GNU bug report logs - #31487
[PATCH] gnu: Add upx.

Previous Next

Package: guix-patches;

Reported by: Pierre Neidhardt <ambrevar <at> gmail.com>

Date: Thu, 17 May 2018 22:52:01 UTC

Severity: normal

Tags: patch

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

Full log

Message #17 received at 31487 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Pierre Neidhardt <ambrevar <at> gmail.com>
Cc: 31487 <at> debbugs.gnu.org
Subject: Re: [bug#31487] [PATCH] gnu: Add upx.
Date: Mon, 28 May 2018 09:55:01 +0200

Hi Pierre,

Pierre Neidhardt <ambrevar <at> gmail.com> skribis:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> There’s one issue left though:
>>
>>   $ ./pre-inst-env guix lint upx
>>   gnu/packages/compression.scm:2179:2: upx <at> 3.94: probably vulnerable to CVE-2017-15056, CVE-2017-16869
>>
>> Could you check whether patches are available for these?  Better be safe
>> than sorry!
>
> Indeed they are.
> They are not on the master branch though, only devel I think.
> So what's the protocol here?  Shall we cherry-pick the fixing commits or
> get latest devel?

Yes.  You can add them as individual patches (see commit
aa8ac0294421d465f60e18c8271f971ec8407a95 for an example); as usual, make
sure each patch starts with a few lines explaining what the patch does
and where it comes from (you can take the commit log for that plus a
repo URL, for instance.)

Then you can check that ‘guix lint upx’ is happy.

TIA!

Ludo’.
This bug report was last modified 6 years and 338 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.