From unknown Wed Jun 18 00:26:14 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#47193 <47193@debbugs.gnu.org> To: bug#47193 <47193@debbugs.gnu.org> Subject: Status: Fancify guix lint -c cve output Reply-To: bug#47193 <47193@debbugs.gnu.org> Date: Wed, 18 Jun 2025 07:26:14 +0000 retitle 47193 Fancify guix lint -c cve output reassign 47193 guix-patches submitter 47193 Tobias Geerinckx-Rice severity 47193 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 16 12:00:24 2021 Received: (at submit) by debbugs.gnu.org; 16 Mar 2021 16:00:24 +0000 Received: from localhost ([127.0.0.1]:40820 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMC7L-0002Vr-Rk for submit@debbugs.gnu.org; Tue, 16 Mar 2021 12:00:24 -0400 Received: from lists.gnu.org ([209.51.188.17]:39060) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMC7K-0002Vk-EF for submit@debbugs.gnu.org; Tue, 16 Mar 2021 12:00:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36178) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMC7J-0000wW-US for guix-patches@gnu.org; Tue, 16 Mar 2021 12:00:22 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:50558) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMC7H-0000Lc-BO for guix-patches@gnu.org; Tue, 16 Mar 2021 12:00:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=YaGadJfusfpJ60RzUvJ0CRfSYjbhuarucFL15OvWwe0=; h=date:subject:to: from; b=k98WNv2yr8vV3L2HaBcuJNXf/zCkKLoMRwYPl7ZUxxMWjvpKkqbsQspTIK0a5z SVny/4oWYuxSmGM8HCmij9fCkK2P/ACCx4StrbzV7CNRRc6uX/n3iAuBEztNPHseK42oZ+ YyICmMEXHDnZm92W5zO7xZ+ARA0BucVs3Rs7eU2LcF4cOv+frK3gRsPUPF8U39+WIu5M4h AFNhJUqeFBtlP1ij5w+RWSCAGpTJy8ijlUmQl1kHoY3nsNZ7hPC02n1nYKqD72573Feix/ w4ucy+w/xT5pQI7c/VQcgzklMnBjwRddxhN1hs9VpjqOBVc41Q6GAz9CyASo9bO378BMaw == Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 6d798cea (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO) for ; Tue, 16 Mar 2021 16:01:14 +0000 (UTC) BIMI-Selector: v=BIMI1; s=default; From: Tobias Geerinckx-Rice To: guix-patches@gnu.org Subject: Fancify guix lint -c cve output Date: Tue, 16 Mar 2021 17:00:11 +0100 Message-ID: <87im5rm6lw.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain; format=flowed Guix, A quick hack requested by lle-bout: indicate CVE severity with pretty/scary colours[0]. It's deliberately simple: no scoring, no versioning, no importing (guix colors) from (guix cve), ... Another patch adds order to the rainbow. Sort CVEs by ID, so roughly chronological. In combination with the other patch, I prefer this to more complex ordering and/or grouping by severity. Kind regards, T G-R [0]: https://tobias.gr/tmp.png --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYFDWCw0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15RQ4BAI3yfWXQoiM1lTSdAvnUZHFf41BHMdUDMebqSQuz 9zR1AQCKwuoJ6L5rECbJ9dXPEz4qV+WCmLbjSCrdQZBITSj+Bw== =0/gM -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 16 12:07:04 2021 Received: (at 47193) by debbugs.gnu.org; 16 Mar 2021 16:07:04 +0000 Received: from localhost ([127.0.0.1]:40841 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMCDo-0002h9-Cx for submit@debbugs.gnu.org; Tue, 16 Mar 2021 12:07:04 -0400 Received: from tobias.gr ([80.241.217.52]:40566) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMCDm-0002gi-G7 for 47193@debbugs.gnu.org; Tue, 16 Mar 2021 12:07:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=pRogdOwWfN/snsklteKvUi9KNTFvioU54/6uRhMf6To=; h=date:subject:to: from; b=TJGvVyuj5L/N/648up6q2MHE+CvxIa17iFxZyOh1Q2R1gbdu7fDFq4XizA44Iw EVLYoW0kuZwbZFHPR4PT2JNgCOwXh24ndqUxuNHugqRLlr4ATASAvAGYyxi+afcoMX7jMv K1Oaihw/b85ql27YnFMY+mg/AFxjL6v6sD8inWSapPdRwegoEjpqLryFjbvJhpL+qL8o66 cMs/9+2IwSr66acoAHiIOeAQP9mVHNq1mLvRzIQZdFvbpRI7+ex1rIuFyXPgRDyC3r7H6j J9wmuWH2qM6yLp3dlDnRrQtPWv+lqZTnfCOo4Jb9YN00VBJl9rx91dmSWvNk2SjadbIJJA == Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 489a24e1 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO) for <47193@debbugs.gnu.org>; Tue, 16 Mar 2021 16:08:02 +0000 (UTC) From: Tobias Geerinckx-Rice To: 47193@debbugs.gnu.org Subject: [PATCH 1/2] lint: Sort possible vulnerabilities. Date: Tue, 16 Mar 2021 17:06:52 +0100 Message-Id: <20210316160653.9891-1-me@tobias.gr> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 47193 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/lint.scm (check-vulnerabilities): Sort unpatched vulnerabilities by ID. --- guix/lint.scm | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/guix/lint.scm b/guix/lint.scm index 5144fa139d..ed57e19fe2 100644 --- a/guix/lint.scm +++ b/guix/lint.scm @@ -1164,6 +1164,23 @@ the NIST server non-fatal." package-vulnerabilities)) "Check for known vulnerabilities for PACKAGE. Obtain the list of vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES." + + (define (vulnerability< v1 v2) + (define (string-list< list1 list2) + (match list1 + ((head1 tail1 ...) + (match list2 + ((head2 tail2 ...) + (if (string=? head1 head2) + (string-list< tail1 tail2) + (string) id 1lMCDq-0002hN-Lr for submit@debbugs.gnu.org; Tue, 16 Mar 2021 12:07:07 -0400 Received: from tobias.gr ([80.241.217.52]:40566) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMCDn-0002gi-Ih for 47193@debbugs.gnu.org; Tue, 16 Mar 2021 12:07:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=PboByRz5iej9DIUZpuu/uFXHUQtJFQo+QgdshhvDfa4=; h=references: in-reply-to:date:subject:to:from; b=Fa6JCu9jodoT5U21DwFSAeOuwTq3aAsdaj 1M2Lb7XA2u5IndoMmDIcHtGtZ/qZf8s6OvbI8pw+2mbEJeI5R7h92C37gWgiq4oYYqr1KB Asbxgsqz5CcDmWnmmE+biLZwxZAdkSKu0R0YCbZ9eJnvVUxxsiPBd5i6M8xsUpeCDcZ0py r2r8nb7RZQcw0TlY6qbxhs2jbwB01oopKAVEgSRoWhZrHWcWA3OA8846e2Bh/cXqmEpi9g xdpW9FhYSDp8FIfBM5diJvy52zvMh/uhOy6SVkEb2vLIB96z/bcuLrRUuFSj77kfgUMgw5 SyVCcpFeXRwIOYR1BxiGrqnJhriQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id ae76bf27 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO) for <47193@debbugs.gnu.org>; Tue, 16 Mar 2021 16:08:02 +0000 (UTC) From: Tobias Geerinckx-Rice To: 47193@debbugs.gnu.org Subject: [PATCH 2/2] lint: Indicate CVE severity. Date: Tue, 16 Mar 2021 17:06:53 +0100 Message-Id: <20210316160653.9891-2-me@tobias.gr> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210316160653.9891-1-me@tobias.gr> References: <20210316160653.9891-1-me@tobias.gr> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 47193 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/cve.scm [cvss3-base-severity]: New field. (impact-data->cve-cvss3-base-severity): New procedure. [severity]: New field. (vulnerability->sexp, sexp->vulnerability, cve-item->vulnerability) (write-cache): Bump the format version to 2. (vulnerabilities->lookup-proc): Adjust accordingly. * guix/lint.scm (check-vulnerabilities): Indicate CVE severity according to the output port's terminal capabilities. --- guix/cve.scm | 48 ++++++++++++++++++++++++++++++++---------------- guix/lint.scm | 32 +++++++++++++++++++++++++++++++- 2 files changed, 63 insertions(+), 17 deletions(-) diff --git a/guix/cve.scm b/guix/cve.scm index b3a8b13a06..3809e4493f 100644 --- a/guix/cve.scm +++ b/guix/cve.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès +;;; Copyright © 2021 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -38,6 +39,7 @@ cve-item? cve-item-cve cve-item-configurations + cve-item-cvssv3-base-severity cve-item-published-date cve-item-last-modified-date @@ -53,6 +55,7 @@ vulnerability? vulnerability-id + vulnerability-severity vulnerability-packages json->vulnerabilities @@ -72,13 +75,15 @@ (define-json-mapping cve-item cve-item? json->cve-item - (cve cve-item-cve "cve" json->cve) ; - (configurations cve-item-configurations ;list of sexps - "configurations" configuration-data->cve-configurations) - (published-date cve-item-published-date - "publishedDate" string->date*) - (last-modified-date cve-item-last-modified-date - "lastModifiedDate" string->date*)) + (cve cve-item-cve "cve" json->cve) ; + (configurations cve-item-configurations ;list of sexps + "configurations" configuration-data->cve-configurations) + (cvssv3-base-severity cve-item-cvssv3-base-severity ;string + "impact" impact-data->cve-cvssv3-base-severity) + (published-date cve-item-published-date + "publishedDate" string->date*) + (last-modified-date cve-item-last-modified-date + "lastModifiedDate" string->date*)) (define-json-mapping cve cve? json->cve @@ -183,6 +188,15 @@ element found in CVEs, return an sexp such as (\"binutils\" (< (let ((nodes (vector->list (assoc-ref alist "nodes")))) (filter-map node->configuration nodes))) +(define (impact-data->cve-cvssv3-base-severity alist) + "Given ALIST, a JSON dictionary for the \"impact\" element found in +CVEs, return a string indicating its CVSSv3 severity. This should be +one of \"NONE\", \"LOW\", \"MEDIUM\", \"HIGH\", or \"CRITICAL\", but we +return whatever we find, or #F if the severity cannot be determined." + (let* ((base-metric-v3 (assoc-ref alist "baseMetricV3")) + (cvss-v3 (assoc-ref base-metric-v3 "cvssV3"))) + (assoc-ref cvss-v3 "baseSeverity"))) + (define (json->cve-items json) "Parse JSON, an input port or a string, and return a list of records." @@ -251,20 +265,21 @@ records." (* 3600 24 (date-month %now))) (define-record-type - (vulnerability id packages) + (vulnerability id severity packages) vulnerability? (id vulnerability-id) ;string + (severity vulnerability-severity) ;string (packages vulnerability-packages)) ;((p1 sexp1) (p2 sexp2) ...) (define vulnerability->sexp (match-lambda - (($ id packages) - `(v ,id ,packages)))) + (($ id severity packages) + `(v ,id ,severity ,packages)))) (define sexp->vulnerability (match-lambda - (('v id (packages ...)) - (vulnerability id packages)))) + (('v id severity (packages ...)) + (vulnerability id severity packages)))) (define (cve-configuration->package-list config) "Parse CONFIG, a config sexp, and return a list of the form (P SEXP) @@ -309,12 +324,13 @@ versions." "Return a corresponding to ITEM, a record; return #f if ITEM does not list any configuration or if it does not list any \"a\" (application) configuration." - (let ((id (cve-id (cve-item-cve item)))) + (let ((id (cve-id (cve-item-cve item))) + (severity (cve-item-base-severity item))) (match (cve-item-configurations item) (() ;no configurations #f) ((configs ...) - (vulnerability id + (vulnerability id severity (merge-package-lists (map cve-configuration->package-list configs))))))) @@ -332,7 +348,7 @@ sexp to CACHE." (json->vulnerabilities input)) (write `(vulnerabilities - 1 ;format version + 2 ;format version ,(map vulnerability->sexp vulns)) cache)))) @@ -396,7 +412,7 @@ vulnerabilities affecting the given package version." ;; Map package names to lists of version/vulnerability pairs. (fold (lambda (vuln table) (match vuln - (($ id packages) + (($ id severity packages) (fold (lambda (package table) (match package ((name . versions) diff --git a/guix/lint.scm b/guix/lint.scm index ed57e19fe2..f3c4e13052 100644 --- a/guix/lint.scm +++ b/guix/lint.scm @@ -48,6 +48,7 @@ #:use-module (guix monads) #:use-module (guix scripts) #:use-module ((guix ui) #:select (texi->plain-text fill-paragraph)) + #:use-module (guix colors) #:use-module (guix gnu-maintenance) #:use-module (guix cve) #:use-module ((guix swh) #:hide (origin?)) @@ -1165,6 +1166,35 @@ the NIST server non-fatal." "Check for known vulnerabilities for PACKAGE. Obtain the list of vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES." + (define severity->color + ;; A standard CVE colour gradient is red > orange > yellow > green > none. + ;; However, ANSI non-bold YELLOW is actually orange whilst BOLD YELLOW + ;; is actual yellow, so BOLD would confusingly be less serious. Skip it. + (match-lambda + ("CRITICAL" (color BOLD RED)) + ("HIGH" (color RED)) + ("MEDIUM" (color YELLOW)) + ("LOW" (color GREEN)) + (_ (color)))) + + (define (colorize-vulnerability vulnerability) + ;; If the terminal supports ANSI colours, use them to indicate severity. + (colorize-string (vulnerability-id vulnerability) + (severity->color (vulnerability-severity + vulnerability)))) + + (define (simple-format-vulnerability vulnerability) + ;; Otherwise, omit colour coding and explicitly append the severity string. + (simple-format #f "~a (~a)" + (vulnerability-id vulnerability) + (string-downcase (vulnerability-severity vulnerability)))) + + (define format-vulnerability + ;; Check once which of the above to use for all PACKAGE vulnerabilities. + (if (color-output? (current-output-port)) + colorize-vulnerability + simple-format-vulnerability)) + (define (vulnerability< v1 v2) (define (string-list< list1 list2) (match list1 @@ -1201,7 +1231,7 @@ vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES." (make-warning package (G_ "probably vulnerable to ~a") - (list (string-join (map vulnerability-id + (list (string-join (map format-vulnerability (sort unpatched vulnerability<)) ", ")))))))))) -- 2.30.1 From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 16 14:20:01 2021 Received: (at 47193) by debbugs.gnu.org; 16 Mar 2021 18:20:01 +0000 Received: from localhost ([127.0.0.1]:41024 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMEIS-0005xw-QF for submit@debbugs.gnu.org; Tue, 16 Mar 2021 14:20:01 -0400 Received: from mail.zaclys.net ([178.33.93.72]:54259) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMEIR-0005xe-Ty for 47193@debbugs.gnu.org; Tue, 16 Mar 2021 14:20:00 -0400 Received: from [192.168.0.44] (82-64-145-38.subs.proxad.net [82.64.145.38]) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12GIJsVp009835 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <47193@debbugs.gnu.org>; Tue, 16 Mar 2021 19:19:54 +0100 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12GIJsVp009835 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1615918794; bh=cEe+KKu9WFYEwFiDgxQ8dVXyj9kxHJ1Kgk/z+L7jq4I=; h=Subject:From:To:Date:From; b=Gvf7+B3q4j18TUEMnja77ILs++CbPOSZfDfSFD1au7zmwIk1Bm1y3PuHZjUIUgyNF r4tSodZPa3LiaNTkhoXivvJmxoGu2PG9TpuGOfJJsZ0ZAhOld2Q7UPMyuZQ1J6b3xk ssnlfVVl7ApFDEPIayS58M+zk47pv7WQt9DcTz+s= Message-ID: <0524f6bfe10befabf7969aa0fbf90503e7db1ab7.camel@zaclys.net> Subject: Fancify guix lint -c cve output From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: 47193@debbugs.gnu.org Date: Tue, 16 Mar 2021 19:19:54 +0100 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-+miriNulbJpzLW8VkL2r" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47193 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-+miriNulbJpzLW8VkL2r Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello! Thanks a lot for working on this!! :-D I get a warning during compilation: guix/cve.scm:328:18: warning: possibly unbound variable `cve-item-base- severity' I also just tried it on patch package and it fails: $ ./pre-inst-env guix lint -c cve patch Backtrace:atch@2.7.6 [cve]... In ice-9/boot-9.scm: 1736:10 18 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 17 (apply-smob/0 #) In ice-9/boot-9.scm: 718:2 16 (call-with-prompt _ _ #) In ice-9/eval.scm: 619:8 15 (_ #(#(#))) In guix/ui.scm: 2164:12 14 (run-guix-command _ . _) In ice-9/boot-9.scm: 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _) 1731:15 12 (with-exception-handler # =E2=80=A6) In srfi/srfi-1.scm: 634:9 11 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 65:4 10 (run-checkers # =E2=80=A6) In srfi/srfi-1.scm: 634:9 9 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 74:21 8 (_ _) In guix/lint.scm: 1205:4 7 (check-vulnerabilities # =E2=80=A6) 1151:9 6 (_ _) In unknown file: 5 (force #) In guix/lint.scm: 1134:2 4 (_) 1093:2 3 (call-with-networking-fail-safe _ _ _) In ice-9/boot-9.scm: 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _) 1669:16 1 (raise-exception _ #:continuable? _) 1667:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1667:16: In procedure raise-exception: Throw to key `match-error' with args `("match" "no matching pattern" (v "CVE-2021-0212" (("contrail_networking" (< "1911.31")))))'. --=-+miriNulbJpzLW8VkL2r Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBQ9soACgkQRaix6GvN EKYXog//ez84TN6zVwbx16DnWHmRSgPPxnkPL4duWN6KevtxhZCEpB9oVMKO+5ao WnJZt7c3XdkVUWM5KH6ik00p0kQehpz8AWvisGuhiBj43c3QKKXJ1j9dUZiFRfOw uMiWqX7nv8ZAJa4Q3xp1Nd3j/S0vM/Wv/ZcvElnJFs1bsXTKPrCz8GwfbS4vzjI1 Z1yg838V54iPHWPnHjRWSEtLir5Z+3EImsIgkfj5BLunXYZWIqE88uzFn+lYQTes WFqFNgW2JM6o16Gsa1d6lQ8Q76PUh2jwqDHjBUdTpcezKZ23J7rdG4pcdoxxxhry TmzjgLbUuR/e+mHKULK1YpgFOZkcb/QzDx50m9h9fryGVp4fiUCcnEOLH8sobQnB zAbMzFgaG2S7AMxA1lJ5pe1Y+kIQs5wBxUqCVVu8cyqBocXJH7yY8N6lfP/iEze9 gFUaXjahLjtSK+55r2m4AAxKI3ucfodpLaFtpJ0Cwlc2cSekdtkAOfmyh7GNDW19 dSEzpiE8eXuwXQ5vheHAYPpvH2dVrStOn4gHECZvB5NqutqeFGVQshb3AiwkSU+P 1Sb7Zq9ghNcRmnZ1/begvC/GEQgYRnCaXbB2yPwih5xrOIt1jFb9nqNnYdiOM9Nm bMZ/yZ9Es5DQaqif9Rn9lKtec9NBU/hzuPP0r2ZVPAC6CnY9uxQ= =MNBF -----END PGP SIGNATURE----- --=-+miriNulbJpzLW8VkL2r-- From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 16 17:12:54 2021 Received: (at submit) by debbugs.gnu.org; 16 Mar 2021 21:12:54 +0000 Received: from localhost ([127.0.0.1]:41190 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMGzm-0003l1-Ds for submit@debbugs.gnu.org; Tue, 16 Mar 2021 17:12:54 -0400 Received: from lists.gnu.org ([209.51.188.17]:34462) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMGzl-0003ku-4t for submit@debbugs.gnu.org; Tue, 16 Mar 2021 17:12:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51054) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMGzk-0003kx-W4 for guix-patches@gnu.org; Tue, 16 Mar 2021 17:12:53 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:55542) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMGzj-00023z-8s for guix-patches@gnu.org; Tue, 16 Mar 2021 17:12:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=x6z5aO2e3vTHEP0Zwwbbt4RffBa1/l9D40bkKagdxwY=; h=date:in-reply-to: references:subject:cc:to:from; b=PQJu/RX4y9KgJ0p2f+xQUmJYgDKgiZWypF17a ojxrOGMEu+CTUbu9WeCKHA6VCMD5MjhJxl7i2Lnk0j+b1SYpal4W172L6xYIslm87Fmm7K y2fn5Qt+kZ5VOxETQn2f1roQNhlGfIfiXeCN3ldc3puIRbG12eV994WUWbU5BW4vbIWeH4 ExdFf00Wi2LvMR9WBmpkzRHdxpOVDzYgz0EncE8yCts1tstoXko1EHr1wg9r4pNwPESKEf YzmECoWgGanu0RiCLBdZx3Fe0TAhwzmqlppETXWQl4UWsilRpzie4Jnu++WYeVcFmswB0J BkCVnp49QMRFqmmRsT+S0k/eQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 9d607ae0 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Tue, 16 Mar 2021 21:13:49 +0000 (UTC) BIMI-Selector: v=BIMI1; s=default; From: Tobias Geerinckx-Rice To: =?utf-8?Q?L=C3=A9o?= Le Bouter Subject: Re: [bug#47193] Fancify guix lint -c cve output References: <87im5rm6lw.fsf@nckx> <0524f6bfe10befabf7969aa0fbf90503e7db1ab7.camel@zaclys.net> In-reply-to: <0524f6bfe10befabf7969aa0fbf90503e7db1ab7.camel@zaclys.net> Date: Tue, 16 Mar 2021 22:12:46 +0100 Message-ID: <87a6r2n6pd.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit Cc: guix-patches@gnu.org, 47193@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable L=C3=A9o! L=C3=A9o Le Bouter via Guix-patches via =E5=86=99=E9=81=93=EF=BC=9A > guix/cve.scm:328:18: warning: possibly unbound variable=20 > `cve-item-base- > severity' One dark and stormy night I turned away an old woman at my doors,=20 and ever since I have been cursed to include at least one stupid=20 typo in each patch I send. True story. Thanks for testing. Fixed but it should not affect running guix=20 lint. > I also just tried it on patch package and it fails: Hmm. I bet =E2=80=98rm -rf ~/.cache/guix/http=E2=80=99 will make this go=20 conveniently away, just like lady stormypants. > (v "CVE-2021-0212" (("contrail_networking" ... This is a stale cache file lacking the newly added =E2=80=98severity=E2=80= =99=20 field: (v "CVE-2021-0212" "MEDIUM" (("contrail_networking" ... I bumped the format version to 2 in (guix cve) to signal this=20 incompatible change, but it appears this field may exist merely as=20 a friendly reminder to actually add version handling some day...? I guess today is that day. Bah, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYFEfTg0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15JlIBAIvIK40UPqe2mRMqSsrtMakRYy7pIzXT/Eom5J+L +f0mAP9yT4r4kD1gHQZf+Gu2gT5Z3ykwh6oDg1ENJSD2JEl/CA== =Ljfm -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 17 04:13:53 2021 Received: (at 47193) by debbugs.gnu.org; 17 Mar 2021 08:13:53 +0000 Received: from localhost ([127.0.0.1]:41868 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMRJR-0002vJ-FT for submit@debbugs.gnu.org; Wed, 17 Mar 2021 04:13:53 -0400 Received: from mail.zaclys.net ([178.33.93.72]:47083) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMRJN-0002v3-Or for 47193@debbugs.gnu.org; Wed, 17 Mar 2021 04:13:52 -0400 Received: from guix-xps.local (82-64-145-38.subs.proxad.net [82.64.145.38]) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12H8DgOw059913 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 17 Mar 2021 09:13:42 +0100 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12H8DgOw059913 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1615968823; bh=ElJThSKmCIRopXH6G3XUQ8sxHE04Fz4WRi4SflMQx1Q=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=GF9UPesBhtGRu1RuStUWlUvIWV/h5ij1lnhfZVVWs+McWya3mFCEv8nzQ0KcIZEsq t6KJn/4+3ixYy3AYKQiXOcum+I7BcCiZnSRvWoqBxf5cVGQzlYqjg/x5wDThcpu1Is NgTVW/YEQ0fnxXswo1u0E4CoeFQsKjCTrrS4KiYA= Message-ID: Subject: Re: [bug#47193] Fancify guix lint -c cve output From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: Tobias Geerinckx-Rice Date: Wed, 17 Mar 2021 09:13:36 +0100 In-Reply-To: <87a6r2n6pd.fsf@nckx> References: <87im5rm6lw.fsf@nckx> <0524f6bfe10befabf7969aa0fbf90503e7db1ab7.camel@zaclys.net> <87a6r2n6pd.fsf@nckx> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-fe9/7lP/3Bt8kHiWt+yj" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47193 Cc: guix-patches@gnu.org, 47193@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-fe9/7lP/3Bt8kHiWt+yj Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2021-03-16 at 22:12 +0100, Tobias Geerinckx-Rice wrote: > L=C3=A9o! Tobias! :-) > L=C3=A9o Le Bouter via Guix-patches via =E5=86=99=E9=81=93=EF=BC=9A > > guix/cve.scm:328:18: warning: possibly unbound variable=20 > > `cve-item-base- > > severity' >=20 > One dark and stormy night I turned away an old woman at my doors,=20 > and ever since I have been cursed to include at least one stupid=20 > typo in each patch I send. True story. >=20 > Thanks for testing. Fixed but it should not affect running guix=20 > lint. I tried fixing it as well, $ git diff diff --git a/guix/cve.scm b/guix/cve.scm index 3809e4493f..d52ea05117 100644 --- a/guix/cve.scm +++ b/guix/cve.scm @@ -325,7 +325,7 @@ versions." return #f if ITEM does not list any configuration or if it does not list any \"a\" (application) configuration." (let ((id (cve-id (cve-item-cve item))) - (severity (cve-item-base-severity item))) + (severity (cve-item-cvssv3-base-severity item))) (match (cve-item-configurations item) (() ;no configurations #f) Look right? > Hmm. I bet =E2=80=98rm -rf ~/.cache/guix/http=E2=80=99 will make this go= =20 > conveniently away, just like lady stormypants. I tried that (without the fix above) and: $ ./pre-inst-env guix lint -c cve patch fetching CVE database for 2021... Backtrace: In ice-9/boot-9.scm: 1736:10 18 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 17 (apply-smob/0 #) In ice-9/boot-9.scm: 718:2 16 (call-with-prompt _ _ #) In ice-9/eval.scm: 619:8 15 (_ #(#(#))) In guix/ui.scm: 2164:12 14 (run-guix-command _ . _) In ice-9/boot-9.scm: 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _) 1731:15 12 (with-exception-handler # =E2=80=A6) In srfi/srfi-1.scm: 634:9 11 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 65:4 10 (run-checkers _ _ #:store _) In srfi/srfi-1.scm: 634:9 9 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 74:21 8 (_ _) In guix/lint.scm: 1205:4 7 (check-vulnerabilities _ _) 1151:9 6 (_ _) In unknown file: 5 (force #) In guix/lint.scm: 1134:2 4 (_) 1093:2 3 (call-with-networking-fail-safe _ _ _) In ice-9/boot-9.scm: 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _) 1669:16 1 (raise-exception _ #:continuable? _) 1667:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1667:16: In procedure raise-exception: error: cve-item-base-severity: unbound variable Then *with* the fix: $ ./pre-inst-env guix lint -c cve patch fetching CVE database for 2021... Backtrace: In ice-9/boot-9.scm: 1736:10 18 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 17 (apply-smob/0 #) In ice-9/boot-9.scm: 718:2 16 (call-with-prompt _ _ #) In ice-9/eval.scm: 619:8 15 (_ #(#(#))) In guix/ui.scm: 2164:12 14 (run-guix-command _ . _) In ice-9/boot-9.scm: 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _) 1731:15 12 (with-exception-handler # =E2=80=A6) In srfi/srfi-1.scm: 634:9 11 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 65:4 10 (run-checkers _ _ #:store _) In srfi/srfi-1.scm: 634:9 9 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 74:21 8 (_ _) In guix/lint.scm: 1205:4 7 (check-vulnerabilities _ _) 1151:9 6 (_ _) In unknown file: 5 (force #) In guix/lint.scm: 1134:2 4 (_) 1093:2 3 (call-with-networking-fail-safe _ _ _) In ice-9/boot-9.scm: 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _) 1669:16 1 (raise-exception _ #:continuable? _) 1667:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1667:16: In procedure raise-exception: Throw to key `match-error' with args `("match" "no matching pattern" (vulnerabilities 2 ((v "CVE-2021-0212" "MEDIUM" (("contrail_networking" (< "1911.31")))) (v "CVE-2021-0220" "MEDIUM" (("junos_space" (or "19.1" (or "18.4" (or "18.3" (or "18.2" (or "18.1r1" (or "18.1" (or "17.21.4" (or "17.2" (or "17.1" (or "16.1" (or "15.2" (or "15.14" (or "15.12" (or "15.1" (or "14.1" (or "13.33" (or "13.11.8" (or "13.1" (or "12.3" (or "12.2" (or "12.1" (or "11.4" (or "11.3" (or "11.2" (or "11.1" (or "2.0" (or "1.4" (or "1.3" (or "1.2" (or "1.1" "1.0"))))))))))))))))))))))))))))))))) (v "CVE-2021-1051" "HIGH" (("gpu_driver" (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>=3D "418") (< "427.11")) (and (>=3D "390") (< "392.63")))))))) (v "CVE-2021-1052" "HIGH" (("gpu_driver" (or (or (and (>=3D "460") (< "460.32.03")) (or (and (>=3D "450") (< "450.102.04")) (and (>=3D "390") (< "390.141")))) (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>=3D "418") (< "427.11")) (and (>=3D "390") (< "392.63"))))))))) (v "CVE-2021-1053" "MEDIUM" (("gpu_driver" (or (or (and (>=3D "460") (< "460.32.03")) (or (and (>=3D "450") (< "450.102.04")) (and (>=3D "390") (< "390.141")))) (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>=3D "418") (< "427.11")) (and (>=3D "390") (< "392.63"))))))))) (v "CVE-2021-1054" "MEDIUM" (("gpu_driver" (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>=3D "418") (< "427.11")) (and (>=3D "390") (< "392.63")))))))) (v "CVE-2021-1055" "MEDIUM" (("gpu_driver" (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>= =3D " [...] I ran "$ rm -rf ~/.cache/guix/http" between each and every of these attempts. The cache is clear, I also did make clean and recompiled (so no left around .go file). >=20 > > (v "CVE-2021-0212" (("contrail_networking" ... >=20 > This is a stale cache file lacking the newly added =E2=80=98severity=E2= =80=99=20 > field: >=20 > (v "CVE-2021-0212" "MEDIUM" (("contrail_networking" ... >=20 > I bumped the format version to 2 in (guix cve) to signal this=20 > incompatible change, but it appears this field may exist merely as=20 > a friendly reminder to actually add version handling some day...? >=20 > I guess today is that day. >=20 > Bah, Don't know! I think there's some other issue here, or maybe you modified the patch a little more on your side. PS: I looked at the image you initially posted and the output looks really nice and helpful!! >=20 > T G-R Thank you :-D L=C3=A9o --=-fe9/7lP/3Bt8kHiWt+yj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBRujAACgkQRaix6GvN EKbABxAAxIQIanIXnFBBdfYDq37dBFdPHW76Ds7Ca7s6/SG5eEFd/W3vYQ2+e5qu bru3iy/UWD7jXkwCwym0UdB1e5SRcOTfRO7raELjLIe/AfnIEg0KCE+wDCHkyxFv uu2PmshtHbcIZHKumiXjL470PoG2v3OGUQHm6Zk4eSJPcxW6OoiNK/CB8oguBI5C 31iyGyyWri0Z4ITYCt7e3KuGVIbr6WkUO1yOc5v71rmfgrs7TVtkDXcEsBOeH5eF Axaw77S+ehRDeI/UVaMYkjLG8aPdgMGitFQE7UNzonnUCNxMbPs1/1i3KE7pUHpt 0Kb9P+HbhgdmgL3keH3i2UFOTjh548fnGfbhFgR/9LFroQUY9DKSGQnQq2GCahFM 0fptMRcxsOFd/awIK9Ef35FzbLL9wxNB4nAs3xLeid8/mJ/3CJxLOz/eNuFfvvjP 7Wl9FagPhuVMhEbLAB+inKIRe8Jkhz2+XUMBih9utRFtNuUYUsoYIEmZp3CRq4LO tLcIyhq9G5gLfKvw0VCQeT6f/LgiSVTeud0jsL40SrDoHmh/jue+Mvro2d4enmXu epjtIXorc5DjAbjFgvbCpDhrWd6DrwPsPwS+O206RQcgPwwyFKiRoz9PW0f7yI7f ZODDjyzkjyfPMwdD6r5oe27t68ZaeOn/PXHOQIhFzOeB3InDzKI= =WI21 -----END PGP SIGNATURE----- --=-fe9/7lP/3Bt8kHiWt+yj-- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 17 15:32:35 2021 Received: (at 47193) by debbugs.gnu.org; 17 Mar 2021 19:32:35 +0000 Received: from localhost ([127.0.0.1]:44010 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMbuF-0007uY-Ka for submit@debbugs.gnu.org; Wed, 17 Mar 2021 15:32:35 -0400 Received: from tobias.gr ([80.241.217.52]:34358) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMbuD-0007uM-3A for 47193@debbugs.gnu.org; Wed, 17 Mar 2021 15:32:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=2dgm+TU7tuVQ3+H6H0RQPTm8xWejeGZsafU16TB3bcU=; h=date:in-reply-to: references:subject:cc:to:from; b=VGY6smcaMIWt4CQOvx7nlZwPKrlo+agYItad0 Am8mzI61gyuTfzy2mi1iDfxdzRzHnBBpd3kQGmPY5Tu1ywLcq1ZiXPHe688ofCkcgqmk4z m6j7teICbepNw8YqSbEzL/EslhMdh9+2lF6NYm1ZrLJ3aNNQJHKrUU2Xs8uwDzoNtAlZ4Y tZxsN6LxXwl0P9N84hw8LCARYJ8dydhQjRjfhNYOx+Erx1dS7oU8YQcF0q3CzDuJJ9UJaX MtK2soJSlyaB4nwibzFGW+tubsTECDvXQ6bwag7mWMYXfC1Iu0iL0OW2CBNTZC1TSkoTSW HyOGc53uar2HqWsZ2mZRl686w== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id e8fd6ee4 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Wed, 17 Mar 2021 19:33:33 +0000 (UTC) BIMI-Selector: v=BIMI1; s=default; From: Tobias Geerinckx-Rice To: =?utf-8?Q?L=C3=A9o?= Le Bouter Subject: Re: [bug#47193] Fancify guix lint -c cve output References: <87im5rm6lw.fsf@nckx> <0524f6bfe10befabf7969aa0fbf90503e7db1ab7.camel@zaclys.net> <87a6r2n6pd.fsf@nckx> In-reply-to: Date: Wed, 17 Mar 2021 20:32:30 +0100 Message-ID: <87y2ellgoh.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 47193 Cc: guix-patches@gnu.org, 47193@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable L=C3=A9o Le Bouter =E5=86=99=E9=81=93=EF=BC=9A > On Tue, 2021-03-16 at 22:12 +0100, Tobias Geerinckx-Rice wrote: >> L=C3=A9o! > > Tobias! :-) Yes! > ice-9/boot-9.scm:1667:16: In procedure raise-exception: > Throw to key `match-error' with args `("match" "no matching=20 > pattern" > (vulnerabilities 2 ((v "CVE-2021-0212" "MEDIUM"=20 > (("contrail_networking" Thanks for including the full error message. Now the cached=20 data's as expected but the code chokes on it anyway. Sure, why=20 not. > Don't know! I think there's some other issue here, or maybe you > modified the patch a little more on your side. I haven't, and like you've I (regularly) remove stale .go files=20 and delete ~/.cache/guix. Works like a screenshotted charm. I'm not in the mood for spooks; time to bust out the flamethrower=20 that is a fresh git clone. > PS: I looked at the image you initially posted and the output=20 > looks > really nice and helpful!! Oh, good to know that is what you had in mind. I wasn't sure. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYFJZTg0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15NvQA/RDGt0+xcfDPrAR4GMDg4YhxdltkQd4BWfl3giIs nSF2AQDW3PqSAMXgDl0SZuHrghnr9GdvOqs/KScOhhD0LyI8BQ== =p0xS -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 31 08:53:11 2021 Received: (at 47193) by debbugs.gnu.org; 31 Mar 2021 12:53:11 +0000 Received: from localhost ([127.0.0.1]:53797 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRaLO-0001vb-P9 for submit@debbugs.gnu.org; Wed, 31 Mar 2021 08:53:11 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRaLN-0001vO-Jw for 47193@debbugs.gnu.org; Wed, 31 Mar 2021 08:53:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59098) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRaLH-0007Ng-D6; Wed, 31 Mar 2021 08:53:03 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=60236 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lRaLG-0000Db-Bz; Wed, 31 Mar 2021 08:53:03 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Tobias Geerinckx-Rice Subject: Re: bug#47193: Fancify guix lint -c cve output References: <87im5rm6lw.fsf@nckx> <20210316160653.9891-1-me@tobias.gr> Date: Wed, 31 Mar 2021 14:53:00 +0200 In-Reply-To: <20210316160653.9891-1-me@tobias.gr> (Tobias Geerinckx-Rice's message of "Tue, 16 Mar 2021 17:06:52 +0100") Message-ID: <87mtuja3ir.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47193 Cc: 47193@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi! Tobias Geerinckx-Rice skribis: > * guix/lint.scm (check-vulnerabilities): Sort unpatched vulnerabilities > by ID. [...] > (make-warning > package > (G_ "probably vulnerable to ~a") > - (list (string-join (map vulnerability-id unpatched) > + (list (string-join (map vulnerability-id > + (sort unpatched vulnerability<)) > ", ")))))))))) Nitpick: it might be a bit clearer done the other way around: (sort (map vulnerability-id unpatched) cve-id) id 1lRaVl-0002Bi-K7 for submit@debbugs.gnu.org; Wed, 31 Mar 2021 09:03:53 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48348) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRaVi-0002BN-H0 for 47193@debbugs.gnu.org; Wed, 31 Mar 2021 09:03:53 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59213) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRaVc-0005Qk-RP; Wed, 31 Mar 2021 09:03:44 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=60242 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lRaVb-0002Ni-Q6; Wed, 31 Mar 2021 09:03:44 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Tobias Geerinckx-Rice Subject: Re: bug#47193: Fancify guix lint -c cve output References: <20210316160653.9891-1-me@tobias.gr> <20210316160653.9891-2-me@tobias.gr> Date: Wed, 31 Mar 2021 15:03:42 +0200 In-Reply-To: <20210316160653.9891-2-me@tobias.gr> (Tobias Geerinckx-Rice's message of "Tue, 16 Mar 2021 17:06:53 +0100") Message-ID: <87h7kra30x.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47193 Cc: 47193@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, Tobias Geerinckx-Rice skribis: > * guix/cve.scm [cvss3-base-severity]: New field. > (impact-data->cve-cvss3-base-severity): New procedure. > [severity]: New field. > (vulnerability->sexp, sexp->vulnerability, cve-item->vulnerability) > (write-cache): Bump the format version to 2. > (vulnerabilities->lookup-proc): Adjust accordingly. > * guix/lint.scm (check-vulnerabilities): Indicate CVE severity according > to the output port's terminal capabilities. I would move the lint.scm bit to a separate patch. Please also add a short test for =E2=80=98vulnerability-severity=E2=80=99 in tests/cve.scm. [...] > + (cvssv3-base-severity cve-item-cvssv3-base-severity ;string > + "impact" impact-data->cve-cvssv3-base-severity) > + (published-date cve-item-published-date > + "publishedDate" string->date*) > + (last-modified-date cve-item-last-modified-date > + "lastModifiedDate" string->date*)) >=20=20 > (define-json-mapping cve cve? > json->cve > @@ -183,6 +188,15 @@ element found in CVEs, return an sexp such as (\"bin= utils\" (< > (let ((nodes (vector->list (assoc-ref alist "nodes")))) > (filter-map node->configuration nodes))) >=20=20 > +(define (impact-data->cve-cvssv3-base-severity alist) > + "Given ALIST, a JSON dictionary for the \"impact\" element found in > +CVEs, return a string indicating its CVSSv3 severity. This should be > +one of \"NONE\", \"LOW\", \"MEDIUM\", \"HIGH\", or \"CRITICAL\", but we > +return whatever we find, or #F if the severity cannot be determined." > + (let* ((base-metric-v3 (assoc-ref alist "baseMetricV3")) > + (cvss-v3 (assoc-ref base-metric-v3 "cvssV3"))) > + (assoc-ref cvss-v3 "baseSeverity"))) I would pass the result through (string->symbol (string-downcase =E2=80=A6)= ). For clarity, perhaps we can do: (define-json-mapping cvss cvss? json->cvss (vector-string cvss-vector-string =E2=80=9Cvector_String") (base-severity cvss-severity "base_Severity" (compose string->symbol string-downcase))) =E2=80=A6 and use that instead of the last =E2=80=98assoc-ref=E2=80=99 call= above. The rest LGTM. Thanks for this pleasant improvement! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 31 09:06:15 2021 Received: (at 47193) by debbugs.gnu.org; 31 Mar 2021 13:06:15 +0000 Received: from localhost ([127.0.0.1]:53813 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRaY3-0002Fb-3d for submit@debbugs.gnu.org; Wed, 31 Mar 2021 09:06:15 -0400 Received: from mail.zaclys.net ([178.33.93.72]:60425) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRaY0-0002FK-Vy for 47193@debbugs.gnu.org; Wed, 31 Mar 2021 09:06:14 -0400 Received: from [192.168.1.115] (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12VD66AM011558 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 31 Mar 2021 15:06:06 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12VD66AM011558 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617195967; bh=DARLuGsu5kilAMB0yzPFNgUYG2L2AFs2zE+MBoatmsM=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=C1o/MO27tJjAWv9csxUpvvtQaoSqLl53ihy9W7EZixCU2p/X/gzBNWDXKr1VDnl/R QFP5fm+AOfCTUHqzpmz+er082Rx/8vv/66hn6mfAFmaLdqLcqdK6anud0NRr897izF mAMHDWsFfA4ONM9IK0J7LA7E3CjwhHK+8ehK1GQk= Message-ID: <5ee2f722e9ad91ccacf6135d2e9b7e02e75c5977.camel@zaclys.net> Subject: Re: [bug#47193] Fancify guix lint -c cve output From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: Ludovic =?ISO-8859-1?Q?Court=E8s?= , Tobias Geerinckx-Rice Date: Wed, 31 Mar 2021 15:06:02 +0200 In-Reply-To: <87h7kra30x.fsf_-_@gnu.org> References: <20210316160653.9891-1-me@tobias.gr> <20210316160653.9891-2-me@tobias.gr> <87h7kra30x.fsf_-_@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-+zDbxedgiRPokL03rSmh" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47193 Cc: 47193@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-+zDbxedgiRPokL03rSmh Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2021-03-31 at 15:03 +0200, Ludovic Court=C3=A8s wrote: [...] > The rest LGTM. >=20 > Thanks for this pleasant improvement! >=20 > Ludo=E2=80=99. >=20 Hello Ludo! Did you get it to work on your end? L=C3=A9o --=-+zDbxedgiRPokL03rSmh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBkc7oACgkQRaix6GvN EKZAHhAAr73e221fgyWJuNEAEplBTeOlT+uIKBJx6xrPeUsh/hTvNde3hlOWh3pO Wh8bmjGtSYFT/p3GBRhpLgUGigtCsj72h12EfWE3SCHKPzbeBq9ioHuSeb1BqpKT OdseAdvz7L7GGYLiD5+DvHX6CUOUYKWLBSvspOJUadSB5MZYSiLMpVQ1MG6lHsjq FMEDKxTQ9KwUhuZoMA9VwJ4bkGJQhh38uoDczSxwYgQx24l7suBoNWHM8TMixqP8 BOAbk6cSC4QeF4XEiyn4aV1zNRWXn4rNKTmOWUKNJRA+oCrq/fRK5pc/c04CMXUV HXYOWbDpjCokw8z3HtzSxv346cBKsqs6ve/yw8NjRIq7129/qWPepDgXSg7DwhFV a36Arq01guvHPBfi6NODxMsj8ab87g71qpF9HEpsWgcMuk6vi+gt3ggwlOW37Avy OcYohGFXPGmRtsIWyoVr16K6qKOndstcFXQKmbuZp+Y2nCQ5MnbnE/nBDxFdRq8q P4qefRtcbw09fBwqDQmXXWGKqqdtLOMjcBR+N7tyKgS8Imp1kUqSceHugQPXb/YE w8DNeGMbI2SNOApgSfYecjzk1HbmS7OxBqGzpab7chEqS4wXLk9GLZBXa29kkS+X leJr5aH7wZjlvHWGJbxO1lQQkt8q+ImcIBtJvofH4y42pCxhOmQ= =U0tW -----END PGP SIGNATURE----- --=-+zDbxedgiRPokL03rSmh-- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 31 16:57:52 2021 Received: (at 47193) by debbugs.gnu.org; 31 Mar 2021 20:57:52 +0000 Received: from localhost ([127.0.0.1]:55647 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRhuR-0008AP-NN for submit@debbugs.gnu.org; Wed, 31 Mar 2021 16:57:51 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35528) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRhuP-0008AC-NQ for 47193@debbugs.gnu.org; Wed, 31 Mar 2021 16:57:50 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40445) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRhuJ-0008T4-Cf; Wed, 31 Mar 2021 16:57:43 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=55558 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lRhuI-0002fv-9f; Wed, 31 Mar 2021 16:57:42 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: =?utf-8?Q?L=C3=A9o?= Le Bouter Subject: Re: [bug#47193] Fancify guix lint -c cve output References: <20210316160653.9891-1-me@tobias.gr> <20210316160653.9891-2-me@tobias.gr> <87h7kra30x.fsf_-_@gnu.org> <5ee2f722e9ad91ccacf6135d2e9b7e02e75c5977.camel@zaclys.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 11 Germinal an 229 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 31 Mar 2021 22:57:40 +0200 In-Reply-To: <5ee2f722e9ad91ccacf6135d2e9b7e02e75c5977.camel@zaclys.net> (=?utf-8?Q?=22L=C3=A9o?= Le Bouter"'s message of "Wed, 31 Mar 2021 15:06:02 +0200") Message-ID: <87eefv59dn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47193 Cc: Tobias Geerinckx-Rice , 47193@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) L=C3=A9o Le Bouter skribis: > Did you get it to work on your end? I didn=E2=80=99t try, but I=E2=80=99m confident Tobias will do the right th= ing! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 01 19:36:45 2021 Received: (at 47193) by debbugs.gnu.org; 1 Apr 2021 23:36:45 +0000 Received: from localhost ([127.0.0.1]:58851 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lS6rk-0007F7-U7 for submit@debbugs.gnu.org; Thu, 01 Apr 2021 19:36:45 -0400 Received: from mail.zaclys.net ([178.33.93.72]:44215) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lS6ri-0007Eq-4r for 47193@debbugs.gnu.org; Thu, 01 Apr 2021 19:36:43 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 131NaYO8022821 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 2 Apr 2021 01:36:35 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 131NaYO8022821 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617320195; bh=6wsc+brwYjA5WbbxUy0bMif9W1VCKUM1Kx88iXNDmks=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=EHvjr2EAvBKbEq5FYAemFCLDqjxN9/wlIAHJyuSz0VxYsQP2qq7s8Ops9pdTRxC/l u+oJvmFgQCpJEd+8G9JroJcfq9KDpUDXmAyxvtL4NvtliJBdBA3/anIwCZicwoiPET YgSDeGjOhzTMzOVg3rvDUyarNbC99nCrFOF0W0WM= Message-ID: <20b933907295e6f8a7dc6b1c0b813823e7331022.camel@zaclys.net> Subject: Re: [bug#47193] Fancify guix lint -c cve output From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Fri, 02 Apr 2021 01:36:29 +0200 In-Reply-To: <87eefv59dn.fsf@gnu.org> References: <20210316160653.9891-1-me@tobias.gr> <20210316160653.9891-2-me@tobias.gr> <87h7kra30x.fsf_-_@gnu.org> <5ee2f722e9ad91ccacf6135d2e9b7e02e75c5977.camel@zaclys.net> <87eefv59dn.fsf@gnu.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-XjGMPfZaP4Z0t3+KEHju" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47193 Cc: Tobias Geerinckx-Rice , 47193@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-XjGMPfZaP4Z0t3+KEHju Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2021-03-31 at 22:57 +0200, Ludovic Court=C3=A8s wrote: > L=C3=A9o Le Bouter skribis: >=20 > > Did you get it to work on your end? >=20 > I didn=E2=80=99t try, but I=E2=80=99m confident Tobias will do the right = thing! >=20 > Ludo=E2=80=99. I see, thanks, I was looking to get it to work for me since Tobias seems busy maybe you had some elements I could use, I don't doubt they will do the right thing! --=-XjGMPfZaP4Z0t3+KEHju Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBmWP0ACgkQRaix6GvN EKZ2AA/+P3xDg5TupLcAbZAmeXz6gVWD5pEc4PjMCPJjfUo/zqLLUL/2vSqGNLR0 h2pyFQ7o2L/Z1novPcCZW3Pq5jS+ylB1isla0e/BqJ2ikmKvGSo1xBtvgJTTf+MU /A0zUUFWeth3MFJUgNd7gX52o1LRK9DEIrJRDmnJnJgHuJAdbvIMEplFa9Wg0PbQ 5dL601P0lNYvV7uXa9YjOeKKH6s7F0s6miOQXg+l5bXeUxG/1wilh0qD/OS/8jxg lVrUobLyYr8pLVh0wn1sjcm4TI8+AIMdPL+ydmtJPWNQpwNsvxsG618QjV37NZIY pUX2PtnhjLh2oKbaZKzGzk2bwVVHPeAJ7ojKWxDzNPpDhfpETt/YyGOwNWv4cy8d e02RgW1psmDf9UU1+ZPBDY6krNnzNirBXRWGiBsZ2EbcvuVwM4yBULWbgWLcCm8D MTVdppgFIEHBZVnE/uVhCbaS8f0x2LnLWsaO0/c9Kcx4Il2F9YFm67IjC44O8spB 38wUH/0Iv2N6h2695YugWMWQUVqAQ4oQQMRVmY5aLKAis1u5K+sRuvpwrd4O6wbM ouCgZJ+8GKzeYTczJBkXWmNafrLe8FODF4/nTHXwXdTDXet0Bpf8GVqy0i7uujtn GJzxSdl757AFwJtynPPtPzdz0xBzsFgrpObsgBFjMDgAznZz/E0= =DelZ -----END PGP SIGNATURE----- --=-XjGMPfZaP4Z0t3+KEHju--