GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: 27429 <at> debbugs.gnu.org
Subject: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]
Date: Fri, 30 Jun 2017 14:59:10 +0200

Leo Famulari <leo <at> famulari.name> skribis:

> On Fri, Jun 30, 2017 at 12:27:57AM +0200, Ludovic Courtès wrote:
>> > -    (native-inputs `(("pkg-config" ,pkg-config)))
>> > +    (arguments
>> > +     `(#:phases
>> > +       (modify-phases %standard-phases
>> > +         (add-before 'configure 'bootstrap
>> > +           (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
>> > +    (native-inputs `(("pkg-config" ,pkg-config)
>> > +                     ;; XXX For bootstrapping. Remove for the next Shishi
>> > +                     ;; release after 1.0.2.
>> > +                     ("autoconf" ,autoconf)
>> > +                     ("automake" ,automake)
>> > +                     ("gettext" ,gnu-gettext)
>> > +                     ("libtool" ,libtool)
>> > +                     ("texinfo" ,texinfo)))
>> 
>> I think you can achieve the same result but without adding these
>> dependencies etc. just by adding:
>> 
>>   #:configure-flags '("ac_cv_libgcrypt=yes")
>> 
>> which I think is marginally better (but no big deal).
>
> Yes, that's better. I built Shishi and GSS with it locally, pushed, and
> started a core-updates evaluation.

OK.

> But I don't know if we will hit this evaluation failure also on
> core-updates since I merged master:
>
> https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00349.html

Oops indeed.  I fixed it in master and merged the fixed.  New evaluation
pending.

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.