From unknown Mon Jun 23 07:48:46 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#26109 <26109@debbugs.gnu.org> To: bug#26109 <26109@debbugs.gnu.org> Subject: Status: [PATCH 3/7] gnu: Add dcmtk. Reply-To: bug#26109 <26109@debbugs.gnu.org> Date: Mon, 23 Jun 2025 14:48:46 +0000 retitle 26109 [PATCH 3/7] gnu: Add dcmtk. reassign 26109 guix-patches submitter 26109 John Darrington severity 26109 normal tag 26109 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 15 16:06:03 2017 Received: (at submit) by debbugs.gnu.org; 15 Mar 2017 20:06:04 +0000 Received: from localhost ([127.0.0.1]:57512 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1coFBL-00073d-Ec for submit@debbugs.gnu.org; Wed, 15 Mar 2017 16:06:03 -0400 Received: from eggs.gnu.org ([208.118.235.92]:36847) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1coFBG-00072X-RQ for submit@debbugs.gnu.org; Wed, 15 Mar 2017 16:06:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1coFBA-0008Dc-B2 for submit@debbugs.gnu.org; Wed, 15 Mar 2017 16:05:53 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:57382) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1coFBA-0008D7-7l for submit@debbugs.gnu.org; Wed, 15 Mar 2017 16:05:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56003) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1coFB7-0003AF-QO for guix-patches@gnu.org; Wed, 15 Mar 2017 16:05:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1coFB4-00087H-8o for guix-patches@gnu.org; Wed, 15 Mar 2017 16:05:49 -0400 Received: from de.cellform.com ([88.217.224.109]:60815 helo=jocasta.intra) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1coFB3-0007uG-R8; Wed, 15 Mar 2017 16:05:46 -0400 Received: from jocasta.intra (localhost [127.0.0.1]) by jocasta.intra (8.14.4/8.14.4/Debian-8+deb8u1) with ESMTP id v2FK5TDq023695 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Mar 2017 21:05:29 +0100 Received: (from john@localhost) by jocasta.intra (8.14.4/8.14.4/Submit) id v2FK5TSL023694; Wed, 15 Mar 2017 21:05:29 +0100 From: John Darrington To: guix-patches@gnu.org Subject: [PATCH 3/7] gnu: Add dcmtk. Date: Wed, 15 Mar 2017 21:05:20 +0100 Message-Id: <1489608324-23632-3-git-send-email-jmd@gnu.org> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1489608324-23632-1-git-send-email-jmd@gnu.org> References: <1489608324-23632-1-git-send-email-jmd@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by jocasta.intra id v2FK5TDq023695 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.1 (----) X-Debbugs-Envelope-To: submit Cc: John Darrington X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.1 (----) * gnu/packages/image-processing.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. --- gnu/local.mk | 1 + gnu/packages/image-processing.scm | 75 +++++++++++++++++++++++++++++++++= ++++++ 2 files changed, 76 insertions(+) create mode 100644 gnu/packages/image-processing.scm diff --git a/gnu/local.mk b/gnu/local.mk index c1b076a..15325d3 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -187,6 +187,7 @@ GNU_SYSTEM_MODULES =3D \ %D%/packages/idris.scm \ %D%/packages/idutils.scm \ %D%/packages/image.scm \ + %D%/packages/image-processing.scm \ %D%/packages/image-viewers.scm \ %D%/packages/imagemagick.scm \ %D%/packages/indent.scm \ diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-proce= ssing.scm new file mode 100644 index 0000000..e1ad93e --- /dev/null +++ b/gnu/packages/image-processing.scm @@ -0,0 +1,75 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2017 John Darrington +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (a= t +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu packages image-processing) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix packages) + #:use-module (guix utils) + #:use-module (guix download) + #:use-module (guix build-system gnu) + #:use-module (gnu packages) + #:use-module (gnu packages compression) + #:use-module (gnu packages documentation) + #:use-module (gnu packages image) + #:use-module (gnu packages perl)) + +(define-public dcmtk + (package + (name "dcmtk") + (version "3.6.0") + (source (origin + (method url-fetch) + (uri + (string-append + "ftp://dicom.offis.de/pub/dicom/offis/software/dcmtk/dcm= tk" + (string-fold (lambda (x prev) + (if (eq? x #\.) prev + (string-append prev (string x)))) + "" version) + "/dcmtk-" + version ".tar.gz")) + (sha256 + (base32 + "0fnkbq0nz8658svdn1xnjrv8qm618gln1q8ykwszmb9225q0kifg"))= )) + (build-system gnu-build-system) + (arguments `(#:parallel-build? #f ; Broken makefile + #:tests? #f ; There are no tests + #:make-flags `("CXXFLAGS=3D-fpermissive -fPIC" + "CFLAGS=3D-fPIC") + #:phases + (modify-phases %standard-phases + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (zero? (system* "make" + "install-all"))))))) + (inputs `(("libtiff" ,libtiff) + ("libpng" ,libpng) + ("doxygen" ,doxygen) + ("zlib" ,zlib))) + (native-inputs `(("perl" ,perl))) + (synopsis "Libraries and programs implementing large parts the DICOM= standard") + (description "DCMTK is a collection of libraries and applications +implementing large parts the DICOM standard. It includes software for +examining, constructing and converting DICOM image files, handling offli= ne +media, sending and receiving images over a network connection, as well a= s +demonstrative image storage and worklist servers.") + (home-page "http://dcmtk.org") + (license (license:fsf-free + "file://COPYRIGHT" + "A union of the Apache 2.0 licence and various non-copylef= t +licences similar to the Modified BSD licence.")))) --=20 2.1.4 From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 17 16:43:21 2017 Received: (at 26109) by debbugs.gnu.org; 17 Mar 2017 20:43:22 +0000 Received: from localhost ([127.0.0.1]:32925 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1coyiU-00016L-IH for submit@debbugs.gnu.org; Fri, 17 Mar 2017 16:43:21 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:34103 helo=mail.openmailbox.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1coyiP-000168-OE for 26109@debbugs.gnu.org; Fri, 17 Mar 2017 16:43:17 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id BA04C50EBF2; Fri, 17 Mar 2017 21:43:12 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1489783392; bh=kYoj6GH6qEwkISfj+TsxeOKsnFzY1P+DG+qCikqS6Yg=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=KnEfxUxqNeAicOKp8Eu3nAo8jwHRmWWBBGjMPCD2/JkocYR7SZCp/ntgdXCjAFRCw XR7LxywHtmstYymMltWplgS7YvLzz22rMwltjWLNzSYFFKSV6+aN8QsSpTUvAj345I xCoYrwt/nXeyKEknTjp9PbgHQc5fBkbi+Ruh/bk4= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR003 X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS, T_DKIM_INVALID,URIBL_BLOCKED autolearn=disabled version=3.4.0 From: Kei Kebreau DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1489783391; bh=kYoj6GH6qEwkISfj+TsxeOKsnFzY1P+DG+qCikqS6Yg=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=q6dQGGkWE4qsnP3q+1mza+uhqceTv7Xaf63qCV9/+mkVWZIF5svHv4Rqv09sfwlu9 QztXdDWPreWxEjrKjXdr/TSYItWWW8Tyzi7Mt/5WxCZHv1PZTdnNw4uU5mVteKf/w0 CoJWK3EpandJXbZNNSwGZCg3KSCf0iszle/ReSew= To: John Darrington Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> Date: Fri, 17 Mar 2017 16:42:59 -0400 In-Reply-To: <1489608324-23632-3-git-send-email-jmd@gnu.org> (John Darrington's message of "Wed, 15 Mar 2017 21:05:20 +0100") Message-ID: <871stv7hyk.fsf@openmailbox.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26109 Cc: 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable John Darrington writes: > * gnu/packages/image-processing.scm: New file. > * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. Judging from the description of the software, it seems like this could fit in gnu/packages/image.scm. > --- > gnu/local.mk | 1 + > gnu/packages/image-processing.scm | 75 +++++++++++++++++++++++++++++++++= ++++++ > 2 files changed, 76 insertions(+) > create mode 100644 gnu/packages/image-processing.scm > > diff --git a/gnu/local.mk b/gnu/local.mk > index c1b076a..15325d3 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -187,6 +187,7 @@ GNU_SYSTEM_MODULES =3D \ > %D%/packages/idris.scm \ > %D%/packages/idutils.scm \ > %D%/packages/image.scm \ > + %D%/packages/image-processing.scm \ > %D%/packages/image-viewers.scm \ > %D%/packages/imagemagick.scm \ > %D%/packages/indent.scm \ > diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-proce= ssing.scm > new file mode 100644 > index 0000000..e1ad93e > --- /dev/null > +++ b/gnu/packages/image-processing.scm > @@ -0,0 +1,75 @@ > +;;; GNU Guix --- Functional package management for GNU > +;;; Copyright =C2=A9 2017 John Darrington > +;;; > +;;; This file is part of GNU Guix. > +;;; > +;;; GNU Guix is free software; you can redistribute it and/or modify it > +;;; under the terms of the GNU General Public License as published by > +;;; the Free Software Foundation; either version 3 of the License, or (at > +;;; your option) any later version. > +;;; > +;;; GNU Guix is distributed in the hope that it will be useful, but > +;;; WITHOUT ANY WARRANTY; without even the implied warranty of > +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +;;; GNU General Public License for more details. > +;;; > +;;; You should have received a copy of the GNU General Public License > +;;; along with GNU Guix. If not, see . > + > +(define-module (gnu packages image-processing) > + #:use-module ((guix licenses) #:prefix license:) > + #:use-module (guix packages) > + #:use-module (guix utils) > + #:use-module (guix download) > + #:use-module (guix build-system gnu) > + #:use-module (gnu packages) > + #:use-module (gnu packages compression) > + #:use-module (gnu packages documentation) > + #:use-module (gnu packages image) > + #:use-module (gnu packages perl)) > + > +(define-public dcmtk > + (package > + (name "dcmtk") > + (version "3.6.0") > + (source (origin > + (method url-fetch) > + (uri > + (string-append > + "ftp://dicom.offis.de/pub/dicom/offis/software/dcmtk/dcm= tk" > + (string-fold (lambda (x prev) > + (if (eq? x #\.) prev > + (string-append prev (string x)))) > + "" version) The same effect is more directly (IMO) accomplished using the following: (string-join (string-split version #\.) "") > + "/dcmtk-" > + version ".tar.gz")) > + (sha256 > + (base32 > + "0fnkbq0nz8658svdn1xnjrv8qm618gln1q8ykwszmb9225q0kifg"))= )) > + (build-system gnu-build-system) > + (arguments `(#:parallel-build? #f ; Broken makefile > + #:tests? #f ; There are no tests > + #:make-flags `("CXXFLAGS=3D-fpermissive -fPIC" > + "CFLAGS=3D-fPIC") > + #:phases > + (modify-phases %standard-phases > + (replace 'install > + (lambda* (#:key outputs #:allow-other-keys) > + (zero? (system* "make" > + "install-all"))))))) > + (inputs `(("libtiff" ,libtiff) > + ("libpng" ,libpng) > + ("doxygen" ,doxygen) > + ("zlib" ,zlib))) > + (native-inputs `(("perl" ,perl))) > + (synopsis "Libraries and programs implementing large parts the DICOM= standard") > + (description "DCMTK is a collection of libraries and applications Nitpicking again: why the double space between "description" and the double quote? > +implementing large parts the DICOM standard. It includes software for > +examining, constructing and converting DICOM image files, handling offli= ne > +media, sending and receiving images over a network connection, as well as > +demonstrative image storage and worklist servers.") > + (home-page "http://dcmtk.org") > + (license (license:fsf-free > + "file://COPYRIGHT" > + "A union of the Apache 2.0 licence and various non-copyleft > +licences similar to the Modified BSD licence.")))) Also, the linter says that this package vulnerable to CVE-2015-8979. Supposedly this* upstream patch fixes it. Could you see if that fix works for this package? * https://github.com/commontk/DCMTK/commit/1b6bb76 Other than the above, LGTM. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAljMSlQACgkQ5qXuPBlG eg3koRAAphsBi9RwAjjvHUNqDjX8P9b04yrKyjO61XdmfAMNmXkSBHSwDJ5+Ucsb 2ARjloUII93XoR7wH64oZuOH28ynVi21HxxTIqz0bgidVWxwiulXbPHFSS1Cu9/W MKlK50I5C6vxNoCmNVDanTXm5d/QwhsmTjqJlbSJKwRO49BiRsC5/Xo2dvimKfR4 hJq9NDKTLipF90PemO6B4ywQq3EwQ01hM2iU/UhInls7pmTFAlAahDsLbMNMUwQN W6HjTfeT7T1zJ+cKHE4lOgCI8uBE/+2fQIvCIrt9lVRKWoOIedZgwWs+2H0HSJaI 3ZKfGYH+Vw9lh6KyTjqAONrHN2UAd3h4zuZxKi52nMoP94e1vDLRqUwqv0HFyFJ0 /b1r0I1aFqEn3/GiZvrPW7xN+GdggcPNWdwJben+8pD2ejR+ulkDGwT+C7LOJUxe VWzv54gbY7zJD/fp3dMYUS+POytBrSdxCtinaFnuiklAlwpDDA1Lj51LyAPngmxt J0f6Q9wMv5vt5215Q80I1EePqMis/x/hccQKfZfj2t8DSRdREjiIiQu3di1Il3GH 3zTwRcxXWuYqoZcs0g3ligFnOAHAa/deX7qSkrp45TQFO0J02X3Y5A02P+sxDrda t7arn7rgUNzuvyVHbZnxRqmQ3tmUUfJ2cINNbbMw1/M3/hVEi4k= =6YrU -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 18 03:23:41 2017 Received: (at 26109) by debbugs.gnu.org; 18 Mar 2017 07:23:41 +0000 Received: from localhost ([127.0.0.1]:33206 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cp8iD-0000J1-8K for submit@debbugs.gnu.org; Sat, 18 Mar 2017 03:23:41 -0400 Received: from de.cellform.com ([88.217.224.109]:51644 helo=jocasta.intra) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cp8iA-0000Is-L2 for 26109@debbugs.gnu.org; Sat, 18 Mar 2017 03:23:40 -0400 Received: from jocasta.intra (localhost [127.0.0.1]) by jocasta.intra (8.14.4/8.14.4/Debian-8+deb8u1) with ESMTP id v2I7NbD6012259 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 18 Mar 2017 08:23:37 +0100 Received: (from john@localhost) by jocasta.intra (8.14.4/8.14.4/Submit) id v2I7NZdF012258; Sat, 18 Mar 2017 08:23:35 +0100 Date: Sat, 18 Mar 2017 08:23:35 +0100 From: John Darrington To: Kei Kebreau Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. Message-ID: <20170318072335.GA12217@jocasta.intra> References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG" Content-Disposition: inline In-Reply-To: <871stv7hyk.fsf@openmailbox.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 26109 Cc: John Darrington , 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 17, 2017 at 04:42:59PM -0400, Kei Kebreau wrote: =20 Judging from the description of the software, it seems like this could fit in gnu/packages/image.scm. Also, the linter says that this package vulnerable to CVE-2015-8979. Supposedly this* upstream patch fixes it. Could you see if that fix works for this package? =20 * https://github.com/commontk/DCMTK/commit/1b6bb76 =20 Unfortunately this patch doesn't go in. It seems that as well as fixing th= is vulnerability it also makes some unrelated changes. Furthermore, it depends on a whole lot of other patches which are not in this release. Do we have a procedure on what to do in cases like this? J' --=20 Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3=20 fingerprint =3D 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAljM4HcACgkQimdxnC3oJ7NMHgCggmNLJuX/XyATPluScEqWuWBR toIAn1shNn6woe9m39+1OquF0AcPv6th =xeSp -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG-- From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 18 12:21:59 2017 Received: (at 26109) by debbugs.gnu.org; 18 Mar 2017 16:21:59 +0000 Received: from localhost ([127.0.0.1]:34146 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cpH79-0002Xr-6b for submit@debbugs.gnu.org; Sat, 18 Mar 2017 12:21:59 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:41298 helo=mail.openmailbox.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cpH77-0002Xi-3Z for 26109@debbugs.gnu.org; Sat, 18 Mar 2017 12:21:58 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id CBF52517449; Sat, 18 Mar 2017 17:21:55 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1489854115; bh=fRbLjXL+qMpz05HQOgqskb/Jv3b2xrmj20b4upvFWqE=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=nxTmhrXL7Yntao1gUilkT6pT17z1wenKBPF02bJ+Dr3ldmKjamnf3KC5Bgv5v1ZTB p24qpSC6xxR0JeYZEUCP2yvyw9auhEUx+5x4T+Ttl6s80J2HTZzAXKK2eKAPDa+s38 fomNmColZdGVIPTNJvvRHz1ewozRojNxCqoI0/nU= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR002 X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS, T_DKIM_INVALID,URIBL_BLOCKED autolearn=disabled version=3.4.0 From: Kei Kebreau DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1489854114; bh=fRbLjXL+qMpz05HQOgqskb/Jv3b2xrmj20b4upvFWqE=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=PfIZ1ulkWBn2cK9twus1sLYsSr5gC/+FedAFcs8plOhzrsGFp+3tKGQFtpuSfTPI7 +Q7WIUsyfojNKNrwbRatY4Bpt/PmxJmx0bYTd0fniAzCfv1XPqymhbDuuhgEwHgAl9 jfEtwh321r5WekNJl4naVgJnB+8DCgKUPeFn1zO0= To: John Darrington Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> <20170318072335.GA12217@jocasta.intra> Date: Sat, 18 Mar 2017 12:21:40 -0400 In-Reply-To: <20170318072335.GA12217@jocasta.intra> (John Darrington's message of "Sat, 18 Mar 2017 08:23:35 +0100") Message-ID: <87mvci5ze3.fsf@openmailbox.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26109 Cc: John Darrington , 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable John Darrington writes: > On Fri, Mar 17, 2017 at 04:42:59PM -0400, Kei Kebreau wrote: >=20=20=20=20=20=20 > Judging from the description of the software, it seems like this cou= ld > fit in gnu/packages/image.scm. > Also, the linter says that this package vulnerable to > CVE-2015-8979. Supposedly this* upstream patch fixes it. Could you s= ee > if that fix works for this package? >=20=20=20=20=20=20 > * https://github.com/commontk/DCMTK/commit/1b6bb76 >=20=20=20=20=20=20 > > Unfortunately this patch doesn't go in. It seems that as well as fixing = this > vulnerability it also makes some unrelated changes. Furthermore, it depe= nds > on a whole lot of other patches which are not in this release. > > Do we have a procedure on what to do in cases like this? > > J' I don't know if we have an official procedure, though we could try using a later git snapshot with the security patch already integrated. Hopefully that provides functionality compatible to that of the stable release, though it's at least a five year difference between release times. http://git.cmtk.org/?p=3Ddcmtk.git,a=3Dtags --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAljNXpQACgkQ5qXuPBlG eg28NQ/9GuILLKDHTpAOG6llmF59AvZJnHYfKm38pKwvgRJsXV1GOKEWMQsg7yrd ffEsFaMhGNbyeMSyOXwtjDmmztuVYL2qnu5hhDS7A60T0qo2oArdA8VU3DhjHYZe rR9v5O6NNlxxCKImdGrpb1wknM20xtiBkTh/ya0dIK1kqaPkDQNOlMiKNzXfCVGL r5OfZ3NlAW2g3coFZNkuFdBqC25QohXxnaV5ogs04ogj1cOaTKZcZNiG+/kNN+97 IqjVM0x/FwLmN02Y8fSssUHTK5iFG0mFBAFhCJjvMr2NaqGhu18CUyM3w6eoJv8E pw/Fu/i96pHrw6DK3eLdyG9xyDAerDT0WXWsGHXM5ZdHJkmSrfo73gWovp5fkYGY fIO7qYUIQvdbgQpc4eD4KTdB42SEJqa2QHpLOPokZ3g8Hd2xHwCIRCeAxlcCXwsX GFUML+695RNwKJyD0AAonmsiZ46fc6pwTcCyLsMif9WRhVegZh9nj8eLZeAosN0y g+49H7XvseaQ7P2zz24DMiRtLP40/VFMExNTx28iQXKqhiUCSS+PQZu/zeRuwbTG jQ4Ufbr6lm6cLdLQlki2kqKKM1xtUr/sM9m64yJjuVek4b4og8WpCvJRXGfEF2gR ptft3PK3NwHtvLVTxdZWQFGvpj0q3HnfkIlIb32Jgj+dP3fHg9M= =8JPc -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 18 13:36:46 2017 Received: (at 26109) by debbugs.gnu.org; 18 Mar 2017 17:36:46 +0000 Received: from localhost ([127.0.0.1]:34228 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cpIHV-0004aa-Nm for submit@debbugs.gnu.org; Sat, 18 Mar 2017 13:36:45 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42315) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cpIHT-0004aL-Oh for 26109@debbugs.gnu.org; Sat, 18 Mar 2017 13:36:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cpIHN-0000WN-NO for 26109@debbugs.gnu.org; Sat, 18 Mar 2017 13:36:38 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:35368) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cpIHH-0000U5-JV; Sat, 18 Mar 2017 13:36:31 -0400 Received: from jmd by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1cpIHH-0000on-8x; Sat, 18 Mar 2017 13:36:31 -0400 Date: Sat, 18 Mar 2017 13:36:31 -0400 From: John Darrington To: Kei Kebreau Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. Message-ID: <20170318173630.GA14983@gnu.org> References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> <20170318072335.GA12217@jocasta.intra> <87mvci5ze3.fsf@openmailbox.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87mvci5ze3.fsf@openmailbox.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 26109 Cc: guix-devel@gnu.org, 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) [CC guix-devel@gnu.org] So we have to make a choice: 1. Package a released program with a known vulnerability; or 2. Package an unreleased git snapshot. Which is the lesser evil? J' On Sat, Mar 18, 2017 at 12:21:40PM -0400, Kei Kebreau wrote: > John Darrington writes: > > > On Fri, Mar 17, 2017 at 04:42:59PM -0400, Kei Kebreau wrote: > > > > Judging from the description of the software, it seems like this could > > fit in gnu/packages/image.scm. > > Also, the linter says that this package vulnerable to > > CVE-2015-8979. Supposedly this* upstream patch fixes it. Could you see > > if that fix works for this package? > > > > * https://github.com/commontk/DCMTK/commit/1b6bb76 > > > > > > Unfortunately this patch doesn't go in. It seems that as well as fixing this > > vulnerability it also makes some unrelated changes. Furthermore, it depends > > on a whole lot of other patches which are not in this release. > > > > Do we have a procedure on what to do in cases like this? > > > > J' > > I don't know if we have an official procedure, though we could try using > a later git snapshot with the security patch already integrated. > Hopefully that provides functionality compatible to that of the stable > release, though it's at least a five year difference between release times. > > http://git.cmtk.org/?p=dcmtk.git,a=tags From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 20 21:47:56 2017 Received: (at 26109) by debbugs.gnu.org; 21 Mar 2017 01:47:56 +0000 Received: from localhost ([127.0.0.1]:37038 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq8tw-0000V9-1P for submit@debbugs.gnu.org; Mon, 20 Mar 2017 21:47:56 -0400 Received: from lb1.openmailbox.org ([5.79.108.160]:50541 helo=mail.openmailbox.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq8tu-0000Uz-B1 for 26109@debbugs.gnu.org; Mon, 20 Mar 2017 21:47:55 -0400 Received: by mail.openmailbox.org (Postfix, from userid 20002) id EC721512218; Tue, 21 Mar 2017 02:47:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1490060872; bh=GFu9ioA1XdcyZl8sTcMVbFv/7blIU97jxiLvOHVKjnQ=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=bfLwdMFN5M8UmY1Ze0Si2avnWOLEhz2vTfXKXxikzIOkZhqwASy9ZdaJ5ZAOLOHUe DDw4dcQsgJ6FgXIx5RWKTSWEOedFbjUNZ+flgJc6Z3rI2I/lid4+1QvyAr8ocAHHxB l+NGweMbM38Qg9goE92UMbER2acdyxt0FGXJd7CQ= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR003 X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS, T_DKIM_INVALID,URIBL_BLOCKED autolearn=disabled version=3.4.0 From: Kei Kebreau DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org; s=openmailbox; t=1490060869; bh=GFu9ioA1XdcyZl8sTcMVbFv/7blIU97jxiLvOHVKjnQ=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=j7SWxFOmoY+/bxyTF5ip5QkZoKCe2TFCuCfvnPotGvjvy6IC/wY0b7FxCtau8P0Pp 6G5WI7NdLDga74Wo2X/9U2ajWB5GR5QSmEm+EUYeGguzQ5ltq9hSrCPdYoNUjpme2F 6n1EYjhGK/ruJo4UUNjDAWd8wGkBoMoj7T8u1nOA= To: John Darrington Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> <20170318072335.GA12217@jocasta.intra> <87mvci5ze3.fsf@openmailbox.org> <20170318173630.GA14983@gnu.org> Date: Mon, 20 Mar 2017 21:47:37 -0400 In-Reply-To: <20170318173630.GA14983@gnu.org> (John Darrington's message of "Sat, 18 Mar 2017 13:36:31 -0400") Message-ID: <87pohb4czq.fsf@openmailbox.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 26109 Cc: guix-devel@gnu.org, 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable John Darrington writes: > [CC guix-devel@gnu.org] > > So we have to make a choice: > > 1. Package a released program with a known vulnerability; or > 2. Package an unreleased git snapshot. > > Which is the lesser evil? I choose option two. I'm quite uncomfortable with packaging software that is known to be vulnerable. To me it seems almost malicious if it can be avoided. Other opinions? > > J' > > On Sat, Mar 18, 2017 at 12:21:40PM -0400, Kei Kebreau wrote: >> John Darrington writes: >>=20 >> > On Fri, Mar 17, 2017 at 04:42:59PM -0400, Kei Kebreau wrote: >> >=20=20=20=20=20=20 >> > Judging from the description of the software, it seems like this = could >> > fit in gnu/packages/image.scm. >> > Also, the linter says that this package vulnerable to >> > CVE-2015-8979. Supposedly this* upstream patch fixes it. Could yo= u see >> > if that fix works for this package? >> >=20=20=20=20=20=20 >> > * https://github.com/commontk/DCMTK/commit/1b6bb76 >> >=20=20=20=20=20=20 >> > >> > Unfortunately this patch doesn't go in. It seems that as well as fixi= ng this >> > vulnerability it also makes some unrelated changes. Furthermore, it d= epends >> > on a whole lot of other patches which are not in this release. >> > >> > Do we have a procedure on what to do in cases like this? >> > >> > J' >>=20 >> I don't know if we have an official procedure, though we could try using >> a later git snapshot with the security patch already integrated. >> Hopefully that provides functionality compatible to that of the stable >> release, though it's at least a five year difference between release tim= es. >>=20 >> http://git.cmtk.org/?p=3Ddcmtk.git,a=3Dtags --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAljQhjkACgkQ5qXuPBlG eg0Jdg//civlt6ts897csGr/tNn+/JoxCyh/IDn1znOvixmbAunCRraUDotdVFxj 9AXO3L1mORGDAKdbHJ1Mbjh5U9ty6z6pjscIup9ykcJaUtu0mFT0p9WUo5jOExt3 gIT5nRZaHDcnAAAtTCMH0wnWnAjmyxfC/aZ4gjGApJQ7wAw1n8nWT4dawDklahqt d49zyI12Ojbd4WQIO935HN4v215dlfgLiDx+oJTwQTgXOefwC9bLVtfW/wWf4yMO xhHXl/d6UJs7oP4LS1nRm9ccE57fXo4uCnigInpchzlipJmIPHFkBsZAZ1gh6Igz T49tb5iezG3PWni5HFg/VU3x8KLcPPOFY9LTyPem3+dT8lZyXVN2hCa3yGh9437v Cq53AvfO5reYU8KZPPvspU97xipb2VSjw+Rsz1k6IkrlJH7kE9uK0e1gXf2hELQ0 UVSwkdIcsb/rjxG2WTeM6DAHilMMJfqDGTpolkjGZJ58yoCSuNVO/6xIfH/g1sZ6 Pm8EAmYr3EwEHsa7FcVYKrmPyY/O8+W+9GQekuOyJzzM2nZLjdmBXwWTosb+h/pQ CWxDZlSSsEW5HDugqpCyZnsFiTUBw0PoA/F5SwiJPzBan+mKp4kKr58xP9S4+Ao/ ipXfRp43R8OIR6Kgz6Jpzsd4Ie9KiPI/cJsJCwEEKCQsbH90MYE= =HAqO -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 20 22:12:46 2017 Received: (at 26109) by debbugs.gnu.org; 21 Mar 2017 02:12:46 +0000 Received: from localhost ([127.0.0.1]:37052 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq9Hy-00016t-79 for submit@debbugs.gnu.org; Mon, 20 Mar 2017 22:12:46 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:54968) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq9Hv-00016h-8x for 26109@debbugs.gnu.org; Mon, 20 Mar 2017 22:12:44 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B362320A91; Mon, 20 Mar 2017 22:12:42 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 20 Mar 2017 22:12:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=SV5GVhnOZy24TcvSQHfXE8F5XxcN82qC8Jf2MM hJ/PQ=; b=zxlOiaQWkBoRpANzx0baQsHR32MR9ofb/pbSK9EIl1we1ywzhv1IGt pdqbheo0l0tijIGEl25FJ3BDSo7OIeRVHxAm8OdNVc9BigwqvbWDLSzoBJ1WU0EP ZL4IyJwUQUMlKdA4J5QlBG+7Db+wMmBCevoFm96pfmKMdCqhEL+C8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=SV5GVhnOZy24TcvSQH fXE8F5XxcN82qC8Jf2MMhJ/PQ=; b=M6C6zUFsP8NBKV2BDGR1hASDMItmIDNvzH cr+Oz/AdLk7OZcISXpK3kcJZbprbb3wKQcEk8sKBKfnZPeZ6bJM0ncWDFaSaQyyD rFAZvpoN85/VS7G3+KNgecmQSfVJHf94zWcGloJ5fWJyeUL7QsZ1+N903WTyKQy7 UmL5kkZPVAouLbBPqyO8NQkPCj8y/0mvL+QgzLMdSWrutw14kZ7hz37qhEbASlzr 1R8iWEU4rqfVJ06ZUAqEiM5PgrsrHgnf+QKPgdBmrow0f0hdSSH5KqdeZiZNcifd XEtn1K3sN9U9J9e06srbtbrLJpkp6aaeTJzesjOHJOuqTBBpZT4w== X-ME-Sender: X-Sasl-enc: 78dbV2TCFDwg/1bCDn5NKxtu4rbC2I7oOxIttsECT47G 1490062362 Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 6B2F4240AE; Mon, 20 Mar 2017 22:12:42 -0400 (EDT) Date: Mon, 20 Mar 2017 22:12:40 -0400 From: Leo Famulari To: John Darrington Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. Message-ID: <20170321021240.GA29321@jasmine> References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> <20170318072335.GA12217@jocasta.intra> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="+HP7ph2BbKc20aGI" Content-Disposition: inline In-Reply-To: <20170318072335.GA12217@jocasta.intra> User-Agent: Mutt/1.8.0 (2017-02-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 26109 Cc: John Darrington , Kei Kebreau , 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --+HP7ph2BbKc20aGI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 18, 2017 at 08:23:35AM +0100, John Darrington wrote: > On Fri, Mar 17, 2017 at 04:42:59PM -0400, Kei Kebreau wrote: > =20 > Judging from the description of the software, it seems like this cou= ld > fit in gnu/packages/image.scm. > Also, the linter says that this package vulnerable to > CVE-2015-8979. Supposedly this* upstream patch fixes it. Could you s= ee > if that fix works for this package? > =20 > * https://github.com/commontk/DCMTK/commit/1b6bb76 > =20 >=20 > Unfortunately this patch doesn't go in. It seems that as well as fixing = this > vulnerability it also makes some unrelated changes. Furthermore, it depe= nds > on a whole lot of other patches which are not in this release. >=20 > Do we have a procedure on what to do in cases like this? We could see what other distros have done. Maybe they have a simpler patch we could copy. Or, we could try building from an arbitrary Git commit. --+HP7ph2BbKc20aGI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAljQjBUACgkQJkb6MLrK fwj+iRAA1xViixnshWIFzZo47gXqVdyne01doKg+XqkY7dUzfSGj/D1fdBKKxI7M ELe/uQZAkdkVu9vh/dND/8zdM1ts4uW6v6cBkmYY34BT+l4Hn/L1l04pyPpo3rmr RCux0u2FfsOgIDhL/DNti6R/SlHMF1hTlqu3Rs1EJqDay9Lqd975rMI6/YEk9Egs 4lLeSV2xUV2UeIxoasThLt7oprZ/+7ZiEd4cPeXLs1jFBcooGxxaFzARpQ+RtL/8 bMu6bP8XOJaHSOJVYJfZDvrpuI6nIWI2+vN2xurGLHfWPgJGP1cxjIT1Wo/AENFA WBzadpNys3mle6gYtw96JGbLa/qhj8MS13Z7lpdgjWhKbGjrDiVNG69r6IvmYGQJ qApm9sN126TtiI6/C2D1R9isObyzcUlrK0gRc2NGDavwCQgokXMaBnt7NmZRJU+3 8davjz9H64FlE25pHgjkbMkxUGy+tXO0XsodsHyn3ypcnu1Xj2E9ePdO58DgJDPV 4UwcGgQj5C6FOV07/9WBdwJ0hxIA0HMQVuMiKK5tvqQNLxrTG4RIsL2PEhKsaJCj /is7lwuF8l+FzSe6M0YrIk5318igaMCP2uF8/zYepILPS1DV6AgCdxLP90fLgYOE nlA24ohTu97O+RW+eq8bYSMLqWZSr51fj1qXZZb9DbWpJnIuKCc= =yS6O -----END PGP SIGNATURE----- --+HP7ph2BbKc20aGI-- From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 20 22:13:33 2017 Received: (at 26109) by debbugs.gnu.org; 21 Mar 2017 02:13:33 +0000 Received: from localhost ([127.0.0.1]:37057 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq9Ij-00018V-FN for submit@debbugs.gnu.org; Mon, 20 Mar 2017 22:13:33 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60534) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq9Ii-00018L-2v for 26109@debbugs.gnu.org; Mon, 20 Mar 2017 22:13:32 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 0D19620A92; Mon, 20 Mar 2017 22:13:32 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 20 Mar 2017 22:13:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=YgHZx6ETNNPqIwXfpWL78+ar37GCcmqik7v1eZ +krIo=; b=1/DcjFynEWGnImahJNRImuDuK06gzWJ/jtuePB/tP5xnkpYsxW8w31 vYFqSaCZexSx/F48AffrDuAIMWmLAET/RUcPEawVZusglU4VxgjhEqSyTCpOn6pp EOovsi3mSf2k0HERCKKXgl42HJ5NWwWCzbyHqg13GTagCPGQFLh10= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=YgHZx6ETNNPqIwXfpW L78+ar37GCcmqik7v1eZ+krIo=; b=R3hta1XLTOx4lZ6HNcKohFcwNCXlLqWpSp EQ+BeIa6D0tf7+2aH9FvxrYtvrE793g8o1InCSTLaV/0ZOnGPbyaCDWYNj7GmLcK J6DyaZVNw3rxnxh5n+kRyqeMlSCKFAxulv5ip6r5yCpJWf7SvPn0Ag/Z4WwQWEw9 xiNofsLRBT1pzwSRrrqOhnpZyYqLlWeDTZhKu01w2Dn0usEJ+SfzOM+qFiEHyGso MImSy7Vi8rdqoGukE267FKcPGSvWAhdeUDtN9URJ7vXYrw+Em2B2gEJnOT2SuuzQ OVxgu1Nn4tYjiHj4RBSLRbzRuzrmJWccANsP7UU5yhZP78OC6OJw== X-ME-Sender: X-Sasl-enc: pcpCii+ngteYa/z2l3bLfhh0hrjjO8NyzhDr7Iy6p0Oc 1490062411 Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id AE1EE240AE; Mon, 20 Mar 2017 22:13:31 -0400 (EDT) Date: Mon, 20 Mar 2017 22:13:31 -0400 From: Leo Famulari To: John Darrington Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. Message-ID: <20170321021331.GB29321@jasmine> References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> <20170318072335.GA12217@jocasta.intra> <87mvci5ze3.fsf@openmailbox.org> <20170318173630.GA14983@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0ntfKIWw70PvrIHh" Content-Disposition: inline In-Reply-To: <20170318173630.GA14983@gnu.org> User-Agent: Mutt/1.8.0 (2017-02-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 26109 Cc: guix-devel@gnu.org, Kei Kebreau , 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --0ntfKIWw70PvrIHh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 18, 2017 at 01:36:31PM -0400, John Darrington wrote: > [CC guix-devel@gnu.org] >=20 > So we have to make a choice: >=20 > 1. Package a released program with a known vulnerability; or Although all non-trivial software contains bugs, many of which can be exploited, we should not add new packages with known exploitable vulnerabilities. --0ntfKIWw70PvrIHh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAljQjEoACgkQJkb6MLrK fwhXgw//ZoDTAmh5fCjRE0DMBt8OBziXO2q1VLL66S3/SkD1PKAJaSyd2+M0RXn6 QOhTm0nec/ZVya0BI5XXO2Bcx6aUejPYL9kD+GhuQf5yZCo2MSwFwNh/QYv2teJa faX+Z61NafV+L0HR8x3vt1lhuN5b7nwpY5lkJCLTcUxSz3XMNKUbmW+W2CK8Gr5H 6CbBhQtQO9RbUwutBjIcdPDUInGQDcRlCMoFv+GKydtuJpHD1ZrxiMZU6XsF+VhL utdhR2SOzQqBrKG5kKudI7+8Iemho2OmFoGovQRULjZ59Po1mPpZHNFXUYpkW9Mz AGrI4QDCQdJxp5Ie2+twyTLsxUrobf7edoB7u2bsJSSTEI0lcZY4zADdc+kOu/wX Pgq9RmLggYQlDsMrZYrdwDVUIY1bbcQWtGV6sIOdIrwjJ7PxKjhb3Wa6WCB6/0UW xzPWwKkldQkW4+gBlDdajO42RrPq73Gaa8y6G6H4KPwQya/n+PIF8ooLVNkMPn7o 0PE5NrObzDjWEFRHfqD2S+gEr+qLB6/cUUFYexmkPst6sqZlStz0byI4qpdUqSXF 3nYtebGtStTFG4941NYdw84dHjcfwQv5BGQEHHpAPjkGA6C9NawIt8/q3kUHm8TA g6x4IcG2hV918DmHfLSsrj8etJD9Xpb8pOlmbqk7HQGJgT49KTU= =iiG8 -----END PGP SIGNATURE----- --0ntfKIWw70PvrIHh-- From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 20 22:30:51 2017 Received: (at 26109) by debbugs.gnu.org; 21 Mar 2017 02:30:51 +0000 Received: from localhost ([127.0.0.1]:37068 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq9ZT-0001aS-Ab for submit@debbugs.gnu.org; Mon, 20 Mar 2017 22:30:51 -0400 Received: from de.cellform.com ([88.217.224.109]:51837 helo=jocasta.intra) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cq9ZQ-0001aI-9P for 26109@debbugs.gnu.org; Mon, 20 Mar 2017 22:30:49 -0400 Received: from jocasta.intra (localhost [127.0.0.1]) by jocasta.intra (8.14.4/8.14.4/Debian-8+deb8u1) with ESMTP id v2L2Uhg7000530 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Mar 2017 03:30:43 +0100 Received: (from john@localhost) by jocasta.intra (8.14.4/8.14.4/Submit) id v2L2Uhg5000529; Tue, 21 Mar 2017 03:30:43 +0100 Date: Tue, 21 Mar 2017 03:30:43 +0100 From: John Darrington To: Leo Famulari Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. Message-ID: <20170321023043.GA455@jocasta.intra> References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> <20170318072335.GA12217@jocasta.intra> <20170321021240.GA29321@jasmine> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline In-Reply-To: <20170321021240.GA29321@jasmine> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 26109 Cc: 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 20, 2017 at 10:12:40PM -0400, Leo Famulari wrote: On Sat, Mar 18, 2017 at 08:23:35AM +0100, John Darrington wrote: > On Fri, Mar 17, 2017 at 04:42:59PM -0400, Kei Kebreau wrote: > =20 > Judging from the description of the software, it seems like thi= s could > fit in gnu/packages/image.scm. > Also, the linter says that this package vulnerable to > CVE-2015-8979. Supposedly this* upstream patch fixes it. Could = you see > if that fix works for this package? > =20 > * https://github.com/commontk/DCMTK/commit/1b6bb76 > =20 >=20 > Unfortunately this patch doesn't go in. It seems that as well as fi= xing this > vulnerability it also makes some unrelated changes. Furthermore, it= depends > on a whole lot of other patches which are not in this release. >=20 > Do we have a procedure on what to do in cases like this? =20 We could see what other distros have done. Maybe they have a simpler patch we could copy.=20 I did try that too. Unfortunately the Debian patch seems to have combined = some non-CVE fixes into the same patch AND that patch is dependendent upon some other un= related patches. I probably could with a lot of trial and error make a patch which works, bu= t IMO that defeats the purpose. I security patch should be A) as simple as possible; = B) not=20 contain any unrelated fixes; and C) prepared by someone who knows what she = is doing. Or, we could try building from an arbitrary Git commit. Yes. That is the other option - I think it might be a what we'll have to d= o. J' --=20 Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3=20 fingerprint =3D 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. --UlVJffcvxoiEqYs2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAljQkFMACgkQimdxnC3oJ7P9xwCfSPx3uwVYUTvVqm4pzGZcmzEW CkoAnRIUJumTs/VEtgg1JS7PnRPV73HR =5vjd -----END PGP SIGNATURE----- --UlVJffcvxoiEqYs2-- From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 21 14:30:14 2017 Received: (at 26109) by debbugs.gnu.org; 21 Mar 2017 18:30:14 +0000 Received: from localhost ([127.0.0.1]:38251 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cqOXu-0002y4-BW for submit@debbugs.gnu.org; Tue, 21 Mar 2017 14:30:14 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:34506) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cqOXt-0002xx-62 for 26109@debbugs.gnu.org; Tue, 21 Mar 2017 14:30:13 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 15F3620BA7; Tue, 21 Mar 2017 14:30:13 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Tue, 21 Mar 2017 14:30:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=ErOfD3xYkvmaqM1BY4ZrITUKoeHjRh7zihJ49+ BHSNk=; b=x1WiD7c1o59p51PG9nldP3I3en0xC5CXmP5tlOXl1FE4iDX4sdE5iy lma1ySF/4p/1XKN7/ciN+VyLiFnLOMCFkSyj7peRzqfDodOIMsCWXzQacHqnvLL7 1QkLR4q3oyON8fWaDEtoOwpVw9HLUqZnsfQfX2IThOrISxgppROQs= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=ErOfD3xYkvmaqM1BY4 ZrITUKoeHjRh7zihJ49+BHSNk=; b=HqlfnLWugD4BxGhoKOtPiGcUzshHSDkPo5 Nri257qstIOvCZSN3KIPp7NEQgeUOtwbLC+VDhj29Qx+2YcLJBED0gkONAJxFSzs srzmmeHb3AHjkO7uuuq5/6/Hk9qrge3ZXAL6alv+PqigcX79RhJrssOQ6rqX+5f5 tEAgtVnybfoA+osbPTyrVTPHPOnu4zA/rgEgBbR/Ut5x7WMyRjZQgStrw7miadI+ RXY1AHvrGjLNIy6FVoNZeiNPdTjLrGEamo/ho43ZU9hxgkLjnf5dNWLkkofa9Bib 2X/ASMeBRLyZFJMlWYMCQPeX5/9DLn3rzfVT9OeWJKKHJ54wOB2A== X-ME-Sender: X-Sasl-enc: TMpcROjDkvaxq0DFZtfHtKI6nhnW0nbZGzAHh3nXetb0 1490121012 Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id C6E05246D8; Tue, 21 Mar 2017 14:30:12 -0400 (EDT) Date: Tue, 21 Mar 2017 14:30:12 -0400 From: Leo Famulari To: John Darrington Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. Message-ID: <20170321183012.GC28482@jasmine> References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> <20170318072335.GA12217@jocasta.intra> <20170321021240.GA29321@jasmine> <20170321023043.GA455@jocasta.intra> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CUfgB8w4ZwR/yMy5" Content-Disposition: inline In-Reply-To: <20170321023043.GA455@jocasta.intra> User-Agent: Mutt/1.8.0 (2017-02-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 26109 Cc: 26109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --CUfgB8w4ZwR/yMy5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 21, 2017 at 03:30:43AM +0100, John Darrington wrote: > On Mon, Mar 20, 2017 at 10:12:40PM -0400, Leo Famulari wrote: > I did try that too. Unfortunately the Debian patch seems to have combine= d some non-CVE > fixes into the same patch AND that patch is dependendent upon some other = unrelated patches. Bah. > I probably could with a lot of trial and error make a patch which works, = but IMO that > defeats the purpose. I security patch should be A) as simple as possible= ; B) not=20 > contain any unrelated fixes; and C) prepared by someone who knows what sh= e is doing. Indeed. > Or, we could try building from an arbitrary Git commit. >=20 > Yes. That is the other option - I think it might be a what we'll have to= do. Okay, let us know how it goes. --CUfgB8w4ZwR/yMy5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAljRcTQACgkQJkb6MLrK fwjBfg/9HdSclZ28G4UV+ZdBIbxmrnmCi8e5K1CwsELucPBAAbvSzjNEACsmVV4J ZnwiqWpywJmOOt2TXXDAB1yO0bcSWIJYiIgnXcohioK84y/jDorTAvY5gwDOA5Sx pvE2LId+7CG0yiLPoEx6HiHa5ReVireUvWb547iOfohZJge4zmRsnUyFljJQg1KM VP41imbHRWC/ByIUDoLw3sWiinlHMl3I2n7A8YCxrNlF2oh5ARh80PmrEK5qUwbG U6/W03bNSi9TuAKU4AqEcTPKGGlf1b/GoHKH8r+ZR/ANfsIcS4xO/yF6UMhGnShn TBsgBfUjaSlFLan22ownJF5DiuOjj6KaVniPzGD5z/iLd4Pr5N7GyOQj6ReOJ557 zVDaX6BIvYIjmVTfFJptAIZJhE7aB/pBmoB9RqaksolbS55fYT8906BRFtrEMWGp k78Ps7OUh/7fioHFYr3Qb0L7oGC7ZgoSBDUKkT2/gzY6sK42sWLZrchI7mbR1DaK DsrjzBu9q7M1v+e2pSUn1A2WeSdLLEz5btYpdfav+W/5SEXawpxzRC4XJ3lkQN/y MhVMLsGJHh1pcHFyuF/T9GKPGrYbnVWE6e2olZ0pjMq8BSxnMMzV4vcp6wTiVPfo Y7imKikejzw8zAXIBC0dxGbRbigl+vHALg6qzGUUGfxS6g1W83o= =r1BG -----END PGP SIGNATURE----- --CUfgB8w4ZwR/yMy5-- From debbugs-submit-bounces@debbugs.gnu.org Mon May 15 17:07:51 2017 Received: (at 26109-done) by debbugs.gnu.org; 15 May 2017 21:07:51 +0000 Received: from localhost ([127.0.0.1]:47008 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dANDa-0000Gw-Qq for submit@debbugs.gnu.org; Mon, 15 May 2017 17:07:51 -0400 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21124) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dANDZ-0000Gp-TM for 26109-done@debbugs.gnu.org; Mon, 15 May 2017 17:07:50 -0400 Received: from localhost (x2f7fa94.dyn.telefonica.de [2.247.250.148]) by mx.zohomail.com with SMTPS id 1494882467250336.82828309303227; Mon, 15 May 2017 14:07:47 -0700 (PDT) References: <1489608324-23632-1-git-send-email-jmd@gnu.org> <1489608324-23632-3-git-send-email-jmd@gnu.org> <871stv7hyk.fsf@openmailbox.org> <20170318072335.GA12217@jocasta.intra> <20170321021240.GA29321@jasmine> <20170321023043.GA455@jocasta.intra> <20170321183012.GC28482@jasmine> User-agent: mu4e 0.9.18; emacs 25.2.1 From: Ricardo Wurmus To: Leo Famulari Subject: Re: bug#26109: [PATCH 3/7] gnu: Add dcmtk. In-reply-to: <20170321183012.GC28482@jasmine> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Mon, 15 May 2017 23:07:40 +0200 Message-ID: <87h90l6d7n.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External X-Spam-Score: -1.8 (-) X-Debbugs-Envelope-To: 26109-done Cc: 26109-done@debbugs.gnu.org, John Darrington X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) Leo Famulari writes: >> Or, we could try building from an arbitrary Git commit. >> >> Yes. That is the other option - I think it might be a what we'll have to do. > > Okay, let us know how it goes. I tried extracting a patch but it was virtually impossible to make it apply without introducing more security problems in the attempt. So I updated the package to use the latest commit from git. -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net From unknown Mon Jun 23 07:48:46 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 13 Jun 2017 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator