GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Mark H Weaver <mhw <at> netris.org>
Cc: 27429 <at> debbugs.gnu.org, Efraim Flashner <efraim <at> flashner.co.il>
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 22 Jun 2017 14:34:21 -0400

[Message part 1 (text/plain, inline)]

On Thu, Jun 22, 2017 at 12:17:37PM -0400, Leo Famulari wrote:
> On Thu, Jun 22, 2017 at 02:44:11AM -0400, Mark H Weaver wrote:
> > Leo Famulari <leo <at> famulari.name> writes:
> > > Hm, I noticed the bootstrap binaries being downloaded, so I don't think
> > > this patch applies the graft without causing a full rebuild.
> > 
> > It's likely that this is because of the new behavior of Hydra, where
> > NARs that haven't been fetched in the last 14 days are deleted, and then
> > those substitutes will fail the next time they are requested.
> > 
> > In this system fetching substitutes that are not often requested will
> > often fail.  One must try to fetch them, and then wait a while for Hydra
> > to rebuild the NARs, and then try again later.  FWIW, I don't like this
> > approach, but it's what we have for now.
> 
> Okay, I'm trying again. I'll let the build finish and report if the
> system seems okay in QEMU.

It's building stuff, but it downloaded several parts of the bootstrap
(gettext-boot0, perl-boot0, etc) and is now building the base packages
of the distribution (perl, etc).

So, I'm skeptical that it's grafting in the way we need it to. For
example, I already have the latest Perl binary from `guix build perl`,
but it's rebuilding Perl now.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.