,8 @@ dist_patch_DATA = \ %D%/packages/patches/screen-hurd-path-max.patch \ %D%/packages/patches/sdl-libx11-1.6.patch \ %D%/packages/patches/seed-webkit.patch \ + %D%/packages/patches/sendgmail-accept-ignored-gsuite-flag.patch \ + %D%/packages/patches/sendgmail-remove-domain-restriction.patch \ %D%/packages/patches/seq24-rename-mutex.patch \ %D%/packages/patches/serf-python3.patch \ %D%/packages/patches/shakespeare-spl-fix-grammar.patch \ diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index b75c1a0965..e52b48a2d6 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -4661,7 +4661,7 @@ feeds, converts them into emails, and sends them.") (define-public sendgmail (let ((commit "e3229155a4037267ce40f1a3a681f53221aa4d8d") - (revision "0")) + (revision "1")) (package (name "sendgmail") (version (git-version "0.0.0" revision commit)) @@ -4672,6 +4672,9 @@ feeds, converts them into emails, and sends them.") (url "https://github.com/google/gmail-oauth2-tools") (commit commit))) (file-name (git-file-name name version)) + (patches (search-patches + "sendgmail-remove-domain-restriction.patch" + "sendgmail-accept-ignored-gsuite-flag.patch")) (sha256 (base32 "1cxpkiaajhq1gjsg47r2b5xgck0r63pvkyrkm7af8c8dw7fyn64f")))) @@ -4691,5 +4694,9 @@ feeds, converts them into emails, and sends them.") "The @command{sendgmail} command provides a minimal sendmail-compatible front-end that connects to Gmail using OAuth2. It is specifically designed for use with @code{git send-email}. The command needs a Gmail API key to -function.") +function. + +Guix's version of @command{sendgmail} has been patched for compatibility with +all known forks, including support for non-@code{@@gmail.com} email +addresses.") (license license:asl2.0)))) diff --git a/gnu/packages/patches/sendgmail-accept-ignored-gsuite-flag.patch b/gnu/packages/patches/sendgmail-accept-ignored-gsuite-flag.patch new file mode 100644 index 0000000000..8405ff4e42 --- /dev/null +++ b/gnu/packages/patches/sendgmail-accept-ignored-gsuite-flag.patch @@ -0,0 +1,39 @@ +From 854490dc4a8a6a661b4750730c3ff749519f6e36 Mon Sep 17 00:00:00 2001 +From: Philip McGrath +Date: Sun, 14 Nov 2021 10:14:24 -0500 +Subject: [PATCH] sendgmail: accept and ignore a "-gsuite" flag + +Accepting a "-gsuite" flag provides compatability with +https://github.com/Flameeyes/gmail-oauth2-tools/commit/eabb456 +so users do not have to change their scripts or config files. + +Full hash of original: eabb45608ff4ce04045ff4ea92d05450e789ac81 + +Related to https://github.com/google/gmail-oauth2-tools/pull/17 +--- + go/sendgmail/main.go | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/go/sendgmail/main.go b/go/sendgmail/main.go +index 405aa1b..5cfd0c1 100644 +--- a/go/sendgmail/main.go ++++ b/go/sendgmail/main.go +@@ -40,6 +40,7 @@ var ( + setUp bool + dummyF string + dummyI bool ++ gsuite bool + ) + + func init() { +@@ -47,6 +48,7 @@ func init() { + flag.BoolVar(&setUp, "setup", false, "If true, sendgmail sets up the sender's OAuth2 token and then exits.") + flag.StringVar(&dummyF, "f", "", "Dummy flag for compatibility with sendmail.") + flag.BoolVar(&dummyI, "i", true, "Dummy flag for compatibility with sendmail.") ++ flag.BoolVar(&gsuite, "gsuite", true, "Dummy flag for compatibility with other forks of sendgmail.") + } + + func main() { +-- +2.32.0 + diff --git a/gnu/packages/patches/sendgmail-remove-domain-restriction.patch b/gnu/packages/patches/sendgmail-remove-domain-restriction.patch new file mode 100644 index 0000000000..d23af33375 --- /dev/null +++ b/gnu/packages/patches/sendgmail-remove-domain-restriction.patch @@ -0,0 +1,34 @@ +From a5ecd1b2302d0def2f6f8349747022a615a9f017 Mon Sep 17 00:00:00 2001 +From: Tamas K Lengyel +Date: Tue, 26 May 2020 13:27:50 -0600 +Subject: [PATCH] Don't limit to email with @gmail.com + +--- + go/sendgmail/main.go | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/go/sendgmail/main.go b/go/sendgmail/main.go +index b35ef23..405aa1b 100644 +--- a/go/sendgmail/main.go ++++ b/go/sendgmail/main.go +@@ -30,7 +30,6 @@ import ( + "log" + "net/smtp" + "os" +- "strings" + + "golang.org/x/oauth2" + googleOAuth2 "golang.org/x/oauth2/google" +@@ -52,9 +51,6 @@ func init() { + + func main() { + flag.Parse() +- if atDomain := "@gmail.com"; !strings.HasSuffix(sender, atDomain) { +- log.Fatalf("-sender must specify an %v email address.", atDomain) +- } + config := getConfig() + tokenPath := fmt.Sprintf("%v/.sendgmail.%v.json", os.Getenv("HOME"), sender) + if setUp { +-- +2.32.0 + -- cgit v1.2.3