gnu: w3m: Switch to Debian's actively maintained fork of w3m.

Fixes some security issues seen here: <http://www.openwall.com/lists/oss-security/2016/11/03/3> * gnu/packages/w3m.scm (w3m): Switch it. [source]: Use Debian's git tree. Remove obsolete patches. [arguments]: Remove an unneeded substitute* function. * gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch, gnu/packages/patches/w3m-disable-weak-ciphers.patch, gnu/packages/patches/w3m-force-ssl_verify_server-on.patch, gnu/packages/patches/w3m-libgc.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them.
2024-11-07 15:36:20 -05:00 · 2016-11-04 20:06:03 -04:00 · 2016-11-04 20:06:03 -04:00 · 674a0f9558
commit 674a0f9558
parent 682bfb8124
6 changed files with 13 additions and 124 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -891,10 +891,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/vte-CVE-2012-2738-pt1.patch			\
  %D%/packages/patches/vte-CVE-2012-2738-pt2.patch			\
  %D%/packages/patches/vtk-mesa-10.patch			\
-  %D%/packages/patches/w3m-libgc.patch				\
-  %D%/packages/patches/w3m-force-ssl_verify_server-on.patch	\
-  %D%/packages/patches/w3m-disable-sslv2-and-sslv3.patch	\
-  %D%/packages/patches/w3m-disable-weak-ciphers.patch		\
  %D%/packages/patches/weechat-python.patch			\
  %D%/packages/patches/weex-vacopy.patch			\
  %D%/packages/patches/wicd-bitrate-none-fix.patch		\
--- a/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch
+++ b/gnu/packages/patches/w3m-disable-sslv2-and-sslv3.patch
@ -1,24 +0,0 @@
-Subject: Disable SSLv2 and SSLv3.
-
-The only remaining methods are TLSv1.* (the code never distinguishes
-between TLSv1.0, TLSv1.1, and TLSv1.2).
---
- fm.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fm.h b/fm.h
-index 320906c..ddcd4fc 100644
--- a/fm.h
-+++ b/fm.h
-@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE);
- #endif				/* defined(USE_SSL) &&
- 				 * defined(USE_SSL_VERIFY) */
- #ifdef USE_SSL
-global char *ssl_forbid_method init(NULL);
-+global char *ssl_forbid_method init("2, 3");
- #endif
- 
- global int is_redisplay init(FALSE);
-- 
-2.6.4
-
--- a/gnu/packages/patches/w3m-disable-weak-ciphers.patch
+++ b/gnu/packages/patches/w3m-disable-weak-ciphers.patch
@ -1,24 +0,0 @@
-Subject: Disable weak ciphers
-
-Disable RC4, "export ciphers", and all keys < 128 bits.
-
-Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
---
- url.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/url.c b/url.c
-index ed6062e..e86b1f3 100644
--- a/url.c
-+++ b/url.c
-@@ -326,6 +326,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
- 	SSL_load_error_strings();
- 	if (!(ssl_ctx = SSL_CTX_new(SSLv23_client_method())))
- 	    goto eend;
-+	SSL_CTX_set_cipher_list(ssl_ctx, "DEFAULT:!LOW:!RC4:!EXP");
- 	option = SSL_OP_ALL;
- 	if (ssl_forbid_method) {
- 	    if (strchr(ssl_forbid_method, '2'))
-- 
-2.6.4
-
--- a/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch
+++ b/gnu/packages/patches/w3m-force-ssl_verify_server-on.patch
@ -1,24 +0,0 @@
-Subject: Force ssl_verify_server on.
-
-By default, SSL/TLS certificates are not verified. This enables the
-verification.
---
- fm.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fm.h b/fm.h
-index 8378939..320906c 100644
--- a/fm.h
-+++ b/fm.h
-@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE);
- #endif
- 
- #if defined(USE_SSL) && defined(USE_SSL_VERIFY)
-global int ssl_verify_server init(FALSE);
-+global int ssl_verify_server init(TRUE);
- global char *ssl_cert_file init(NULL);
- global char *ssl_key_file init(NULL);
- global char *ssl_ca_path init(NULL);
-- 
-2.6.4
-
--- a/gnu/packages/patches/w3m-libgc.patch
+++ b/gnu/packages/patches/w3m-libgc.patch
@ -1,28 +0,0 @@
-This patch fixes w3m compilation with libgc > 7.2.
-
-Reported:
-https://bugs.archlinux.org/task/33397
-
-Patch with explanation:
-http://anonscm.debian.org/cgit/collab-maint/w3m.git/commit/?id=770eec8304bdbe458
---
- main.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/main.c b/main.c
-index b421943..249eb1a 100644
--- a/main.c
-+++ b/main.c
-@@ -833,7 +833,8 @@ main(int argc, char **argv, char **envp)
-     mySignal(SIGPIPE, SigPipe);
- #endif
- 
-    orig_GC_warn_proc = GC_set_warn_proc(wrap_GC_warn_proc);
-+    orig_GC_warn_proc = GC_get_warn_proc();
-+    GC_set_warn_proc(wrap_GC_warn_proc);
-     err_msg = Strnew();
-     if (load_argc == 0) {
- 	/* no URL specified */
-- 
-2.6.4
-
--- a/gnu/packages/w3m.scm
+++ b/gnu/packages/w3m.scm
@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -28,37 +29,29 @@ (define-module (gnu packages w3m)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages)
  #:use-module (guix packages)
-  #:use-module (guix download)
+  #:use-module (guix git-download)
  #:use-module (guix build-system gnu))

 (define-public w3m
  (package
    (name "w3m")
-    (version "0.5.3")
+    (version "0.5.3+git20161031")
    (source (origin
-             (method url-fetch)
-             (uri (string-append "mirror://sourceforge/" name "/" name "/"
-                                 name "-" version "/"
-                                 name "-" version ".tar.gz"))
-             (sha256
-              (base32
-               "1qx9f0kprf92r1wxl3sacykla0g04qsi0idypzz24b7xy9ix5579"))
-
-             ;; cf. https://bugs.archlinux.org/task/33397
-             (patches (search-patches "w3m-libgc.patch"
-                                      "w3m-force-ssl_verify_server-on.patch"
-                                      "w3m-disable-sslv2-and-sslv3.patch"
-                                      "w3m-disable-weak-ciphers.patch"))))
+              (method git-fetch)
+              ;; Debian's fork of w3m is the only one that is still
+              ;; maintained.
+              (uri (git-reference
+                    (url "https://anonscm.debian.org/cgit/collab-maint/w3m.git")
+                    (commit version)))
+              (file-name (string-append "w3m-" version "-checkout"))
+              (sha256
+               (base32
+                "142vkkmsk76wj9w6r4y2pa1hmy1kkzmc73an9zchx0ikm2z92x6s"))))
    (build-system gnu-build-system)
    (arguments `(#:tests? #f  ; no check target
                 #:phases (alist-cons-before
                           'configure 'fix-perl
                           (lambda _
-                             ;; https://launchpad.net/bugs/935540
-                             ;; 'struct file_handle' is used by 'glibc'
-                             (substitute* '("istream.c" "istream.h")
-                              (("struct[[:blank:]]+file_handle")
-                               "struct w3m_file_handle"))
                             (substitute* '("scripts/w3mmail.cgi.in"
                                            "scripts/dirlist.cgi.in")
                               (("@PERL@") (which "perl"))))