gnu: indent: Update to 2.2.13-0.1737c92.

* gnu/packages/patches/indent-CVE-2024-0911.patch: Delete file. * gnu/local.mk: Unregister patch. * gnu/packages/code.scm (indent): Update to 2.2.13-0.1737c92. [arguments]{phases}: Add phase 'patch-bootstrap. [native-inputs]: Add autoconf-2.71, automake, gettext-minimal. [properties]: Add lint-hidden-cves. Signed-off-by: Zheng Junjie <z572@z572.online>
2025-10-02 02:15:12 +00:00 · 2025-03-07 13:39:47 +01:00 · 2025-03-07 13:39:47 +01:00 · 57397fd03f
commit 57397fd03f
parent 7d1f5f950f
3 changed files with 43 additions and 81 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1622,7 +1622,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/id3lib-UTF16-writing-bug.patch			\
  %D%/packages/patches/idris-test-ffi008.patch			\
  %D%/packages/patches/ilmbase-fix-tests.patch			\
-  %D%/packages/patches/indent-CVE-2024-0911.patch	\
  %D%/packages/patches/inferno-fix-crash.patch		\
  %D%/packages/patches/instead-use-games-path.patch		\
  %D%/packages/patches/intltool-perl-compatibility.patch	\
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@ -22,6 +22,7 @@
 ;;; Copyright © 2024 Sharlatan Hellseher <sharlatanus@gmail.com>
 ;;; Copyright © 2024 Artyom V. Poptsov <poptsov.artyom@gmail.com>
 ;;; Copyright © 2024 Jordan Moore <lockbox@struct.foo>
+;;; Copyright © 2025 Nicolas Graves <ngraves@ngraves.fr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -64,6 +65,7 @@
  #:use-module (gnu packages emacs)
  #:use-module (gnu packages flex)
  #:use-module (gnu packages gcc)
+  #:use-module (gnu packages gettext)
  #:use-module (gnu packages golang-build)
  #:use-module (gnu packages golang-crypto)
  #:use-module (gnu packages golang-web)
@ -875,29 +877,51 @@ the C, C++, C++/CLI, Objective‑C, C#, and Java programming languages.")
    (license license:lgpl3+)))

 (define-public indent
-  (package
-   (name "indent")
-   (version "2.2.13")
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "mirror://gnu/indent/indent-" version
-                                ".tar.gz"))
-            (sha256
-             (base32 "15c0ayp9rib7hzvrcxm5ijs0mpagw5y8kf5w0jr9fryfqi7n6r4y"))
-            ;; Remove patch when updating.
-            (patches (search-patches "indent-CVE-2024-0911.patch"))))
-   (build-system gnu-build-system)
-   (native-inputs
-    (list texinfo))
-   (synopsis "Code reformatter")
-   (description
-    "Indent is a program that makes source code easier to read by
+  ;; XXX: Not released anymore, but some patches fix CVEs.
+  (let ((commit "1737c929cbe2ec8a181107df9742894a44c57f71")
+        (revision "0"))
+    (package
+      (name "indent")
+      (version (git-version "2.2.13" revision commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://git.savannah.gnu.org/git/indent")
+               (commit commit)))
+         (file-name (git-file-name name version))
+         (sha256
+          (base32 "138bqlwvfjv3w1plw2zzf0nqw38lhgimzx1gic6p8r5kizjp9123"))))
+      (build-system gnu-build-system)
+      (arguments
+       (list #:phases
+             #~(modify-phases %standard-phases
+                 (add-after 'unpack 'patch-bootstrap
+                   (lambda _
+                     (substitute* "bootstrap"
+                       (("^(wget|\\./configure|rm)" all)
+                        (string-append "#" all)))
+                     (call-with-output-file "doc/version.texi"
+                       (lambda (port)
+                         (format port "\
+@set UPDATED
+@set EDITION ~a
+@set VERSION ~a"
+                                 #$version
+                                 #$version))))))))
+      (native-inputs
+       (list autoconf-2.71 automake gettext-minimal texinfo))
+      (home-page "https://www.gnu.org/software/indent/")
+      (synopsis "Code reformatter")
+      (description
+       "Indent is a program that makes source code easier to read by
 reformatting it in a consistent style.  It can change the style to one of
 several different styles such as GNU, BSD or K&R.  It has some flexibility to
 deal with incomplete or malformed syntax.  GNU indent offers several
 extensions over the standard utility.")
-   (license license:gpl3+)
-   (home-page "https://www.gnu.org/software/indent/")))
+      (license license:gpl3+)
+      (properties '((lint-hidden-cves . ("CVE-2023-40305"
+                                         "CVE-2024-0911")))))))

 (define-public amalgamate
  (let* ((commit "c91f07eea1133aa184f652b8f1398eaf03586208")
--- a/gnu/packages/patches/indent-CVE-2024-0911.patch
+++ b/gnu/packages/patches/indent-CVE-2024-0911.patch
@ -1,61 +0,0 @@
-Upstream issue: https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00001.html
-Signed-off-by: Petr Písař <ppisar@redhat.com>
---
- regression/TEST                                     | 2 +-
- regression/input/comment-parent-heap-underread.c    | 3 +++
- regression/standard/comment-parent-heap-underread.c | 5 +++++
- src/output.c                                        | 2 +-
- 4 files changed, 10 insertions(+), 2 deletions(-)
- create mode 100644 regression/input/comment-parent-heap-underread.c
- create mode 100644 regression/standard/comment-parent-heap-underread.c
-
-diff --git a/regression/TEST b/regression/TEST
-index 7c07c2e..951b1a2 100755
--- a/regression/TEST
-+++ b/regression/TEST
-@@ -40,6 +40,7 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \
-         macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \
-         bug-gnu-33364.c float-constant-suffix.c block-comments.c \
-        no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c"
-+        no-forced-nl-in-block-init.c hexadecimal_float.c binary-constant.c \
-+        comment-parent-heap-underread.c"
- 
- INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \
-         indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \
-diff --git a/regression/input/comment-parent-heap-underread.c 
-b/regression/input/comment-parent-heap-underread.c
-new file mode 100644
-index 0000000..68e13cf
--- /dev/null
-+++ b/regression/input/comment-parent-heap-underread.c
-@@ -0,0 +1,3 @@
-+void foo(void) {
-+/*a*/(1);
-+}
-diff --git a/regression/standard/comment-parent-heap-underread.c 
-b/regression/standard/comment-parent-heap-underread.c
-new file mode 100644
-index 0000000..9a1c6e3
--- /dev/null
-+++ b/regression/standard/comment-parent-heap-underread.c
-@@ -0,0 +1,5 @@
-+void
-+foo (void)
-+{
-+/*a*/ (1);
-+}
-diff --git a/src/output.c b/src/output.c
-index ee01bcc..17eee6e 100644
--- a/src/output.c
-+++ b/src/output.c
-@@ -290,7 +290,7 @@ void set_buf_break (
-     /* Did we just parse a bracket that will be put on the next line
-      * by this line break? */
- 
-    if ((*token == '(') || (*token == '['))
-+    if (level > 0 && ((*token == '(') || (*token == '[')))
-     {
-         --level;                        /* then don't take it into account */
-     }
-- 
-2.43.0