X-Loop: help-debbugs@HIDDEN
Subject: bug#47144: security patching of 'patch' package
Resent-From: Mark H Weaver <mhw@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sun, 14 Mar 2021 21:39:02 +0000
Resent-Message-ID: <handler.47144.B.161575794111684 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 47144
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 47144 <at> debbugs.gnu.org
Cc: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.161575794111684
(code B ref -1); Sun, 14 Mar 2021 21:39:02 +0000
Received: (at submit) by debbugs.gnu.org; 14 Mar 2021 21:39:01 +0000
Received: from localhost ([127.0.0.1]:34341 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lLYRx-00032M-Bf
for submit <at> debbugs.gnu.org; Sun, 14 Mar 2021 17:39:01 -0400
Received: from lists.gnu.org ([209.51.188.17]:35168)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mhw@HIDDEN>) id 1lLYRv-00032F-Ty
for submit <at> debbugs.gnu.org; Sun, 14 Mar 2021 17:39:00 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55932)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <mhw@HIDDEN>) id 1lLYRv-0003hB-LP
for bug-guix@HIDDEN; Sun, 14 Mar 2021 17:38:59 -0400
Received: from world.peace.net ([64.112.178.59]:55722)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <mhw@HIDDEN>) id 1lLYRs-0004M3-QH
for bug-guix@HIDDEN; Sun, 14 Mar 2021 17:38:59 -0400
Received: from mhw by world.peace.net with esmtpsa
(TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
(envelope-from <mhw@HIDDEN>)
id 1lLYRr-0001IX-1C; Sun, 14 Mar 2021 17:38:55 -0400
From: Mark H Weaver <mhw@HIDDEN>
References: <6d01d537754ce50b10035903d8e7d205699c4b39.camel@HIDDEN>
Date: Sun, 14 Mar 2021 17:37:25 -0400
Message-ID: <877dm9s9fz.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Received-SPF: pass client-ip=64.112.178.59; envelope-from=mhw@HIDDEN;
helo=world.peace.net
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
I'm forwarding this to bug-guix@HIDDEN so that it won't be forgotten.
Mark
-------------------- Start of forwarded message --------------------
Subject: security patching of 'patch' package
From: L=C3=A9o Le Bouter <lle-bout@HIDDEN>
To: guix-devel@HIDDEN
Date: Wed, 10 Mar 2021 04:14:35 +0100
--=-=-=
Content-Type: multipart/signed; boundary="==-=-="
--==-=-=
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello!
I could find that the 'patch' package was vulnerable to numerous CVEs
that other distros like Debian have patched. Here's the list reported
by 'guix lint -c cve patch':
patch@HIDDEN: probably vulnerable to CVE-2019-13636, CVE-2019-13638,
CVE-2019-20633, CVE-2018-1000156, CVE-2018-20969, CVE-2018-6951, CVE-
2018-6952
Can I use latest commit from master to build 'patch' then graft
original package?
i.e. https://git.savannah.gnu.org/git/patch.git
There's not that many commits since last release, but lots of time:=20
https://git.savannah.gnu.org/cgit/patch.git/log/
Thank you,
L=C3=A9o
--==-=-=
Content-Type: application/pgp-signature; name=signature.asc
Content-Transfer-Encoding: base64
Content-Description: This is a digitally signed message part
LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVGSXZMaTlnTCt4
YXgzZzZSUmFpeDZHdk5FS1lGQW1CSU9ac0FDZ2tRUmFpeDZHdk4KRUtZVktoQUFtUWJTMHE2eGdt
b0M1RW8rVDRxWWlMcmc2RWZVTWljWU85STFMQkRGR2ZwODVYSU1qcUF0SWtpRAoyQjFYSkx6WFk3
eFpoZWlLQllManBwdXE1WEhYR01RODBKWmkwbFFFdW9NaDArMURUY3Z2STBVZ3R5ZGp4dmFzCkM5
RFRsaE5URnhtMzY4VzdxeFlSMkp0dHNVc3R5d2VWejI3RFBZOU82MlFSVW55SFJzSnZRWExTSS9D
SFdYRkkKM0RpWHpqakJYb3dzQ3U5YWY2OWZJekJDQlE2QjBRdmtucnlIbml4MUFlVm5TZnUvMFNN
N0JpbXk1QUtPbmprTgpjam5IUXI1TWMrRklWZE91L3B6Z05vVm13Y3pWaHl1L0E4blJlWUlpZVBH
VE1hK0NwdUVyL1ZyZXhxYzNucGNYCmpZem80UCtkL1BSZEFMR2dkT2xHTURkbEFyM1pWSGhTOVA1
YWdRZTlRM1llSlZWU1p6d0g2VHpGVCswS3JFTnkKMkhvTSt6S05CRThxVkxNdURIOUFhWjdYclp5
SkpEb211RG05MjdvamFTblMwc3EwbmJ6ekxXa1NOR25MK2hYago1TkZDbS9RQ2xHeVNjOURNdVpX
Yzc2bnhuMDJCVHlraUtYQzAzUC9HZk1KM0I5N0xldjUxaDVvRWk0VGxLc1JoCmpsTXdKQmFZcDho
NkZQNkVESkxjOGFoYUlLTjhhb29xdXV0Rk9VWG4rSUdCbVlZMXVYVE8wVjBVSnFWejEzMUoKR2Rt
SDRTblZxV3RDYmlLQ1ZMU2d1QXRoUzZFd1NxMEVBekVhZVVWbWkxOFlBKytnT3A2TitGUVNtanBS
a1J3WApqVnd0VG16WW9ML3lLeDI4Q29QYXBGSzdwYTNla0IwVzQzbnc0L0ViNjhxcGJ2bHBYeEk9
Cj1jRVNQCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=
--==-=-=--
--=-=-=
Content-Type: text/plain
-------------------- End of forwarded message --------------------
--=-=-=--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Mark H Weaver <mhw@HIDDEN> Subject: bug#47144: Acknowledgement (security patching of 'patch' package) Message-ID: <handler.47144.B.161575794111684.ack <at> debbugs.gnu.org> References: <877dm9s9fz.fsf@HIDDEN> X-Gnu-PR-Message: ack 47144 X-Gnu-PR-Package: guix Reply-To: 47144 <at> debbugs.gnu.org Date: Sun, 14 Mar 2021 21:39:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 47144 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 47144: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D47144 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
Received: (at control) by debbugs.gnu.org; 15 Mar 2021 13:43:05 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 15 09:43:05 2021 Received: from localhost ([127.0.0.1]:35086 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lLnUu-0007Cf-Nm for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 09:43:04 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51318) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1lLnUt-0007C9-EX for control <at> debbugs.gnu.org; Mon, 15 Mar 2021 09:43:03 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40709) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1lLnUo-00052l-7M for control <at> debbugs.gnu.org; Mon, 15 Mar 2021 09:42:58 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=45744 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1lLnUf-00012K-IR for control <at> debbugs.gnu.org; Mon, 15 Mar 2021 09:42:56 -0400 Date: Mon, 15 Mar 2021 14:42:47 +0100 Message-Id: <87r1kgh6so.fsf@HIDDEN> To: control <at> debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Subject: control message for bug #47144 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) tags 47144 + security quit
X-Loop: help-debbugs@HIDDEN
Subject: bug#47144: [PATCH 0/1] gnu: patch: Update to 2.7.6-7623b2d [security fixes].
References: <877dm9s9fz.fsf@HIDDEN>
In-Reply-To: <877dm9s9fz.fsf@HIDDEN>
Resent-From: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 15 Mar 2021 18:27:02 +0000
Resent-Message-ID: <handler.47144.B47144.161583277820625 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 47144
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: 47144 <at> debbugs.gnu.org
Cc: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Received: via spool by 47144-submit <at> debbugs.gnu.org id=B47144.161583277820625
(code B ref 47144); Mon, 15 Mar 2021 18:27:02 +0000
Received: (at 47144) by debbugs.gnu.org; 15 Mar 2021 18:26:18 +0000
Received: from localhost ([127.0.0.1]:37073 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lLruz-0005Ma-SK
for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 14:26:18 -0400
Received: from mail.zaclys.net ([178.33.93.72]:34011)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <lle-bout@HIDDEN>) id 1lLrux-0005MH-Jz
for 47144 <at> debbugs.gnu.org; Mon, 15 Mar 2021 14:26:16 -0400
Received: from localhost.localdomain (82-64-145-38.subs.proxad.net
[82.64.145.38]) (authenticated bits=0)
by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12FIQ9uP017842
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
Mon, 15 Mar 2021 19:26:09 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12FIQ9uP017842
Authentication-Results: mail.zaclys.net;
dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
s=default; t=1615832769;
bh=HcHkofLUZrmqY5CXOL5IV/gAUnyOzi8trgG+S8w2yUA=;
h=From:To:Cc:Subject:Date:From;
b=Vd47DqdgMcwFzNL0ce6q2wNE6rl5lFkffDcb/ZuHFzjWO4ED/OLeo+nNKTTm2+KRH
/1yiJ2UWMmPFfDXoavEQEmbGo+ssqvn+KO77FDOaNZM1vqXMUElze3x1rWCPYCtWFQ
8P0DdxjYZE9APJJMcGTZyb7b9LsxPly9Va4xlHWg=
From: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Date: Mon, 15 Mar 2021 19:26:04 +0100
Message-Id: <20210315182605.25973-1-lle-bout@HIDDEN>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
I tried something, using patch git repo's master instead of release tarballs, I
am not sure the git repo contains all the fixes, we could alternatively just
pull patches from Debian.
This attempt does not work yet however, it fails on some gnulib source file not
being found for some reason:
gcc: error: parse-datetime.c: No such file or directory
gcc: fatal error: no input files
compilation terminated.
This file seems to be generated by YACC from earlier log.
Léo Le Bouter (1):
gnu: patch: Update to 2.7.6-7623b2d [security fixes].
gnu/packages/base.scm | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
--
2.30.2
X-Loop: help-debbugs@HIDDEN
Subject: bug#47144: [PATCH 1/1] gnu: patch: Update to 2.7.6-7623b2d [security fixes].
Resent-From: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 15 Mar 2021 18:27:02 +0000
Resent-Message-ID: <handler.47144.B47144.161583277820632 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 47144
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: 47144 <at> debbugs.gnu.org
Cc: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Received: via spool by 47144-submit <at> debbugs.gnu.org id=B47144.161583277820632
(code B ref 47144); Mon, 15 Mar 2021 18:27:02 +0000
Received: (at 47144) by debbugs.gnu.org; 15 Mar 2021 18:26:18 +0000
Received: from localhost ([127.0.0.1]:37075 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lLrv0-0005Mc-2l
for submit <at> debbugs.gnu.org; Mon, 15 Mar 2021 14:26:18 -0400
Received: from mail.zaclys.net ([178.33.93.72]:42759)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <lle-bout@HIDDEN>) id 1lLruy-0005MJ-8u
for 47144 <at> debbugs.gnu.org; Mon, 15 Mar 2021 14:26:16 -0400
Received: from localhost.localdomain (82-64-145-38.subs.proxad.net
[82.64.145.38]) (authenticated bits=0)
by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12FIQ9uQ017842
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
Mon, 15 Mar 2021 19:26:10 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12FIQ9uQ017842
Authentication-Results: mail.zaclys.net;
dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
s=default; t=1615832770;
bh=QOj4BRk+AUscpF6wkwcItIWRc1DvhgcWiycVrsvjFbU=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=btERzpNO+RejlLr9L+6LDF6ta2SobDhLoilOfaBxVAvql5R1Ow7jXRWvbyhMRREP4
Z/NHz9RTvii7HO6keHPsm1mFl7PE7b2SvQ6evYxv7Dq24itQDpP0tDbvQOZVj6RB1Y
ZDOSvsUdsth8/UvoYtaAbmmmJQeyrf4u60O1kCLM=
From: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Date: Mon, 15 Mar 2021 19:26:05 +0100
Message-Id: <20210315182605.25973-2-lle-bout@HIDDEN>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210315182605.25973-1-lle-bout@HIDDEN>
References: <20210315182605.25973-1-lle-bout@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
* gnu/packages/base.scm (patch/fixed): New variable.
(patch)[replacement]: Graft.
---
gnu/packages/base.scm | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 9aa69cfe77..a71b47ac4f 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -46,12 +46,14 @@
#:use-module (gnu packages compression)
#:use-module (gnu packages perl)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages autotools)
#:use-module (gnu packages pcre)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages hurd)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages gettext)
+ #:use-module (gnu packages version-control)
#:use-module (guix i18n)
#:use-module (guix utils)
#:use-module (guix packages)
@@ -228,6 +230,7 @@ standard utility.")
(base32
"1zfqy4rdcy279vwn2z1kbv19dcfw25d2aqy9nzvdkq5bjzd0nqdc"))
(patches (search-patches "patch-hurd-path-max.patch"))))
+ (replacement patch/fixed)
(build-system gnu-build-system)
(arguments
;; Work around a cross-compilation bug whereby libpatch.a would provide
@@ -246,6 +249,42 @@ differences.")
(license gpl3+)
(home-page "https://savannah.gnu.org/projects/patch/")))
+(define patch/fixed
+ (let ((commit "7623b2dc0d1837ecfd58f32efc78e35834deeb38"))
+ (package/inherit patch
+ (name "patch")
+ (version "2.7.6")
+ ;; (version (string-append "2.7.6-" (string-take commit 7)))
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.savannah.gnu.org/git/patch.git")
+ (commit commit)
+ (recursive? #t)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0k3i95gkbi21lipadlg1zd03d928b65x322q08xgdg461vnw2i6h"))
+ (patches (search-patches "patch-hurd-path-max.patch"))))
+ (arguments
+ (substitute-keyword-arguments (package-arguments patch)
+ ((#:phases phases '%standard-phases)
+ `(modify-phases ,phases
+ (replace 'bootstrap
+ (lambda* (#:key inputs #:allow-other-keys)
+ (substitute* (list "gnulib/gnulib-tool"
+ "gnulib/build-aux/git-version-gen")
+ (("/bin/sh") (which "sh")))
+ (invoke "bash" "bootstrap" "--no-git"
+ "--gnulib-srcdir=gnulib")
+ #t))))))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("git" ,git-minimal)
+ ,@(package-native-inputs patch))))))
+
(define-public diffutils
(package
(name "diffutils")
--
2.30.2
X-Loop: help-debbugs@HIDDEN
Subject: bug#47144: [PATCH 1/1] gnu: patch: Update to 2.7.6-7623b2d [security fixes].
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 18 Mar 2021 22:00:02 +0000
Resent-Message-ID: <handler.47144.B.16161047459951 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 47144
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: 47144 <at> debbugs.gnu.org
Cc: lle-bout@HIDDEN
X-Debbugs-Original-To: =?UTF-8?Q?L=C3=A9o?= Le Bouter via Bug reports for GNU Guix <bug-guix@HIDDEN>
X-Debbugs-Original-Cc: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>, 47144 <at> debbugs.gnu.org
Received: via spool by submit <at> debbugs.gnu.org id=B.16161047459951
(code B ref -1); Thu, 18 Mar 2021 22:00:02 +0000
Received: (at submit) by debbugs.gnu.org; 18 Mar 2021 21:59:05 +0000
Received: from localhost ([127.0.0.1]:48242 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lN0fY-0002aR-Q0
for submit <at> debbugs.gnu.org; Thu, 18 Mar 2021 17:59:05 -0400
Received: from lists.gnu.org ([209.51.188.17]:54790)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1lN0fX-0002aK-Cf
for submit <at> debbugs.gnu.org; Thu, 18 Mar 2021 17:59:03 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:41964)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1lN0fX-0004eQ-3o
for bug-guix@HIDDEN; Thu, 18 Mar 2021 17:59:03 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:37274)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludo@HIDDEN>)
id 1lN0fW-0002h6-8b; Thu, 18 Mar 2021 17:59:02 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=56064 helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <ludo@HIDDEN>)
id 1lN0fT-0003in-Dy; Thu, 18 Mar 2021 17:59:00 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <20210315182605.25973-1-lle-bout@HIDDEN>
<20210315182605.25973-2-lle-bout@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 28 =?UTF-8?Q?Vent=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 18 Mar 2021 22:58:56 +0100
In-Reply-To: <20210315182605.25973-2-lle-bout@HIDDEN> ("=?UTF-8?Q?L=C3=A9o?= Le Bouter via
Bug reports for GNU Guix"'s message of "Mon, 15 Mar 2021 19:26:05
+0100")
Message-ID: <87lfakjf8f.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi,
L=C3=A9o Le Bouter via Bug reports for GNU Guix <bug-guix@HIDDEN> skribis:
> * gnu/packages/base.scm (patch/fixed): New variable.
> (patch)[replacement]: Graft.
It=E2=80=99s (almost) useless to provide a graft of =E2=80=98patch=E2=80=99=
because patch is
usually a build-time only dependency. (Maybe we can tell it=E2=80=99s not
vulnerable to the issues at hand because in that context it=E2=80=99s always
given controlled input: the package patches.)
What could be useful is to provide a second version of patch so that
people running =E2=80=98guix install patch=E2=80=99 or similar get the newe=
r version.
HTH,
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: bug#47144: [PATCH 1/1] gnu: patch: Update to 2.7.6-7623b2d [security fixes].
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 18 Mar 2021 22:00:02 +0000
Resent-Message-ID: <handler.47144.B47144.16161047499969 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 47144
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: 47144 <at> debbugs.gnu.org
Cc: lle-bout@HIDDEN
X-Debbugs-Original-To: =?UTF-8?Q?L=C3=A9o?= Le Bouter via Bug reports for GNU Guix <bug-guix@HIDDEN>
X-Debbugs-Original-Cc: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>, 47144 <at> debbugs.gnu.org
Received: via spool by 47144-submit <at> debbugs.gnu.org id=B47144.16161047499969
(code B ref 47144); Thu, 18 Mar 2021 22:00:02 +0000
Received: (at 47144) by debbugs.gnu.org; 18 Mar 2021 21:59:09 +0000
Received: from localhost ([127.0.0.1]:48245 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lN0fd-0002aj-2e
for submit <at> debbugs.gnu.org; Thu, 18 Mar 2021 17:59:09 -0400
Received: from eggs.gnu.org ([209.51.188.92]:48966)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1lN0fc-0002aI-5N
for 47144 <at> debbugs.gnu.org; Thu, 18 Mar 2021 17:59:08 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:37274)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludo@HIDDEN>)
id 1lN0fW-0002h6-8b; Thu, 18 Mar 2021 17:59:02 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=56064 helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <ludo@HIDDEN>)
id 1lN0fT-0003in-Dy; Thu, 18 Mar 2021 17:59:00 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <20210315182605.25973-1-lle-bout@HIDDEN>
<20210315182605.25973-2-lle-bout@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 28 =?UTF-8?Q?Vent=C3=B4se?= an 229 de la =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 18 Mar 2021 22:58:56 +0100
In-Reply-To: <20210315182605.25973-2-lle-bout@HIDDEN> ("=?UTF-8?Q?L=C3=A9o?= Le Bouter via
Bug reports for GNU Guix"'s message of "Mon, 15 Mar 2021 19:26:05
+0100")
Message-ID: <87lfakjf8f.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Hi,
L=C3=A9o Le Bouter via Bug reports for GNU Guix <bug-guix@HIDDEN> skribis:
> * gnu/packages/base.scm (patch/fixed): New variable.
> (patch)[replacement]: Graft.
It=E2=80=99s (almost) useless to provide a graft of =E2=80=98patch=E2=80=99=
because patch is
usually a build-time only dependency. (Maybe we can tell it=E2=80=99s not
vulnerable to the issues at hand because in that context it=E2=80=99s always
given controlled input: the package patches.)
What could be useful is to provide a second version of patch so that
people running =E2=80=98guix install patch=E2=80=99 or similar get the newe=
r version.
HTH,
Ludo=E2=80=99.
Received: (at control) by debbugs.gnu.org; 24 Mar 2021 04:06:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 24 00:06:33 2021
Received: from localhost ([127.0.0.1]:33694 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lOumu-0005lF-Sj
for submit <at> debbugs.gnu.org; Wed, 24 Mar 2021 00:06:33 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:54559)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <leo@HIDDEN>) id 1lOumu-0005l0-0L
for control <at> debbugs.gnu.org; Wed, 24 Mar 2021 00:06:32 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
by mailout.nyi.internal (Postfix) with ESMTP id 00DAB5C00A6;
Wed, 24 Mar 2021 00:06:27 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
by compute3.internal (MEProxy); Wed, 24 Mar 2021 00:06:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
h=date:from:to:message-id:mime-version:content-type; s=mesmtp;
bh=cUzHWhlGR3wC+bHCNkVYv1pLnZKlAmeM2w5IIOGJO/Q=; b=hYoywwDcb45H
+FnMoujfkLjlL2O862lHA5gu19YnLcGkyedy4g2r+8zkuxkV/0wCDl3ZYARsyaoQ
gncttRvwfOB0FMOE2wn2BZGKsMDDR2NHFRvDuLmgLVE9W73e+f1eYRNLEHxLS4t2
q5jQWE6lWCJQQtJYSFhL1sFjiC5+NHU=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-type:date:from:message-id
:mime-version:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
:x-sasl-enc; s=fm2; bh=cUzHWhlGR3wC+bHCNkVYv1pLnZKlAmeM2w5IIOGJO
/Q=; b=oBY0abGUV0V94XVxdUGYaDcNx44jbdINXGMiVoENwErL1yEyiGyJbPQDK
KgbgNvQpHxuXtUvKddIOXBy+bW7zjdDZ6pCHF1UvgbbVyy7zARHXbgQJjqfnkoCp
ZyzdR6eTojVI18aQnLJahMvztuvcnJvvpZ3JTPK5cXLzOGKf87Wa1h8WokpQfozP
1NG4H8Sc6HYjzRVTP+1Q0xA/mhIJKoETs8nKC9USahQ11JAQbaqB1Cpn6Y8s9xG7
U/fZIKBTlgGmSup44lnPYSzJwJd7bhKfPY19kMaWM7TtSioka1WU9C9wWYCuy6Z+
nmVqk+OOVCF+IbVpUS0FVk6RCNd4Q==
X-ME-Sender: <xms:wrpaYI2TQhPhqkd8M4wRh-EXFqOLsJG09o_LC8m_vKGAt_qjZ3SR8Q>
<xme:wrpaYDGd25ewn6f51GNC6Er43JdFw3ebn9ANwFUgVC5uajwmZBqy5yBY8_8Oz3MCL
mh4DIzjSwsoFboaMw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudegjedgieejucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucfgmhhpthihuchsuhgsjhgvtghtucdluddtmdenuc
fjughrpeffhffvkfggtggusehttdertddttddvnecuhfhrohhmpefnvghoucfhrghmuhhl
rghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpe
fhjeeigfefvedvfeetheegledtkeevuddtgedtudeiteehteegvdefffduffefffenucfk
phepuddttddruddurdduieelrdduudeknecuvehluhhsthgvrhfuihiivgeptdenucfrrg
hrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:wrpaYA5MSFZy4M_M6fQcw-zX2m2a-SApeKKm3wMnBkAU6eoCz5MR3g>
<xmx:wrpaYB1i6DZoRlJoAukHpKnHyfJmy_aidd7fDS7cf80v-FmcXfMcFA>
<xmx:wrpaYLGYF_6RkEB7FuzkHXUW9NQnCkCFGBVcK9TRlIgptLq8H1E8fQ>
<xmx:wrpaYPQC60dqI7leSwvgwV39W0YoLAmFCVNUJxV6VPfdpBc8ulTmBA>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
[100.11.169.118])
by mail.messagingengine.com (Postfix) with ESMTPA id C6F7224041D
for <control <at> debbugs.gnu.org>; Wed, 24 Mar 2021 00:06:26 -0400 (EDT)
Date: Wed, 24 Mar 2021 00:06:25 -0400
From: Leo Famulari <leo@HIDDEN>
To: control <at> debbugs.gnu.org
Message-ID: <YFq6wUqi070//Gk+@jasmine.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Spam-Score: 2.3 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: block 47297 with 47140 block 47297 with 47141 block 47297
with 47142 block 47297 with 47143 block 47297 with 47144
Content analysis details: (2.3 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[66.111.4.25 listed in wl.mailspike.net]
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust [66.111.4.25 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
1.8 MISSING_SUBJECT Missing Subject: header
0.2 NO_SUBJECT Extra score for no subject
1.0 BODY_EMPTY No body text in message
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: block 47297 with 47140 block 47297 with 47141 block 47297
with 47142 block 47297 with 47143 block 47297 with 47144
Content analysis details: (1.3 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[66.111.4.25 listed in wl.mailspike.net]
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust
[66.111.4.25 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
1.8 MISSING_SUBJECT Missing Subject: header
0.2 NO_SUBJECT Extra score for no subject
1.0 BODY_EMPTY No body text in message
block 47297 with 47140
block 47297 with 47141
block 47297 with 47142
block 47297 with 47143
block 47297 with 47144
X-Loop: help-debbugs@HIDDEN
Subject: bug#47144: security patching of 'patch' package
Resent-From: Leo Famulari <leo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Wed, 14 Apr 2021 21:55:02 +0000
Resent-Message-ID: <handler.47144.B47144.16184372828254 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 47144
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: Mark H Weaver <mhw@HIDDEN>
Cc: 47144 <at> debbugs.gnu.org
Received: via spool by 47144-submit <at> debbugs.gnu.org id=B47144.16184372828254
(code B ref 47144); Wed, 14 Apr 2021 21:55:02 +0000
Received: (at 47144) by debbugs.gnu.org; 14 Apr 2021 21:54:42 +0000
Received: from localhost ([127.0.0.1]:35963 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lWnT8-000293-Fw
for submit <at> debbugs.gnu.org; Wed, 14 Apr 2021 17:54:42 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:41109)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <leo@HIDDEN>) id 1lWnT6-00028n-0R
for 47144 <at> debbugs.gnu.org; Wed, 14 Apr 2021 17:54:41 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
by mailout.nyi.internal (Postfix) with ESMTP id 777C15C009E;
Wed, 14 Apr 2021 17:54:34 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
by compute3.internal (MEProxy); Wed, 14 Apr 2021 17:54:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
h=date:from:to:cc:subject:message-id:references:mime-version
:content-type:in-reply-to; s=mesmtp; bh=6f4axvg7upunPgsTJ1Ddy9PM
rWm1KoqNYks/tTWjmZA=; b=O9gN0ex6+5NJza+gZcX32ZJwR3QmRmRoBfF71Y99
NWB0uXDZ42+qE5jtzRdhtWJWPNNxKEgvyyO/UETM4l1b5LXLYyqpCWQQupQZ4VVh
JlvJlEtnFurRt/zAtMLNoJZRcHDLzk/KKbqCqCn1YKGh5EUE/b714DjhqPI0FSCA
bzw=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-type:date:from:in-reply-to
:message-id:mime-version:references:subject:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=6f4axv
g7upunPgsTJ1Ddy9PMrWm1KoqNYks/tTWjmZA=; b=m1v9ttJQPDsD2dElU0bL3Z
+I5cwlsFR3gS/+sERLqN3U0csgeEMLGQ6XMRV9JSpVseT4jbDwufxJayBD1JapLO
IFAf1bsmorVwCo14rMerJf6l7915bqUaNh4PI6X691k0mEOTAORjM7gDmMqEniW1
7cHtj9qDAwkuXUmmNLIsq5dzkAT0WKAU1By3IwpZMLu/SCnc/rKRGIKM69Ur8Mx5
QjmGQkLepp3UNckYYrgSrZU/zgfybPZe773ieaA12uSF5RS20lNMjszpCAYihiFv
+1t5jGcwlqZFHKVUWMIlwMOOoCpSDTRwsd6vClELOEeoUyXJZdoK5WIhzjaEx1UA
==
X-ME-Sender: <xms:mmR3YBE07usNUmTqky1yvKCEnYZRc4Qda1SU_TbeqCHxR5C73AAjtQ>
<xme:mmR3YGWN1Xx35K8rx4oxZZ1_Ceq_BambLALDZEre4DaTezbSHUPLL4X4bPyjkTH-c
pOkCi5-OJvRBA3isw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudelvddgtddvucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujgesthdtre
dttddtvdenucfhrhhomhepnfgvohcuhfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgr
rhhirdhnrghmvgeqnecuggftrfgrthhtvghrnhepueekkedtffdvtddugeejgedtvefhue
efiedvjeeitdeigedtveejvdejheffvefgnecukfhppedutddtrdduuddrudeiledruddu
keenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvg
hosehfrghmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:mmR3YDJKcup8Nf3jCj53wwClYEWDb7FxCgtVbqi8uyJuHQE9ItYgRw>
<xmx:mmR3YHHvTYjgobOBdT5aTVdBz3IhHjPthTlNK9lEzXrilacULMxXYg>
<xmx:mmR3YHU9vgQu-jukaVqjbBx68zJG44VDTsYLdnhSoLnLB_9IkRhvrg>
<xmx:mmR3YOAntlShncIj6kRt8I-VnCxZ7wFl6tYwtQ44NkqGzhfFqXXjwQ>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
[100.11.169.118])
by mail.messagingengine.com (Postfix) with ESMTPA id 1A7A01080057;
Wed, 14 Apr 2021 17:54:34 -0400 (EDT)
Date: Wed, 14 Apr 2021 17:54:28 -0400
From: Leo Famulari <leo@HIDDEN>
Message-ID: <YHdklP7565AtJ4uR@HIDDEN>
References: <6d01d537754ce50b10035903d8e7d205699c4b39.camel@HIDDEN>
<877dm9s9fz.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <877dm9s9fz.fsf@HIDDEN>
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
On Sun, Mar 14, 2021 at 05:37:25PM -0400, Mark H Weaver wrote:
> patch@HIDDEN: probably vulnerable to CVE-2019-13636, CVE-2019-13638,
> CVE-2019-20633, CVE-2018-1000156, CVE-2018-20969, CVE-2018-6951, CVE-
> 2018-6952
I tried building a "fixed" package of patch, cherry-picking bug fix
patches from patch.git.
Unfortunately, the patches largely don't apply to the most recent
release of patch.
Since there is no release fixing these bugs, and no clear advice about
which patches to apply, I'm going to stop working on this for now.
Received: (at control) by debbugs.gnu.org; 14 Apr 2021 21:55:05 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Apr 14 17:55:05 2021 Received: from localhost ([127.0.0.1]:35968 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1lWnTU-0002AA-QI for submit <at> debbugs.gnu.org; Wed, 14 Apr 2021 17:55:04 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:39795) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <leo@HIDDEN>) id 1lWnTT-00029U-5r for control <at> debbugs.gnu.org; Wed, 14 Apr 2021 17:55:03 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id E94485C0108; Wed, 14 Apr 2021 17:54:57 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Wed, 14 Apr 2021 17:54:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:message-id:mime-version:content-type; s=mesmtp; bh=rDpA5dIR1inqFcXoV5biyYADV3Zsa0rSv4grVu24RlA=; b=WJCAl3wTNhat UylOKs3CQuh0eO2tWnOtW5DBE3X466wxLNqq5Fv8BNeviKsUoBRUQ44f+8VecZBK 8mq7Kxldw1UZOWjWQ6wwmOTf6Yn5FbZ07Cpdf7OKqx8u+g8ua07Vn9IRHnkzmhvg lljR9lwJb2oFfznK5LsIx36UcJg/apk= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=rDpA5dIR1inqFcXoV5biyYADV3Zsa0rSv4grVu24R lA=; b=izAiJ2OtTtz7LWQ8W5pdfIdjo5N0+OUhqupjyqTsfGTvzHYKTrvYMej5Y f/ZIMdcsod6tBM9eoVdb+8GsdRu60uBCqeN39PCnHsyLh/v1EJbWFyyZiROdB30t M4SrpMehOC7VNlxqaC71x5mhLjrRjYpiigNXMYuphQhzLd88wGrK6ef7N1abp4UP WeR8Jdtz6ryIgoXhYZvadYyaIuv9X1PZMMTypsB33Qk8HmokrFUPvv4Ag1cN81Lu u31caghjZMaKAZDDzoiI2MP7RLJZhSnKA0ulmWfRuBW4k0lgIBiCcnlSufDtlz3x L0qlFa5V/rGIr0Rtwbg2LcFWFkwfg== X-ME-Sender: <xms:sWR3YAnfRwv0nsAj2ujsfKKpG95sDcD9_AJ48PcpDDueDaEfjPpb9g> <xme:sWR3YP0oPhLrLnCkF1Rg6v1io1bI7qBppvxSe0ZLOeLA2rIHB8hTgB1zoEO9y30zO TAt3YcMioj-94fEZg> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrudelvddgtddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfgmhhpthihuchsuhgsjhgvtghtucdluddtmdenuc fjughrpeffhffvkfggtggusehttdortddttddvnecuhfhrohhmpefnvghoucfhrghmuhhl rghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpe evieeugedvheeugfetveefjefgtdfgveegvefhieetheetueeftdeifeeggfeiheenucfk phepuddttddruddurdduieelrdduudeknecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: <xmx:sWR3YOoZ58PM8zUfUsKY6yM1CJkwqo2rqKGRjFK9fRpZWBC_zHDuiw> <xmx:sWR3YMmwSR8HMtCx0WGc5BVo4jfb73DZppwWwJRBCQ6P3kMiLD8bsA> <xmx:sWR3YO2fxAo4X_9QZSeYahWJd8oMdPzZ8pt3p8jg4UzOOuqD0xOjhA> <xmx:sWR3YPDBZ3dPN4MKKCY612idfoa80iNSAQkC4J9wq5X6t3-SHsq7Gw> Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA id BBB69108005B for <control <at> debbugs.gnu.org>; Wed, 14 Apr 2021 17:54:57 -0400 (EDT) Date: Wed, 14 Apr 2021 17:54:56 -0400 From: Leo Famulari <leo@HIDDEN> To: control <at> debbugs.gnu.org Message-ID: <YHdksDadnrKDcbUD@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: unblock 47297 with 47144 Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.26 listed in wl.mailspike.net] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [66.111.4.26 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.3 (/) unblock 47297 with 47144
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.