GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Jun 2017 22:27:01 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Mark H Weaver <mhw <at> netris.org>
Cc: 27429 <at> debbugs.gnu.org, Efraim Flashner <efraim <at> flashner.co.il>
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 22 Jun 2017 15:25:04 -0400

[Message part 1 (text/plain, inline)]

On Thu, Jun 22, 2017 at 02:34:21PM -0400, Leo Famulari wrote:
> It's building stuff, but it downloaded several parts of the bootstrap
> (gettext-boot0, perl-boot0, etc) and is now building the base packages
> of the distribution (perl, etc).
> 
> So, I'm skeptical that it's grafting in the way we need it to. For
> example, I already have the latest Perl binary from `guix build perl`,
> but it's rebuilding Perl now.

I might have spoken too soon. Although Perl was rebuilt, most other
packages were not. So this patch might do the right thing. More review
welcome :)

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 310 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27429 Stack clash (CVE-2017-1000366 etc)

GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)