Hello!
I could find that the 'patch' package was vulnerable to numerous CVEs
that other distros like Debian have patched. Here's the list reported
by 'guix lint -c cve patch':
patch@2.7.6: probably vulnerable to CVE-2019-13636, CVE-2019-13638,
CVE-2019-20633, CVE-2018-1000156, CVE-2018-20969, CVE
Hello!
While patching packages for security issues, I often am needing to get
some patches from git repos because upstream does not make releases.
Including patch in "patches" directory etc. is a bit troublesome, I
would rather have some Scheme code do this with: upstream git url,
commit selector
CVE-2021-28116 09.03.21 23:15
Squid through 4.14 and 5.x through 5.0.5, in some configurations,
allows information disclosure because of an out-of-bounds read in WCCP
protocol data. This can be leveraged as part of a chain for remote code
execution as nobody.
Upstream did not release a patch yet.
Nicolas Goaziou writes:
> Raghav Gururajan writes:
>
>> Makes sense. I have attached the patch.
>
> Applied. Thank you.
>
> Sorry for the mess!
No worries, it's no mess at all. Thanks to Nicolas and Raghav for
taking care of renaming it, and also to everyone who contributed to the
bike-shed di
Hi Ricardo, Chris,
Ricardo Wurmus writes:
> We have “guix graph --path from to”, but frustratingly it won’t cover
> build system packages, [...]
Chris Marusich writes:
> The "--paths" option with "--type=bag" shows you this (results
> below were, of course, taken before applying the patch above
Hi Chris,
Chris Marusich writes:
> Actually, I've realized that that patch wasn't quite right. I've
> attached a corrected version to this email.
>
> Although the %current-system parameter will look like "x86_64-linux"
> because it's a Guix system name, the %current-target-system parameter
> wi
Hi Chris,
Christopher Baines writes:
> I've gone ahead and pushed the patch I proposed to master, I think it's
> a step forward.
On second thought, maybe you have the right idea. It's becoming
increasingly clear that we cannot continue to postpone fixing our Rust
packages on non-Intel platforms
Hello Chris,
I'm all for that, what can I do to help ?
I don't have a Talos, though...
So only cross- or emulated- stuff...
Willing to help, but needs directions.
--
Vincent Legoll
Hi,
zimoun writes:
> Is it doable to have core-updates merged in the next weeks? Or not at
> all.
Do we plan to upgrade GCC? This is required for the powerpc64le-linux
port; see below for details.
The wip-ppc64le branch, which ports Guix to an architecture that can be
run on freedom-friendly
Hello,
Raghav Gururajan writes:
> Makes sense. I have attached the patch.
Applied. Thank you.
Sorry for the mess!
Regards,
--
Nicolas Goaziou
Hi Tobias,
On Tue, 9 Mar 2021 at 18:14, Tobias Geerinckx-Rice wrote:
> For most upstreams whether or not dashes were in vogue[0] when
> they named their project is literally arbitrary. We'd penalise
> many other packages like texlive-todonotes, open{ssh,vpn,*},
> ktexteditor, r-performanceanaly
Taylan,
Taylan Kammer 写道:
This discussion made me realize that "guix search" might benefit
from
the following improvement though: I think the relevance score
for a
search result should be increased significantly if the searched
word is
a standalone (not substring) part of a package's name whe
Hi,
On Tue, 9 Mar 2021 at 14:37, Taylan Kammer wrote:
> This discussion made me realize that "guix search" might benefit from
> the following improvement though: I think the relevance score for a
> search result should be increased significantly if the searched word is
> a standalone (not subst
On 09.03.2021 12:38, Tobias Geerinckx-Rice wrote:
> Raghav Gururajan 写道:
>> Since, we already mention "todo list manager" in description, I think
>> "ti-cli" is better.
>
> It says nothing about the package and does not uniquely identify it:
>
> bundlerApp {
> pname = "t";
> [...]
>
>
Hi Tobias!
Please: t-todo-manager (t-todo-whatever, I don't care) or
$something_a_mainstream_distro_uses, but not yet another bikeshedded
unique name, fun as they are to do.
Makes sense. I have attached the patch.
Regards,
RG.
From 04066b34518fc01290f12093910387e10c04fa08 Mon Sep 17 00:00:00
On Mon, 2021-03-08 at 22:47 +, Christopher Baines wrote:
> Vincent Legoll writes:
> > > often I'll be unable to SSH in
> >
> > Couldn't you get a console from a virtual serial port from the VM ?
>
> Maybe, I also want to look at getting the serial port output logged
> to a file (if that's e
Julien Lepiller writes:
> Well, python-t should be unique, right? There can't be a collision on pypi.
> Well, except if that package is not on pypi?
Since it’s not a library we shouldn’t name it “python-”.
I agree with Tobias and others who suggested “t-todo-manager” or
similar; not “t-cli”,
Well, python-t should be unique, right? There can't be a collision on pypi.
Well, except if that package is not on pypi?
Le 9 mars 2021 06:38:04 GMT-05:00, Tobias Geerinckx-Rice a
écrit :
>Raghav Gururajan 写道:
>> Since, we already mention "todo list manager" in description, I
>> think
>> "ti-
Raghav Gururajan 写道:
Since, we already mention "todo list manager" in description, I
think
"ti-cli" is better.
It says nothing about the package and does not uniquely identify
it:
bundlerApp {
pname = "t";
[...]
meta = with lib; {
description = "A command-line power tool for
Am Dienstag, den 09.03.2021, 01:08 -0500 schrieb Raghav Gururajan:
> > I like Mark's suggestion of "t-todo-list-manager" as well as
> > Raghav's suggestion for "t-cli"; in that order.
> >
> > Either name sounds good to me, though.
>
> Cool!
>
> Since, we already mention "todo list manager" in de
Lars-Dominik Braun 写道:
I’m mainly working on Python and R packaging as part of my job
at
leibniz-psychology.org. Apart from that I’ll be looking into
improving
package quality, for example through my changes to
python-build-system.
Sounds wonderful. Welcome, Lars!
Kind regards,
T G-R
sig
Hi!
On 03/03/2021 11:05, Ludovic Courtès wrote:
Hi Magali,
Magali Lemes skribis:
My Outreachy internship officially ends on March 2nd, next
Tuesday. It's been wonderful contributing to Guix, and I have learned
quite a lot in these last three months. This community is truly
welcoming, and the
On Tue, Mar 09, 2021 at 07:57:33AM +, Christopher Baines wrote:
>
> jbra...@dismail.de writes:
>
> > I'd be happy to reformat this as a guix blog post, unless you'd rather
> > I not.
>
> I think another blog post on the Hurd would be nice, although I'm not
> sure what the main takeaway shoul
Welcome!
--
Efraim Flashner אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
Hi Pierre,
> Do you have a link?
sorry, I meant, I wrote the patch that added the --profile switch, see
https://issues.guix.gnu.org/46291
> I'd love to see this merged! :)
The patch above is already merged.
Cheers,
Lars
signature.asc
Description: PGP signature
Chris Marusich writes:
> How about a patch like the following - would it be acceptable to you?
Actually, I've realized that that patch wasn't quite right. I've
attached a corrected version to this email.
Although the %current-system parameter will look like "x86_64-linux"
because it's a Guix s
Welcome!
--
Pierre Neidhardt
https://ambrevar.xyz/
signature.asc
Description: PGP signature
27 matches
Mail list logo