GNU bug report logs - #27769
[PATCH] gnu: pcre: Update replacement to 8.41 [fixes CVE-2017-{7244, 7245, 7246}].

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Subject: bug#27769: closed (Re: [bug#27769] [PATCH] gnu: pcre: Update
 replacement to 8.41 [fixes CVE-2017-{7244, 7245, 7246}].)
Date: Thu, 20 Jul 2017 12:36:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#27769: [PATCH] gnu: pcre: Update replacement to 8.41 [fixes CVE-2017-{7244, 7245, 7246}].

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 27769 <at> debbugs.gnu.org.

-- 
27769: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=27769
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 27769-done <at> debbugs.gnu.org
Subject: Re: [bug#27769] [PATCH] gnu: pcre: Update replacement to 8.41 [fixes
 CVE-2017-{7244, 7245, 7246}].
Date: Thu, 20 Jul 2017 08:34:23 -0400

[Message part 3 (text/plain, inline)]

On Thu, Jul 20, 2017 at 10:35:28AM +0200, Ludovic Courtès wrote:
> > -              (patches (search-patches "pcre-CVE-2017-7186.patch"))))))
> 
> Should we remove this patch as well?

Yes! I was rushing to finish this at the end of the night and I sent a
preliminary version of this change by mistake :/

> For ‘core-updates’, I suggest we keep 8.41 it as a graft.  WDYT?

Agreed, I think we should not make any more big changes on that branch
unless we have to.

Pushed as 426b0b898f70a58133d80779980f163a5761686e.

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: pcre: Update replacement to 8.41 [fixes CVE-2017-{7244,
 7245, 7246}].
Date: Wed, 19 Jul 2017 22:22:28 -0400

* gnu/packages/pcre.scm (pcre)[replacement]: Update to pcre-8.41.
(pcre/fixed): Replace with ...
(pcre-8.41): ... new variable.
---
 gnu/packages/pcre.scm | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 67a8db1c7..8dd509931 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -34,7 +34,7 @@
   (package
    (name "pcre")
    (version "8.40")
-   (replacement pcre/fixed)
+   (replacement pcre-8.41)
    (source (origin
             (method url-fetch)
             (uri (list
@@ -72,12 +72,20 @@ POSIX regular expression API.")
    (license license:bsd-3)
    (home-page "http://www.pcre.org/")))
 
-(define pcre/fixed
+(define pcre-8.41
   (package
     (inherit pcre)
+    (version "8.41")
     (source (origin
-              (inherit (package-source pcre))
-              (patches (search-patches "pcre-CVE-2017-7186.patch"))))))
+              (method url-fetch)
+              (uri (list (string-append "mirror://sourceforge/pcre/pcre/"
+                                        version "/pcre-" version ".tar.bz2")
+                         (string-append "ftp://ftp.csx.cam.ac.uk"
+                                        "/pub/software/programming/pcre/"
+                                        "pcre-" version ".tar.bz2")))
+              (sha256
+               (base32
+                "0c5m469p5pd7jip621ipq6hbgh7128lzh7xndllfgh77ban7wb76"))))))
 
 (define-public pcre2
   (package
-- 
2.13.3

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.