#47144 security patching of 'patch' package

Message #89 received at 47144@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47144) by debbugs.gnu.org; 6 Jun 2024 00:48:07 +0000
From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 05 20:48:07 2024
Received: from localhost ([127.0.0.1]:51915 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sF1IR-0003bz-Ht
	for submit@debbugs.gnu.org; Wed, 05 Jun 2024 20:48:06 -0400
Received: from mail-vs1-f50.google.com ([209.85.217.50]:46303)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1sF1IM-0003b4-3E
 for 47144@debbugs.gnu.org; Wed, 05 Jun 2024 20:48:00 -0400
Received: by mail-vs1-f50.google.com with SMTP id
 ada2fe7eead31-48bcd69919eso185297137.0
 for <47144@debbugs.gnu.org>; Wed, 05 Jun 2024 17:47:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1717634796; x=1718239596; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=AiaqA2+EXFwjX21dNzzTl/6y7uC9QURWRHFdaXf0vXQ=;
 b=MSEKF6znhHsCt29bzYWRmxU5V+V4A6C5H0sUuXCSVnxJeI0xNynv9VNWkNJey0RiUr
 BNCqtQAeBZe7Ej6++CU5q5zsj/w2ohljnJZC9QaqqWlF3Sx2gpAyh+7vEsIqNMahp/2g
 Ejyv9U1U7dmpg05Nt786MAud7VpQs2EyKElbgwSLp8gI7pa8VL1OsVNy73JqTWUPQ/u3
 FJh61RkEIJavmreBPhJHjaDmgWFwMBVabwGGntiKhc3ahopQDknC2LyF5oFbMmIJtzLB
 u2SXseJjd45WZ5yRmA5Yvd0As3yNPnVzkNwQLNMANyyF++efooeIRjH+1pYhSjcnrJZY
 X0MA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1717634796; x=1718239596;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=AiaqA2+EXFwjX21dNzzTl/6y7uC9QURWRHFdaXf0vXQ=;
 b=gHcGuxjl6DLGieGZ1Sda/zq5IZ5gDWRQp9KmxN39Ac2bkD/snYFh+8oBkiGfor6kqg
 wIUk1bZtjEq5cEBWGiUHa5+OwnCVE848pSi9nUL+4NHHG7xQgnqrTeJyR8QuLN+SlxEr
 JmvpriiyQWGjo91sB7UrkI/OEMo8/HDuFs3MOa1npb9ozuDro06RuZ3UZSkE5/tIheDl
 djQoth1+hMAnrA9W3Z58+HCScAqAd4uxYmGBz8nEsxhFhBCCRHJ3i2OzfOgq8q9wR4VE
 8hB8gKwo54pwFbULT2DiX6Ris1pXWHRswpLPqRL2exzMAMPLWpIGXRtDILUm39KYJC58
 75Qw==
X-Gm-Message-State: AOJu0Yywfxf1/PdHZWqthGiyAOUDovhBGO9NBkR610udoVYn0ob1KrCK
 hAWvQweX7u+NaR7O85CT9+Ou/QejKUNTp8nru1ILjisyZz3SSw4IgOq+Pxa5
X-Google-Smtp-Source: AGHT+IFElxnqLOixVajnZ84fqyIl1QWDhtH4calBF8UwCG7iG6XOShwmmdDemnUdfRuIE0Hm6TakAA==
X-Received: by 2002:a67:e454:0:b0:48b:9f36:14 with SMTP id
 ada2fe7eead31-48c048fd3b8mr4704758137.10.1717634796155; 
 Wed, 05 Jun 2024 17:46:36 -0700 (PDT)
Received: from localhost.localdomain (dsl-10-133-150.b2b2c.ca. [72.10.133.150])
 by smtp.gmail.com with ESMTPSA id
 af79cd13be357-795332df9b0sm8751085a.126.2024.06.05.17.46.35
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 05 Jun 2024 17:46:35 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: 47144@debbugs.gnu.org
Subject: [PATCH v4 2/3] gnu: gnulib: Update to 2024-05-30-1.ac4b301.
Date: Wed,  5 Jun 2024 20:46:20 -0400
Message-ID: <c34f058c9534a551b2cdc24cac9c642af14e842c.1717634752.git.maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <a3641c8501b839cb4490edca279bf15a8141b8ea.1717634752.git.maxim.cournoyer@gmail.com>
References: <a3641c8501b839cb4490edca279bf15a8141b8ea.1717634752.git.maxim.cournoyer@gmail.com>
MIME-Version: 1.0
X-Debbugs-Cc: Mark H Weaver <mhw@netris.org>, Ludovic Courtès <ludo@gnu.org>, Léo Le Bouter <lle-bout@zaclys.net>, Leo Famulari <leo@famulari.name>, Maxim Cournoyer <maxim.cournoyer@gmail.com>, Simon Tournier <zimon.toutoune@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47144
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Also fix the commands, which would fail due to not finding their
implementation scripts.

* gnu/packages/patches/gnulib-bootstrap.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/build-tools.scm (gnulib): Update to 2024-05-30-1.ac4b301.
[source]: Apply patch.
[phases] {patch-source-shebangs, patch-generated-file-shebangs}
{patch-usr-bin-file, restore-shebangs}: Delete phases.
{disable-failing-tests}: Disable sc_error_message_warn_fatal,
sc_prefer_angle_bracket_headers, sc_check_config_h_reminder,
sc_prohibit_sc_omitted_at, sc_readme_link_copying, sc_readme_link_install,
sc_unsigned_char, sc_unsigned_int,  sc_unsigned_long and sc_unsigned_short
checks.
{regenerate-unicode}: Register BidiMirroring.txt unicode data file.

Change-Id: I154b2c5980b671f1e73e7a1f74d926ea080a7aa0
---

(no changes since v1)

 gnu/local.mk                                |  1 +
 gnu/packages/build-tools.scm                | 55 ++++++++-------
 gnu/packages/patches/gnulib-bootstrap.patch | 75 +++++++++++++++++++++
 3 files changed, 107 insertions(+), 24 deletions(-)
 create mode 100644 gnu/packages/patches/gnulib-bootstrap.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 6934d5ccc7..b369127194 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1393,6 +1393,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/gnome-settings-daemon-gc.patch		\
   %D%/packages/patches/gnome-session-support-elogind.patch	\
   %D%/packages/patches/gnome-tweaks-search-paths.patch		\
+  %D%/packages/patches/gnulib-bootstrap.patch			\
   %D%/packages/patches/gnumach-support-noide.patch		\
   %D%/packages/patches/gnupg-default-pinentry.patch		\
   %D%/packages/patches/gnupg-1-build-with-gcc10.patch		\
diff --git a/gnu/packages/build-tools.scm b/gnu/packages/build-tools.scm
index daaf450e70..82abf5b9f1 100644
--- a/gnu/packages/build-tools.scm
+++ b/gnu/packages/build-tools.scm
@@ -13,7 +13,7 @@
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
 ;;; Copyright © 2020, 2023 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2021 qblade <qblade@protonmail.com>
-;;; Copyright © 2021, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2021, 2023, 2024 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2022, 2023 Juliana Sims <juli@incana.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -853,12 +853,15 @@ (define*-public (gnulib-checkout #:key
                           ;; FIXME: tests/uniname/HangulSyllableNames.txt
                           ;; seems like a UCD file but it is not distributed
                           ;; with UCD.
-                          "tests/uniwbrk/WordBreakTest.txt")))))))
+                          "tests/uniwbrk/WordBreakTest.txt")))))
+       (patches (search-patches "gnulib-bootstrap.patch"))))
     (build-system copy-build-system)
     (arguments
      (list
       #:install-plan
       #~'(("./gnulib-tool" "bin/")
+          ("./gnulib-tool.py" "bin/")
+          ("./gnulib-tool.sh" "bin/")
           ("." "src/gnulib" #:exclude-regexp ("\\.git.*")))
       #:modules '((ice-9 match)
                   (guix build utils)
@@ -866,6 +869,13 @@ (define*-public (gnulib-checkout #:key
                   ((guix build gnu-build-system) #:prefix gnu:))
       #:phases
       #~(modify-phases %standard-phases
+          ;; Since this package is intended to be used in source form, it
+          ;; should not retain references to tools (with the exception for the
+          ;; commands we install, which should be wrapper for proper
+          ;; execution).
+          (delete 'patch-source-shebangs)
+          (delete 'patch-generated-file-shebangs)
+          (delete 'patch-usr-bin-file)
           (add-before 'install 'check
             (assoc-ref gnu:%standard-phases 'check))
           (add-before 'check 'fix-tests
@@ -889,8 +899,10 @@ (define*-public (gnulib-checkout #:key
   sc_Wundef_boolean \\
   sc_copyright_check \\
   sc_file_system \\
+  sc_error_message_warn_fatal \\
   sc_indent \\
   sc_keep_gnulib_texi_files_mostly_ascii \\
+  sc_prefer_angle_bracket_headers \\
   sc_prohibit_assert_without_use \\
   sc_prohibit_close_stream_without_use \\
   sc_prohibit_defined_have_decl_tests \\
@@ -899,15 +911,22 @@ (define*-public (gnulib-checkout #:key
   sc_prohibit_intprops_without_use \\
   sc_prohibit_openat_without_use \\
   sc_prohibit_test_minus_ao \\
-  sc_unportable_grep_q"))
+  sc_readme_link_copying \\
+  sc_readme_link_install \\
+  sc_unportable_grep_q \\
+  sc_unsigned_char \\
+  sc_unsigned_int \\
+  sc_unsigned_long \\
+  sc_unsigned_short"))
               (substitute* "Makefile"
-                (("sc_check_(sym_list|copyright)" rule)
+                (("sc_check_(sym_list|copyright|config_h_reminder)" rule)
                  (string-append "disabled_check_" rule))
                 (("sc_cpp_indent_check")
                  "disabled_cpp_indent_check")
                 (("sc_prefer_ac_check_funcs_once")
                  "disabled_prefer_ac_check_funcs_once")
-                (("sc_prohibit_(AC_LIBOBJ_in_m4|leading_TABs)" rule)
+                (("sc_prohibit_(AC_LIBOBJ_in_m4|leading_TABs\
+|sc_omitted_at)" rule)
                  (string-append "disabled_prohibit_" rule)))))
           (add-before 'check 'regenerate-unicode
             (lambda* (#:key inputs #:allow-other-keys)
@@ -939,7 +958,8 @@ (define*-public (gnulib-checkout #:key
                              (sha256
                               (base32
                                "0k6wyijyzdl5g3nibcwfm898kfydx1pqaz28v7fdvnzdvd5fz7lh"))))
-                        (find-ucd-files "EastAsianWidth.txt"
+                        (find-ucd-files "BidiMirroring.txt"
+                                        "EastAsianWidth.txt"
                                         "LineBreak.txt"
                                         "auxiliary/WordBreakProperty.txt"
                                         "auxiliary/GraphemeBreakProperty.txt"
@@ -962,22 +982,9 @@ (define*-public (gnulib-checkout #:key
                    ("NormalizationTest.txt" . "uninorm")
                    ("auxiliary/GraphemeBreakTest.txt" . "unigbrk")
                    ("auxiliary/WordBreakTest.txt" . "uniwbrk")))
-                (delete-file "gen-uni-tables"))))
-          (add-after 'install 'restore-shebangs
-            (lambda _
-              (substitute* (find-files
-                            (string-append #$output "/src/gnulib")
-                            (lambda (fname stat)
-                              (and (not (string-suffix? "/lib/javaversion.class" fname))
-                                   (not (string-suffix? ".mo" fname)))))
-                (("^#! ?(.*)/bin/sh" _ prefix)
-                 "#!/bin/sh")
-                (("^#! ?(.*)/bin/python3" _ prefix)
-                 "#!/usr/bin/env python3")
-                (("^#! ?(.*)/bin/([a-zA-Z0-9-]+)" _ prefix program)
-                 (string-append "#!/usr/bin/" program))))))))
+                (delete-file "gen-uni-tables")))))))
     (inputs
-     (list bash-minimal))                         ;shebang for gnulib-tool
+     (list bash-minimal)) ;shebang for gnulib-tool
     (native-inputs
      (list
       bash-minimal python perl clisp
@@ -1005,9 +1012,9 @@ (define*-public (gnulib-checkout #:key
 
 (define-public gnulib
   (gnulib-checkout
-   #:version "2022-12-31"
-   #:commit "875461ffdf58ac04677957b4ae4160465b83b940"
-   #:hash (base32 "0bf7a6wdns9c5wwv60qfcn9llg0j6jz5ryd2qgsqqx2i6xkmp77c")))
+   #:version "2024-05-30"
+   #:commit "ac4b301ae15223c98b51cd5a0eda2e2cf57c817b"
+   #:hash (base32 "0f4w56fc97clg13mmdghx84dh9xqmaqr3j672ppfh3h66gmmmvzs")))
 
 (define-public pdpmake
   (package
diff --git a/gnu/packages/patches/gnulib-bootstrap.patch b/gnu/packages/patches/gnulib-bootstrap.patch
new file mode 100644
index 0000000000..c0c9a5e732
--- /dev/null
+++ b/gnu/packages/patches/gnulib-bootstrap.patch
@@ -0,0 +1,75 @@
+From adbf7ce2c2b03ce5ee25d4c68f9bb247b0dcbc2b Mon Sep 17 00:00:00 2001
+From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
+Date: Thu, 30 May 2024 14:48:04 -0400
+Subject: [PATCH] bootstrap: Use gnulib-tool from PATH if available.
+
+Some distributions such as GNU Guix include in their package for
+gnulib a 'gnulib-tool' command under their $bindir
+prefix (e.g. '/bin') for users to use, along the unmodified full
+sources.  The idea is that any wrapping or distribution modifications
+for the *execution* of the script at run time is done on these
+commands, while the rest of the source should be in their
+pristine (unmodified) version.  Adjust the 'gnulib-tool' discovery
+mechanism to support such installation layout.
+
+* build-aux/bootstrap (autogen) <gnulib_tool>: Prefer to use from
+PATH, else from $GNULIB_SRCDIR/../../bin/gnulib-tool, else from
+$GNULIB_SRCDIR/gnulib-tool.
+* gnulib-tool.sh (func_gnulib_dir): Honor GNULIB_SRCDIR to locate
+gnulib's main directory.
+---
+ build-aux/bootstrap | 11 +++++++++--
+ gnulib-tool.sh      |  6 +++++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/build-aux/bootstrap b/build-aux/bootstrap
+index 6295b8a128..06271eea8b 100755
+--- a/build-aux/bootstrap
++++ b/build-aux/bootstrap
+@@ -3,7 +3,7 @@
+ 
+ # Bootstrap this package from checked-out sources.
+ 
+-scriptversion=2024-04-13.15; # UTC
++scriptversion=2024-05-30.20; # UTC
+ 
+ # Copyright (C) 2003-2024 Free Software Foundation, Inc.
+ #
+@@ -1164,7 +1164,14 @@ autogen()
+   fi
+ 
+   if $use_gnulib; then
+-    gnulib_tool=$GNULIB_SRCDIR/gnulib-tool
++    gnulib_tool=$(command -v gnulib-tool)
++    if test -x "$gnulib_tool"; then
++      :                         # done
++    elif test -x $GNULIB_SRCDIR/../../bin/gnulib-tool; then
++      gnulib_tool=$GNULIB_SRCDIR/../../bin/gnulib-tool
++    else
++      gnulib_tool=$GNULIB_SRCDIR/gnulib-tool
++    fi
+     <$gnulib_tool || return
+   fi
+ 
+diff --git a/gnulib-tool.sh b/gnulib-tool.sh
+index 12f0b82461..0aefbe2b2b 100755
+--- a/gnulib-tool.sh
++++ b/gnulib-tool.sh
+@@ -518,7 +518,11 @@ func_gnulib_dir ()
+       * ) self_abspathname=`echo "$self_abspathname" | sed -e 's,/[^/]*$,,'`/"$linkval" ;;
+     esac
+   done
+-  gnulib_dir=`echo "$self_abspathname" | sed -e 's,/[^/]*$,,'`
++  if test -n "$GNULIB_SRCDIR"; then
++    gnulib_dir=$GNULIB_SRCDIR
++  else
++    gnulib_dir=`echo "$self_abspathname" | sed -e 's,/[^/]*$,,'`
++  fi
+ }
+ 
+ # func_tmpdir
+
+base-commit: ac4b301ae15223c98b51cd5a0eda2e2cf57c817b
+-- 
+2.41.0
+
-- 
2.45.1

Send a report that this bug log contains spam.