GNU logs - #47193, boring messages

Message sent to guix-patches@HIDDEN:

Subject: [bug#47193] Fancify guix lint -c cve output
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 16 Mar 2021 16:01:02 +0000
Resent-Message-ID: <handler.47193.B.16159104249667 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 47193 <at> debbugs.gnu.org
BIMI-Selector: v=BIMI1; s=default;
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Tue, 16 Mar 2021 17:00:11 +0100
Message-ID: <87im5rm6lw.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@HIDDEN;
 helo=tobias.gr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

--=-=-=
Content-Type: text/plain; format=flowed

Guix,

A quick hack requested by lle-bout: indicate CVE severity with
pretty/scary colours[0].  It's deliberately simple: no scoring, no 
versioning, no importing (guix colors) from (guix cve), ...

Another patch adds order to the rainbow.  Sort CVEs by ID, so 
roughly
chronological.  In combination with the other patch, I prefer this 
to
more complex ordering and/or grouping by severity.

Kind regards,

T G-R

[0]: https://tobias.gr/tmp.png

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYFDWCw0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15RQ4BAI3yfWXQoiM1lTSdAvnUZHFf41BHMdUDMebqSQuz
9zR1AQCKwuoJ6L5rECbJ9dXPEz4qV+WCmLbjSCrdQZBITSj+Bw==
=0/gM
-----END PGP SIGNATURE-----
--=-=-=--

Message sent:

Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Tobias Geerinckx-Rice <me@HIDDEN>
Subject: bug#47193: Acknowledgement (Fancify guix lint -c cve output)
Message-ID: <handler.47193.B.16159104249667.ack <at> debbugs.gnu.org>
References: <87im5rm6lw.fsf@nckx>
X-Gnu-PR-Message: ack 47193
X-Gnu-PR-Package: guix-patches
Reply-To: 47193 <at> debbugs.gnu.org
Date: Tue, 16 Mar 2021 16:01:02 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 guix-patches@HIDDEN

If you wish to submit further information on this problem, please
send it to 47193 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
47193: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D47193
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

Message sent to guix-patches@HIDDEN:

Subject: [bug#47193] [PATCH 1/2] lint: Sort possible vulnerabilities.
References: <87im5rm6lw.fsf@nckx>
In-Reply-To: <87im5rm6lw.fsf@nckx>
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 16 Mar 2021 16:08:02 +0000
Resent-Message-ID: <handler.47193.B47193.161591082410371 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 47193 <at> debbugs.gnu.org
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Tue, 16 Mar 2021 17:06:52 +0100
Message-Id: <20210316160653.9891-1-me@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

* guix/lint.scm (check-vulnerabilities): Sort unpatched vulnerabilities
by ID.
---
 guix/lint.scm | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/guix/lint.scm b/guix/lint.scm
index 5144fa139d..ed57e19fe2 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1164,6 +1164,23 @@ the NIST server non-fatal."
                                             package-vulnerabilities))
   "Check for known vulnerabilities for PACKAGE.  Obtain the list of
 vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
+
+  (define (vulnerability< v1 v2)
+    (define (string-list< list1 list2)
+      (match list1
+        ((head1 tail1 ...)
+         (match list2
+           ((head2 tail2 ...)
+            (if (string=? head1 head2)
+                (string-list< tail1 tail2)
+                (string<? head1 head2)))
+           (_ #f)))
+        (_ #f)))
+
+    (let ((separators (char-set-complement char-set:letter+digit)))
+      (string-list< (string-split (vulnerability-id v1) separators)
+                    (string-split (vulnerability-id v2) separators))))
+
   (let ((package (or (package-replacement package) package)))
     (match (package-vulnerabilities package)
       (()
@@ -1184,7 +1201,8 @@ vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
               (make-warning
                package
                (G_ "probably vulnerable to ~a")
-               (list (string-join (map vulnerability-id unpatched)
+               (list (string-join (map vulnerability-id
+                                       (sort unpatched vulnerability<))
                                   ", "))))))))))

 (define (check-for-updates package)
-- 
2.30.1

Message sent to guix-patches@HIDDEN:

Subject: [bug#47193] [PATCH 2/2] lint: Indicate CVE severity.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 16 Mar 2021 16:08:02 +0000
Resent-Message-ID: <handler.47193.B47193.161591082710381 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 47193 <at> debbugs.gnu.org
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Tue, 16 Mar 2021 17:06:53 +0100
Message-Id: <20210316160653.9891-2-me@HIDDEN>
In-Reply-To: <20210316160653.9891-1-me@HIDDEN>
References: <20210316160653.9891-1-me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

* guix/cve.scm <cve-item>[cvss3-base-severity]: New field.
(impact-data->cve-cvss3-base-severity): New procedure.
<vulnerability>[severity]: New field.
(vulnerability->sexp, sexp->vulnerability, cve-item->vulnerability)
(write-cache): Bump the format version to 2.
(vulnerabilities->lookup-proc): Adjust accordingly.
* guix/lint.scm (check-vulnerabilities): Indicate CVE severity according
to the output port's terminal capabilities.
---
 guix/cve.scm  | 48 ++++++++++++++++++++++++++++++++----------------
 guix/lint.scm | 32 +++++++++++++++++++++++++++++++-
 2 files changed, 63 insertions(+), 17 deletions(-)

diff --git a/guix/cve.scm b/guix/cve.scm
index b3a8b13a06..3809e4493f 100644
--- a/guix/cve.scm
+++ b/guix/cve.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2021 Tobias Geerinckx-Rice <me@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -38,6 +39,7 @@
             cve-item?
             cve-item-cve
             cve-item-configurations
+            cve-item-cvssv3-base-severity
             cve-item-published-date
             cve-item-last-modified-date
 
@@ -53,6 +55,7 @@
 
             vulnerability?
             vulnerability-id
+            vulnerability-severity
             vulnerability-packages
 
             json->vulnerabilities
@@ -72,13 +75,15 @@
 
 (define-json-mapping <cve-item> cve-item cve-item?
   json->cve-item
-  (cve            cve-item-cve "cve" json->cve)   ;<cve>
-  (configurations cve-item-configurations         ;list of sexps
-                  "configurations" configuration-data->cve-configurations)
-  (published-date cve-item-published-date
-                  "publishedDate" string->date*)
-  (last-modified-date cve-item-last-modified-date
-                      "lastModifiedDate" string->date*))
+  (cve                  cve-item-cve "cve" json->cve) ;<cve>
+  (configurations       cve-item-configurations       ;list of sexps
+                        "configurations" configuration-data->cve-configurations)
+  (cvssv3-base-severity cve-item-cvssv3-base-severity ;string
+                        "impact" impact-data->cve-cvssv3-base-severity)
+  (published-date       cve-item-published-date
+                        "publishedDate" string->date*)
+  (last-modified-date   cve-item-last-modified-date
+                        "lastModifiedDate" string->date*))
 
 (define-json-mapping <cve> cve cve?
   json->cve
@@ -183,6 +188,15 @@ element found in CVEs, return an sexp such as (\"binutils\" (<
   (let ((nodes (vector->list (assoc-ref alist "nodes"))))
     (filter-map node->configuration nodes)))
 
+(define (impact-data->cve-cvssv3-base-severity alist)
+  "Given ALIST, a JSON dictionary for the \"impact\" element found in
+CVEs, return a string indicating its CVSSv3 severity.  This should be
+one of \"NONE\", \"LOW\", \"MEDIUM\", \"HIGH\", or \"CRITICAL\", but we
+return whatever we find, or #F if the severity cannot be determined."
+  (let* ((base-metric-v3 (assoc-ref alist "baseMetricV3"))
+         (cvss-v3        (assoc-ref base-metric-v3 "cvssV3")))
+    (assoc-ref cvss-v3 "baseSeverity")))
+
 (define (json->cve-items json)
   "Parse JSON, an input port or a string, and return a list of <cve-item>
 records."
@@ -251,20 +265,21 @@ records."
   (* 3600 24 (date-month %now)))
 
 (define-record-type <vulnerability>
-  (vulnerability id packages)
+  (vulnerability id severity packages)
   vulnerability?
   (id         vulnerability-id)             ;string
+  (severity   vulnerability-severity)       ;string
   (packages   vulnerability-packages))      ;((p1 sexp1) (p2 sexp2) ...)
 
 (define vulnerability->sexp
   (match-lambda
-    (($ <vulnerability> id packages)
-     `(v ,id ,packages))))
+    (($ <vulnerability> id severity packages)
+     `(v ,id ,severity ,packages))))
 
 (define sexp->vulnerability
   (match-lambda
-    (('v id (packages ...))
-     (vulnerability id packages))))
+    (('v id severity (packages ...))
+     (vulnerability id severity packages))))
 
 (define (cve-configuration->package-list config)
   "Parse CONFIG, a config sexp, and return a list of the form (P SEXP)
@@ -309,12 +324,13 @@ versions."
   "Return a <vulnerability> corresponding to ITEM, a <cve-item> record;
 return #f if ITEM does not list any configuration or if it does not list
 any \"a\" (application) configuration."
-  (let ((id (cve-id (cve-item-cve item))))
+  (let ((id (cve-id (cve-item-cve item)))
+        (severity (cve-item-base-severity item)))
     (match (cve-item-configurations item)
       (()                                         ;no configurations
        #f)
       ((configs ...)
-       (vulnerability id
+       (vulnerability id severity
                       (merge-package-lists
                        (map cve-configuration->package-list configs)))))))
 
@@ -332,7 +348,7 @@ sexp to CACHE."
         (json->vulnerabilities input))
 
       (write `(vulnerabilities
-               1                                  ;format version
+               2                                  ;format version
                ,(map vulnerability->sexp vulns))
              cache))))
 
@@ -396,7 +412,7 @@ vulnerabilities affecting the given package version."
     ;; Map package names to lists of version/vulnerability pairs.
     (fold (lambda (vuln table)
             (match vuln
-              (($ <vulnerability> id packages)
+              (($ <vulnerability> id severity packages)
                (fold (lambda (package table)
                        (match package
                          ((name . versions)
diff --git a/guix/lint.scm b/guix/lint.scm
index ed57e19fe2..f3c4e13052 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -48,6 +48,7 @@
   #:use-module (guix monads)
   #:use-module (guix scripts)
   #:use-module ((guix ui) #:select (texi->plain-text fill-paragraph))
+  #:use-module (guix colors)
   #:use-module (guix gnu-maintenance)
   #:use-module (guix cve)
   #:use-module ((guix swh) #:hide (origin?))
@@ -1165,6 +1166,35 @@ the NIST server non-fatal."
   "Check for known vulnerabilities for PACKAGE.  Obtain the list of
 vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
 
+  (define severity->color
+    ;; A standard CVE colour gradient is red > orange > yellow > green > none.
+    ;; However, ANSI non-bold YELLOW is actually orange whilst BOLD YELLOW
+    ;; is actual yellow, so BOLD would confusingly be less serious.  Skip it.
+    (match-lambda
+      ("CRITICAL"     (color BOLD RED))
+      ("HIGH"         (color RED))
+      ("MEDIUM"       (color YELLOW))
+      ("LOW"          (color GREEN))
+      (_              (color))))
+
+  (define (colorize-vulnerability vulnerability)
+    ;; If the terminal supports ANSI colours, use them to indicate severity.
+    (colorize-string (vulnerability-id vulnerability)
+                     (severity->color (vulnerability-severity
+                                       vulnerability))))
+
+  (define (simple-format-vulnerability vulnerability)
+    ;; Otherwise, omit colour coding and explicitly append the severity string.
+    (simple-format #f "~a (~a)"
+                   (vulnerability-id vulnerability)
+                   (string-downcase (vulnerability-severity vulnerability))))
+
+  (define format-vulnerability
+    ;; Check once which of the above to use for all PACKAGE vulnerabilities.
+    (if (color-output? (current-output-port))
+        colorize-vulnerability
+        simple-format-vulnerability))
+
   (define (vulnerability< v1 v2)
     (define (string-list< list1 list2)
       (match list1
@@ -1201,7 +1231,7 @@ vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
               (make-warning
                package
                (G_ "probably vulnerable to ~a")
-               (list (string-join (map vulnerability-id
+               (list (string-join (map format-vulnerability
                                        (sort unpatched vulnerability<))
                                   ", "))))))))))
 
-- 
2.30.1

Message sent to guix-patches@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: [bug#47193] Fancify guix lint -c cve output
References: <87im5rm6lw.fsf@nckx>
In-Reply-To: <87im5rm6lw.fsf@nckx>
Resent-From: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 16 Mar 2021 18:20:02 +0000
Resent-Message-ID: <handler.47193.B47193.161591880122941 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 47193
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: 47193 <at> debbugs.gnu.org
Received: via spool by 47193-submit <at> debbugs.gnu.org id=B47193.161591880122941
          (code B ref 47193); Tue, 16 Mar 2021 18:20:02 +0000
Received: (at 47193) by debbugs.gnu.org; 16 Mar 2021 18:20:01 +0000
Received: from localhost ([127.0.0.1]:41024 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lMEIS-0005xw-QF
	for submit <at> debbugs.gnu.org; Tue, 16 Mar 2021 14:20:01 -0400
Received: from mail.zaclys.net ([178.33.93.72]:54259)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@HIDDEN>) id 1lMEIR-0005xe-Ty
 for 47193 <at> debbugs.gnu.org; Tue, 16 Mar 2021 14:20:00 -0400
Received: from [192.168.0.44] (82-64-145-38.subs.proxad.net [82.64.145.38])
 (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12GIJsVp009835
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <47193 <at> debbugs.gnu.org>; Tue, 16 Mar 2021 19:19:54 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12GIJsVp009835
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@HIDDEN
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1615918794;
 bh=cEe+KKu9WFYEwFiDgxQ8dVXyj9kxHJ1Kgk/z+L7jq4I=;
 h=Subject:From:To:Date:From;
 b=Gvf7+B3q4j18TUEMnja77ILs++CbPOSZfDfSFD1au7zmwIk1Bm1y3PuHZjUIUgyNF
 r4tSodZPa3LiaNTkhoXivvJmxoGu2PG9TpuGOfJJsZ0ZAhOld2Q7UPMyuZQ1J6b3xk
 ssnlfVVl7ApFDEPIayS58M+zk47pv7WQt9DcTz+s=
Message-ID: <0524f6bfe10befabf7969aa0fbf90503e7db1ab7.camel@HIDDEN>
From: =?UTF-8?Q?L=C3=A9o?= Le Bouter <lle-bout@HIDDEN>
Date: Tue, 16 Mar 2021 19:19:54 +0100
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-+miriNulbJpzLW8VkL2r"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-+miriNulbJpzLW8VkL2r
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello!

Thanks a lot for working on this!! :-D

I get a warning during compilation:

guix/cve.scm:328:18: warning: possibly unbound variable `cve-item-base-
severity'

I also just tried it on patch package and it fails:

$ ./pre-inst-env guix lint -c cve patch
Backtrace:atch@HIDDEN [cve]...
In ice-9/boot-9.scm:
  1736:10 18 (with-exception-handler _ _ #:unwind? _ # _)
In unknown file:
          17 (apply-smob/0 #<thunk 7f5c56304520>)
In ice-9/boot-9.scm:
    718:2 16 (call-with-prompt _ _ #<procedure default-prompt-handle=E2=80=
=A6>)
In ice-9/eval.scm:
    619:8 15 (_ #(#(#<directory (guile-user) 7f5c56307c80>)))
In guix/ui.scm:
  2164:12 14 (run-guix-command _ . _)
In ice-9/boot-9.scm:
  1736:10 13 (with-exception-handler _ _ #:unwind? _ # _)
  1731:15 12 (with-exception-handler #<procedure 7f5c52ccde40 at ic=E2=80=
=A6>
=E2=80=A6)
In srfi/srfi-1.scm:
    634:9 11 (for-each #<procedure 7f5c52ccb620 at guix/scripts/lin=E2=80=
=A6>
=E2=80=A6)
In guix/scripts/lint.scm:
     65:4 10 (run-checkers #<package patch@HIDDEN gnu/packages/base.=E2=80=
=A6>
=E2=80=A6)
In srfi/srfi-1.scm:
    634:9  9 (for-each #<procedure 7f5c43b5df30 at guix/scripts/lin=E2=80=
=A6>
=E2=80=A6)
In guix/scripts/lint.scm:
    74:21  8 (_ _)
In guix/lint.scm:
   1205:4  7 (check-vulnerabilities #<package patch@HIDDEN gnu/packa=E2=80=
=A6>
=E2=80=A6)
   1151:9  6 (_ _)
In unknown file:
           5 (force #<promise #<procedure 7f5c5303cab8 at guix/lint.=E2=80=
=A6>)
In guix/lint.scm:
   1134:2  4 (_)
   1093:2  3 (call-with-networking-fail-safe _ _ _)
In ice-9/boot-9.scm:
  1736:10  2 (with-exception-handler _ _ #:unwind? _ # _)
  1669:16  1 (raise-exception _ #:continuable? _)
  1667:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1667:16: In procedure raise-exception:
Throw to key `match-error' with args `("match" "no matching pattern" (v
"CVE-2021-0212" (("contrail_networking" (< "1911.31")))))'.

--=-+miriNulbJpzLW8VkL2r
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBQ9soACgkQRaix6GvN
EKYXog//ez84TN6zVwbx16DnWHmRSgPPxnkPL4duWN6KevtxhZCEpB9oVMKO+5ao
WnJZt7c3XdkVUWM5KH6ik00p0kQehpz8AWvisGuhiBj43c3QKKXJ1j9dUZiFRfOw
uMiWqX7nv8ZAJa4Q3xp1Nd3j/S0vM/Wv/ZcvElnJFs1bsXTKPrCz8GwfbS4vzjI1
Z1yg838V54iPHWPnHjRWSEtLir5Z+3EImsIgkfj5BLunXYZWIqE88uzFn+lYQTes
WFqFNgW2JM6o16Gsa1d6lQ8Q76PUh2jwqDHjBUdTpcezKZ23J7rdG4pcdoxxxhry
TmzjgLbUuR/e+mHKULK1YpgFOZkcb/QzDx50m9h9fryGVp4fiUCcnEOLH8sobQnB
zAbMzFgaG2S7AMxA1lJ5pe1Y+kIQs5wBxUqCVVu8cyqBocXJH7yY8N6lfP/iEze9
gFUaXjahLjtSK+55r2m4AAxKI3ucfodpLaFtpJ0Cwlc2cSekdtkAOfmyh7GNDW19
dSEzpiE8eXuwXQ5vheHAYPpvH2dVrStOn4gHECZvB5NqutqeFGVQshb3AiwkSU+P
1Sb7Zq9ghNcRmnZ1/begvC/GEQgYRnCaXbB2yPwih5xrOIt1jFb9nqNnYdiOM9Nm
bMZ/yZ9Es5DQaqif9Rn9lKtec9NBU/hzuPP0r2ZVPAC6CnY9uxQ=
=MNBF
-----END PGP SIGNATURE-----

--=-+miriNulbJpzLW8VkL2r--

Last modified: Tue, 16 Mar 2021 18:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.