Thanks for reviewing, Leo Famulari <l...@famulari.name> writes:
> [ Unknown signature status ] > On Wed, Sep 21, 2016 at 06:46:31PM +0000, ng0 wrote: >> From 74a6c1e552a6ae8f438e91cbe318882401b440f8 Mon Sep 17 00:00:00 2001 >> From: ng0 <ngillm...@runbox.com> >> Date: Wed, 21 Sep 2016 18:08:42 +0000 >> Subject: [PATCH 1/2] gnu: Add psyclpc. >> >> * gnu/packages/psyc.scm (psyclpc): New variable. > >> + (source (origin >> + (method url-fetch) >> + (uri (list (string-append "http://www.psyced.org/files/"; >> + name "-" version ".tar.xz") >> + (string-append "http://krosos.sdf.org/static/unix/"; >> + "perlpsyc-" version ".zip"))) >> + (sha256 >> + (base32 >> + "0c2afcj8b2yr2vmy9sy0528iqs9sw01j6q35lvxicm42gs7vnik2")))) > > Do both of those URLs provide a file with the same hash? They should. But the server of psyced.org recently had to move, like you already noticed there's a mismatch now everywhere. I'll adjust again, try tomorrow around 11:59 AM UTC if I don't run into a problem I can't control. Updated patches will follow before this. >> + (arguments >> + `(#:tests? #f ; There are no tests/checks. >> + #:configure-flags (list >> + "--enable-use-tls=yes" >> + "--enable-use-mccp" > > The "Mud Client Compression Protocol"? Probably. For the why/how/what refer to the source and the Gentoo ebuild. I just do the integration/packaging. >> + (string-append "--with-openssl=" >> + (assoc-ref %build-inputs >> "openssl")) >> + (string-append "--prefix=" >> + (assoc-ref %outputs "out")) >> + (string-append "--libdir=" ; "-DMUD_LIB=" > > What does this commented text mean? References taken how I translated the buildsystem. >> + (assoc-ref %outputs "out") >> + "/opt/psyced/world") >> + (string-append "--bindir=" >> + (assoc-ref %outputs "out") >> + "/opt/psyced/bin") >> + (string-append "--libexecdir=" ; "-DERQ_DIR=" > > Same question here. > >> + (inputs >> + `(("zlib" ,zlib) >> + ("openssl" ,openssl))) >> + ;; pcre is bundled to ensure the version is compatible. XXX: look into >> + ;; unbundling it. Upstream should update from pcre 4.5 to 8.38. For >> + ;; functionality reasons we can not unbundle it now. >> + ;; ("pcre" ,pcre))) > > That version of PCRE was released in 2003. We might want to add a > warning to the package description... > > https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pcre Let's wait with the commit then, I've asked the people at our side who are working on the code about a statement as I don't have a full understanding of psyclpc. I've also pointed out that we (psyc/secushare) are advised to update pcre (before you've sent this) to fix CVEs. I have to send a new patchseries anyway, so I can adjust this. If we'll add a comment, it's useful to point out that this is being fixed. psyclpc in the wild is not used by anything other than psyced these days, so I don't know if what's being used by psyclpc is worth to point out. -- ng0
