From unknown Wed Jun 18 23:06:22 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#31437 <31437@debbugs.gnu.org> To: bug#31437 <31437@debbugs.gnu.org> Subject: Status: [PATCH 0/2] opencv: Ignore CVEs. Document lint-hidden-cve Reply-To: bug#31437 <31437@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:06:22 +0000 retitle 31437 [PATCH 0/2] opencv: Ignore CVEs. Document lint-hidden-cve reassign 31437 guix-patches submitter 31437 Bj=C3=B6rn H=C3=B6fling severity 31437 normal tag 31437 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sat May 12 19:32:48 2018 Received: (at submit) by debbugs.gnu.org; 12 May 2018 23:32:48 +0000 Received: from localhost ([127.0.0.1]:59948 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHe0O-0006yj-Jr for submit@debbugs.gnu.org; Sat, 12 May 2018 19:32:48 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43603) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHe0M-0006yR-7C for submit@debbugs.gnu.org; Sat, 12 May 2018 19:32:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fHe0G-0007ta-2l for submit@debbugs.gnu.org; Sat, 12 May 2018 19:32:40 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FROM_EXCESS_BASE64 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:50624) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fHe0F-0007tW-Vn for submit@debbugs.gnu.org; Sat, 12 May 2018 19:32:40 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34574) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fHe0E-0001Tz-MA for guix-patches@gnu.org; Sat, 12 May 2018 19:32:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fHe0A-0007sa-O9 for guix-patches@gnu.org; Sat, 12 May 2018 19:32:38 -0400 Received: from m4s11.vlinux.de ([83.151.27.109]:53710 helo=bjoernhoefling.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fHe0A-0007s5-HG for guix-patches@gnu.org; Sat, 12 May 2018 19:32:34 -0400 Received: from alma-ubu (p57B52973.dip0.t-ipconnect.de [87.181.41.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bjoernhoefling.de (Postfix) with ESMTPSA id A91C841A99 for ; Sun, 13 May 2018 01:32:30 +0200 (CEST) Date: Sun, 13 May 2018 01:32:22 +0200 From: =?UTF-8?B?QmrDtnJuIEjDtmZsaW5n?= To: Subject: [PATCH 0/2] opencv: Ignore CVEs. Document lint-hidden-cve Message-ID: <20180513013222.2f0629dc@alma-ubu> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/tkReoYlXm1.NUZmDN9BxSsW"; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.9 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.9 (-----) --Sig_/tkReoYlXm1.NUZmDN9BxSsW Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable These two little patches are a follow-up to https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D30801 Bj=C3=B6rn Bj=C3=B6rn H=C3=B6fling (2): doc: Update documentation of guix lint gnu: opencv: Ignore CVEs. doc/guix.texi | 22 +++++++++++++++++++--- gnu/packages/image-processing.scm | 5 +++++ 2 files changed, 24 insertions(+), 3 deletions(-) --=20 2.17.0 --Sig_/tkReoYlXm1.NUZmDN9BxSsW Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlr3eYcACgkQvyhstlk+X/1QIgCdGXQRQg34V8L22K6EzUSUBl6X jY0AnjibgxzmBDhY3ijRQ2cZbOE2qVNX =YrRh -----END PGP SIGNATURE----- --Sig_/tkReoYlXm1.NUZmDN9BxSsW-- From debbugs-submit-bounces@debbugs.gnu.org Sat May 12 19:40:04 2018 Received: (at 31437) by debbugs.gnu.org; 12 May 2018 23:40:04 +0000 Received: from localhost ([127.0.0.1]:59953 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHe7Q-00078q-CM for submit@debbugs.gnu.org; Sat, 12 May 2018 19:40:04 -0400 Received: from m4s11.vlinux.de ([83.151.27.109]:34390 helo=bjoernhoefling.de) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHe7P-00078i-8s for 31437@debbugs.gnu.org; Sat, 12 May 2018 19:40:03 -0400 Received: from alma-ubu (p57B52973.dip0.t-ipconnect.de [87.181.41.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bjoernhoefling.de (Postfix) with ESMTPSA id 10B5241A99 for <31437@debbugs.gnu.org>; Sun, 13 May 2018 01:40:02 +0200 (CEST) Date: Sun, 13 May 2018 01:40:00 +0200 From: =?UTF-8?B?QmrDtnJuIEjDtmZsaW5n?= To: 31437@debbugs.gnu.org Subject: [PATCH 1/2] doc: Update documentation of guix lint Message-ID: <20180513014000.132a2c85@alma-ubu> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/2B+0.SFrTBKOjr2DZ.SDgAn"; protocol="application/pgp-signature" X-Spam-Score: 0.1 (/) X-Debbugs-Envelope-To: 31437 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.9 (/) --Sig_/2B+0.SFrTBKOjr2DZ.SDgAn Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix lint): Add cpe-version to example. * doc/guix.texi (Invoking guix lint): Add example for lint-hidden-cve. --- doc/guix.texi | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 637c9c3f4..f0b666b9e 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6835,15 +6835,31 @@ where @code{CVE-YYYY-ABCD} is the CVE identifier---= e.g., =20 Package developers can specify in package recipes the @uref{https://nvd.nist.gov/cpe.cfm,Common Platform Enumeration (CPE)} -name and version of the package when they differ from the name that Guix -uses, as in this example: +name and version of the package when they differ from the name or version +that Guix uses, as in this example: =20 @example (package (name "grub") ;; @dots{} ;; CPE calls this package "grub2". - (properties '((cpe-name . "grub2")))) + (properties '((cpe-name . "grub2") + (cpe-version . "2.3"))) +@end example + +Sometimes, the CVE database contains false positives. Package developers = who +found CVE alerts and verified they can be ignored can declare them as in +this example: + +@example +(package + (name "t1lib") + ;; @dots{} + ;; These CVEs are false positives and can be ignored: + (properties `((lint-hidden-cve . ("CVE-2011-0433" + "CVE-2011-1553" + "CVE-2011-1554" + "CVE-2011-5244"))))) @end example =20 @item formatting --=20 2.17.0 --Sig_/2B+0.SFrTBKOjr2DZ.SDgAn Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlr3e1EACgkQvyhstlk+X/3udQCfXFnvhZ1Q/QrB2sIxyFhzSBVo r/gAmwZOp2BE+d7oTpa7JBBYq0BAF8Eb =SITp -----END PGP SIGNATURE----- --Sig_/2B+0.SFrTBKOjr2DZ.SDgAn-- From debbugs-submit-bounces@debbugs.gnu.org Sat May 12 19:40:33 2018 Received: (at 31437) by debbugs.gnu.org; 12 May 2018 23:40:34 +0000 Received: from localhost ([127.0.0.1]:59956 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHe7t-00079V-Lf for submit@debbugs.gnu.org; Sat, 12 May 2018 19:40:33 -0400 Received: from m4s11.vlinux.de ([83.151.27.109]:34392 helo=bjoernhoefling.de) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fHe7s-00079O-By for 31437@debbugs.gnu.org; Sat, 12 May 2018 19:40:32 -0400 Received: from alma-ubu (p57B52973.dip0.t-ipconnect.de [87.181.41.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bjoernhoefling.de (Postfix) with ESMTPSA id A8C5241A99 for <31437@debbugs.gnu.org>; Sun, 13 May 2018 01:40:31 +0200 (CEST) Date: Sun, 13 May 2018 01:40:30 +0200 From: =?UTF-8?B?QmrDtnJuIEjDtmZsaW5n?= To: 31437@debbugs.gnu.org Subject: [PATCH 2/2] gnu: opencv: Ignore CVEs. Message-ID: <20180513014030.0ed32f83@alma-ubu> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/kWrUI_Fiv1Ouu2GfGyEujXE"; protocol="application/pgp-signature" X-Spam-Score: 0.1 (/) X-Debbugs-Envelope-To: 31437 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.9 (/) --Sig_/kWrUI_Fiv1Ouu2GfGyEujXE Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable * gnu/packages/image-processing.scm (opencv)[properties]: Add a lint-hidden-cve property and add three CVEs to be ignored. --- gnu/packages/image-processing.scm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm index ef303e134..4842ad450 100644 --- a/gnu/packages/image-processing.scm +++ b/gnu/packages/image-processing.scm @@ -222,6 +222,11 @@ integrates with various databases on GUI toolkits such as Qt and Tk.") (for-each delete-file '("modules/java/test/pure_test/lib/junit-4.11.= jar" "samples/java/sbt/sbt/sbt-launch.jar")))))) + ;; These three CVEs are not a problem of OpenCV, see: + ;; https://github.com/opencv/opencv/issues/10998 + (properties '((lint-hidden-cve . ("CVE-2018-7712" + "CVE-2018-7713" + "CVE-2018-7714")))) (build-system cmake-build-system) (arguments `(#:configure-flags --=20 2.17.0 --Sig_/kWrUI_Fiv1Ouu2GfGyEujXE Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlr3e24ACgkQvyhstlk+X/24bwCfYYpu0SO6SX8mPMQcUQ7F8btB xGAAn2NXqvosDGo3n3JGZGfwrn3OCvp5 =5Ar+ -----END PGP SIGNATURE----- --Sig_/kWrUI_Fiv1Ouu2GfGyEujXE-- From debbugs-submit-bounces@debbugs.gnu.org Mon May 14 04:59:53 2018 Received: (at 31437) by debbugs.gnu.org; 14 May 2018 08:59:53 +0000 Received: from localhost ([127.0.0.1]:33254 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI9Kj-0001w8-7l for submit@debbugs.gnu.org; Mon, 14 May 2018 04:59:53 -0400 Received: from eggs.gnu.org ([208.118.235.92]:54507) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI9Kh-0001vv-Tj for 31437@debbugs.gnu.org; Mon, 14 May 2018 04:59:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fI9KZ-000069-I3 for 31437@debbugs.gnu.org; Mon, 14 May 2018 04:59:46 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:32970) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fI9KZ-000062-Ed; Mon, 14 May 2018 04:59:43 -0400 Received: from [193.50.110.240] (port=54228 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fI9KW-0002ba-8w; Mon, 14 May 2018 04:59:40 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: =?utf-8?Q?Bj=C3=B6rn_H=C3=B6fling?= Subject: Re: [bug#31437] [PATCH 1/2] doc: Update documentation of guix lint References: <20180513013222.2f0629dc@alma-ubu> <20180513014000.132a2c85@alma-ubu> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 25 =?utf-8?Q?Flor=C3=A9al?= an 226 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 14 May 2018 10:59:38 +0200 In-Reply-To: <20180513014000.132a2c85@alma-ubu> (=?utf-8?Q?=22Bj=C3=B6rn?= =?utf-8?Q?_H=C3=B6fling=22's?= message of "Sun, 13 May 2018 01:40:00 +0200") Message-ID: <87zi12a9z9.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 31437 Cc: 31437@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hello, Bj=C3=B6rn H=C3=B6fling skribis: > * doc/guix.texi (Invoking guix lint): Add cpe-version to example. > * doc/guix.texi (Invoking guix lint): Add example for lint-hidden-cve. I reworded the bit about =E2=80=98lint-hidden-cve=E2=80=99, mostly so that = packagers don=E2=80=99t start using it without a very good reason ;-), and committed. Thanks! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon May 14 05:03:21 2018 Received: (at 31437-done) by debbugs.gnu.org; 14 May 2018 09:03:21 +0000 Received: from localhost ([127.0.0.1]:33259 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI9O3-00022Z-OF for submit@debbugs.gnu.org; Mon, 14 May 2018 05:03:19 -0400 Received: from eggs.gnu.org ([208.118.235.92]:55172) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fI9O2-00022M-2O for 31437-done@debbugs.gnu.org; Mon, 14 May 2018 05:03:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fI9Nt-0001XR-8I for 31437-done@debbugs.gnu.org; Mon, 14 May 2018 05:03:13 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:33019) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fI9Nt-0001XN-4K; Mon, 14 May 2018 05:03:09 -0400 Received: from [193.50.110.240] (port=54244 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fI9Ns-0005V3-P7; Mon, 14 May 2018 05:03:09 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: =?utf-8?Q?Bj=C3=B6rn_H=C3=B6fling?= Subject: Re: [bug#31437] [PATCH 2/2] gnu: opencv: Ignore CVEs. References: <20180513013222.2f0629dc@alma-ubu> <20180513014030.0ed32f83@alma-ubu> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 25 =?utf-8?Q?Flor=C3=A9al?= an 226 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 14 May 2018 11:03:07 +0200 In-Reply-To: <20180513014030.0ed32f83@alma-ubu> (=?utf-8?Q?=22Bj=C3=B6rn?= =?utf-8?Q?_H=C3=B6fling=22's?= message of "Sun, 13 May 2018 01:40:30 +0200") Message-ID: <87vabqa9tg.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 31437-done Cc: 31437-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Bj=C3=B6rn H=C3=B6fling skribis: > * gnu/packages/image-processing.scm (opencv)[properties]: Add a > lint-hidden-cve property and add three CVEs to be ignored. Applied, thanks! From unknown Wed Jun 18 23:06:22 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 11 Jun 2018 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator