Hi, Josselin Poiret <d...@jpoiret.xyz> skribis:
> From: Josselin Poiret <d...@jpoiret.xyz> > > * gnu/packages/patches/glibc-2.39-git-updates.patch: New patch. > * gnu/local.mk (dist_patch_DATA): Register it. > * gnu/packages/base.scm (glibc): Use it. > > Change-Id: I13ff3fa2eddd8296d138f87c9069487e9543b3bd > --- > How about the following patch? [...] > + (patches (search-patches "glibc-2.39-git-updates.patch" > + "glibc-ldd-powerpc.patch" > "glibc-2.38-ldd-x86_64.patch" > "glibc-dl-cache.patch" > "glibc-2.37-versioned-locpath.patch" As discussed on IRC, I would suggest one file per security fix, with “CVE-xyz” in the file name so that ‘guix lint’ can recognize it. But if that’s too tedious/inconvenient, let’s do it like you did here. In that case, we also need to add the ‘lint-hidden-cve’ package property. So I’d say you can go ahead with one of these two approaches. Either way, what matters here is to make sure we remove the glibc graft. Thank you! Ludo’.