GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Jun 2017 22:27:01 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #44 received at 27429 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Mark H Weaver <mhw <at> netris.org>
Cc: 27429 <at> debbugs.gnu.org, Efraim Flashner <efraim <at> flashner.co.il>
Subject: Re: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 22 Jun 2017 12:17:37 -0400

[Message part 1 (text/plain, inline)]

On Thu, Jun 22, 2017 at 02:44:11AM -0400, Mark H Weaver wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> > Hm, I noticed the bootstrap binaries being downloaded, so I don't think
> > this patch applies the graft without causing a full rebuild.
> 
> It's likely that this is because of the new behavior of Hydra, where
> NARs that haven't been fetched in the last 14 days are deleted, and then
> those substitutes will fail the next time they are requested.
> 
> In this system fetching substitutes that are not often requested will
> often fail.  One must try to fetch them, and then wait a while for Hydra
> to rebuild the NARs, and then try again later.  FWIW, I don't like this
> approach, but it's what we have for now.

Okay, I'm trying again. I'll let the build finish and report if the
system seems okay in QEMU.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 310 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27429 Stack clash (CVE-2017-1000366 etc)

GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)