GNU bug report logs - #47144
security patching of 'patch' package

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Sun, 14 Mar 2021 21:39:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #65 received at 47144 <at> debbugs.gnu.org (full text, mbox):

From: Simon Tournier <zimon.toutoune <at> gmail.com>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Mark H Weaver <mhw <at> netris.org>,
 Ludovic Courtès <ludo <at> gnu.org>, 47144 <at> debbugs.gnu.org,
 Vivien Kraus <vivien <at> planete-kraus.eu>, Leo Famulari <leo <at> famulari.name>
Subject: Re: bug#47144: [PATCH 3/3] gnu: patch: Graft to latest commit
 [security fixes].
Date: Tue, 04 Jun 2024 17:39:57 +0200

Hi Maxim,

On Fri, 31 May 2024 at 21:49, Maxim Cournoyer <maxim.cournoyer <at> gmail.com> wrote:

> I preferred inheritance to avoid having to manually sync things in the
> long run... (hopefully the graft gets ungrafted before 'patch' amasses
> new phatces, but we never know...)

What would be the long run? ;-)

Well, from my perspective, there is nothing to manually sync in the
future.

I mean, the only patch applied to release “2.7.6” will be still required
for patch/fixed; hence one will need to do what I am proposing if
’patch’ is removed.  Else if ’patch’ receives some security fixes, then
it seems expected to assume that the fix will be included in the latest
patch (here ’patch/fixed’).  Last, please note that ’patch’ is barely
modified.

--8<---------------cut here---------------start------------->8---
$ git log --format="%cd %s" -- gnu/packages/base.scm | grep 'gnu: patch'
Thu May 30 11:35:13 2024 -0400 gnu: patch: Fix indentation.
Sun Apr 22 22:40:48 2018 +0200 gnu: patch: Work around a cross-compilation issue.
Wed Mar 14 22:11:34 2018 +0100 gnu: patch: Update to 2.7.6.
Fri Jun 12 15:46:25 2015 +0300 gnu: patch: Set PATH_MAX for Hurd systems.
Mon Mar 9 22:56:50 2015 -0400 gnu: patch: Update to 2.7.5.
Sat Mar 7 20:34:50 2015 -0500 Revert "gnu: patch: Update to 2.7.5."
Sun Mar 8 00:32:11 2015 +0100 gnu: patch: Update to 2.7.5.
Wed Feb 11 11:23:46 2015 +0100 gnu: patch: Update to 2.7.4.
Fri Feb 6 13:53:28 2015 +0100 gnu: patch: Add 2.7.4 and make it a replacement for the default one.
Sat Apr 27 00:23:19 2013 +0200 gnu: patch: Update to 2.7.1.
--8<---------------cut here---------------end--------------->8---

I still think that it eases to have the patch close to the source
instead of coming from inheritance. Anyway. :-)

Cheers,
simon
This bug report was last modified 333 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.