On Tue, Jul 25, 2017 at 12:12:25AM -0400, Leo Famulari wrote:
> This problem with the wrong number of arguments being passed to
> parse_media() is introduced in the Debian patch, so we should check if
> there is a better version of the patch or if fixes are being applied
> upstream.
Actually, the
The problem is that, in the patch phase, the patch file is referred to
as 'patch', but the package for the `patch` program is what that
variable resolves to:
(let ((patch.gz (assoc-ref inputs "patch")))
After fixing that by renaming the variable for the patch file to
something unique, the build
While looking into an update of the Debian patch that we apply to
net-tools, I noticed that the patch is not being applied meaningfully.
After the 'patch' phase, there is an empty file called 'the-patch' in
the root of the source tree, but otherwise there are no changes to the
unpacked tarball.
It was recently reported that libidn2 can cause issues for domains whose
names contain underscores, and maybe some other characters, too. It
matters to us because we build GnuTLS with libidn2.
I'm not sure yet what the solution is for us. Help wanted!
Original report:
Apparently our PHP package is vulnerable to CVE-2017-11144,
CVE-2017-11145, and CVE-2017-11362:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145
This one looks especially bad:
Hi Mark,
Mark H Weaver skribis:
> I just ran the following command on my Thinkpad X200 running GuixSD:
>
> ./pre-inst-env guix environment guile --ad-hoc autoconf automake libtool
> flex gettext
>
> Using the guix client from a git checkout at v0.13.0-1496-gcfd6a3b1e,
> and