guix_mirror_bot pushed a commit to branch master
in repository guix.
commit 6c71c8dc4a5140d6182e59ba806c532a4ae4f3c5
Author: Nicolas Graves <[email protected]>
AuthorDate: Wed Aug 27 14:45:02 2025 +0200
gnu: subversion: Add package and rename former to subversion/pinned.
Subversion currently has CVEs. IMHO, it's unsafe to carry them around
in a profile. However, updating subversion potential leads to a lot of
rebuilds and I don't want to tackle this right now.
As for other packages, the way forward is to add a variant of the
package only used for svn-fetch, here subversion/pinned.
* gnu/packages/version-control.scm (subversion): Update to 1.14.5.
(subversion/pinned): Inherit from subversion, but build the exact same
derivation as the previous subversion variable.
* guix/svn-download.scm (subversion-package): Use subversion/pinned.
Signed-off-by: Ludovic Courtès <[email protected]>
---
gnu/packages/version-control.scm | 18 ++++++++++++++++--
guix/svn-download.scm | 2 +-
2 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index ad556f5072..8da3c4dc0b 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -2992,14 +2992,14 @@ following features:
(define-public subversion
(package
(name "subversion")
- (version "1.14.3")
+ (version "1.14.5")
(source (origin
(method url-fetch)
(uri (string-append "mirror://apache/subversion/"
"subversion-" version ".tar.bz2"))
(sha256
(base32
- "0h54l4p2dlk1rm4zm428hi6ij6xpqxqlqmvkhmz5yhq9392zv7ll"))))
+ "18a4avism0a7b1siikkm6v2snhanlmqqzl4p8hspp2vbfvkjk2p7"))))
(build-system gnu-build-system)
(arguments
(list
@@ -3068,6 +3068,20 @@ usage; and its ability to support the needs of a wide
variety of users and
projects, from individuals to large-scale enterprise operations.")
(license license:asl2.0)))
+(define-public subversion/pinned
+ (hidden-package
+ (package
+ (inherit subversion)
+ (name "subversion")
+ (version "1.14.3")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://apache/subversion/"
+ "subversion-" version ".tar.bz2"))
+ (sha256
+ (base32 "0h54l4p2dlk1rm4zm428hi6ij6xpqxqlqmvkhmz5yhq9392zv7ll")))))))
+
(define-public rcs
(package
(name "rcs")
diff --git a/guix/svn-download.scm b/guix/svn-download.scm
index b20cdc79d1..a662bad099 100644
--- a/guix/svn-download.scm
+++ b/guix/svn-download.scm
@@ -72,7 +72,7 @@
(define (subversion-package)
"Return the default Subversion package."
(let ((distro (resolve-interface '(gnu packages version-control))))
- (module-ref distro 'subversion)))
+ (module-ref distro 'subversion/pinned)))
(define (svn-fetch-builder svn hash-algo)
(define guile-json
