GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Full log

Message #109 received at 27429 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 27429 <at> debbugs.gnu.org
Subject: Re: core-updates and shishi [was Re: bug#27429: Stack clash
 (CVE-2017-1000366 etc)]
Date: Fri, 30 Jun 2017 02:47:14 -0400

[Message part 1 (text/plain, inline)]

On Fri, Jun 30, 2017 at 12:27:57AM +0200, Ludovic Courtès wrote:
> > -    (native-inputs `(("pkg-config" ,pkg-config)))
> > +    (arguments
> > +     `(#:phases
> > +       (modify-phases %standard-phases
> > +         (add-before 'configure 'bootstrap
> > +           (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
> > +    (native-inputs `(("pkg-config" ,pkg-config)
> > +                     ;; XXX For bootstrapping. Remove for the next Shishi
> > +                     ;; release after 1.0.2.
> > +                     ("autoconf" ,autoconf)
> > +                     ("automake" ,automake)
> > +                     ("gettext" ,gnu-gettext)
> > +                     ("libtool" ,libtool)
> > +                     ("texinfo" ,texinfo)))
> 
> I think you can achieve the same result but without adding these
> dependencies etc. just by adding:
> 
>   #:configure-flags '("ac_cv_libgcrypt=yes")
> 
> which I think is marginally better (but no big deal).

Yes, that's better. I built Shishi and GSS with it locally, pushed, and
started a core-updates evaluation.

But I don't know if we will hit this evaluation failure also on
core-updates since I merged master:

https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00349.html

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.