From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:bcc0::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id vVOsBrOhgGAplwAAgWs5BA (envelope-from ) for ; Thu, 22 Apr 2021 00:05:39 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id KC0iAbOhgGDXSgAAB5/wlQ (envelope-from ) for ; Wed, 21 Apr 2021 22:05:39 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4B6802116A for ; Thu, 22 Apr 2021 00:05:38 +0200 (CEST) Received: from localhost ([::1]:46224 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lZKyW-0001v5-SI for larch@yhetil.org; Wed, 21 Apr 2021 18:05:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:46290) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lZKxy-0001qJ-A1 for bug-guix@gnu.org; Wed, 21 Apr 2021 18:05:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:48456) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lZKxx-0006uJ-W0 for bug-guix@gnu.org; Wed, 21 Apr 2021 18:05:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lZKxx-0008Gw-R7 for bug-guix@gnu.org; Wed, 21 Apr 2021 18:05:01 -0400 Subject: bug#47941: guix lint -c cve stacktrace Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-To: bug-guix@gnu.org Resent-Date: Wed, 21 Apr 2021 22:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 47941 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Jack Hill Mail-Followup-To: 47941@debbugs.gnu.org, ludo@gnu.org, jackhill@jackhill.us Received: via spool by 47941-done@debbugs.gnu.org id=D47941.161904268731768 (code D ref 47941); Wed, 21 Apr 2021 22:05:01 +0000 Received: (at 47941-done) by debbugs.gnu.org; 21 Apr 2021 22:04:47 +0000 Received: from localhost ([127.0.0.1]:60001 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lZKxi-0008GJ-PH for submit@debbugs.gnu.org; Wed, 21 Apr 2021 18:04:47 -0400 Received: from eggs.gnu.org ([209.51.188.92]:33616) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lZKxg-0008G6-TN for 47941-done@debbugs.gnu.org; Wed, 21 Apr 2021 18:04:45 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36511) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lZKxb-0006ka-E6; Wed, 21 Apr 2021 18:04:39 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=55810 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lZKxa-00027z-5a; Wed, 21 Apr 2021 18:04:38 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: Date: Thu, 22 Apr 2021 00:04:35 +0200 In-Reply-To: (Jack Hill's message of "Wed, 21 Apr 2021 16:29:58 -0400 (EDT)") Message-ID: <87im4f2t1o.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 47941-done@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619042738; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-to: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=O2i/FPXtY+qYM3MH+JYTPL2ot4ZKgo+T7R+nMPWUa18=; b=ChVFgLWWExtkWo/WYM8FC1d184ZgnYbxyNuZttnrREOafj8SGy8B4dgQSke9aHWEQEGdX7 FTAXwIlKyP7N595gmupHQ2aVV94XkgO8eR9HB05ETk57eLb0P+COIh1VX6zTd18guUlSO5 BEKd7zDJz7xQm51fWy5mQR2LsiwfVQc7zw0+oifhAZbj2Rs1lXumWontxsYAICHjnr7BQf Dpmngg4luDvMeIXB86rT3/bXV9GqveGThv6M1v8HoFLlYYcZXCvx1KGxeoKqa/dQBPIKJl IoDU2bWyqqnfGKZdnc/RmPbItvCs6O39bUISMaDi+Dslo/TgGiCnryl2OwD/sw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1619042738; a=rsa-sha256; cv=none; b=SJYyjiZcmYJ1J7OhGA0jn1FpYP2b/y7B4tqguwe6W3f2iK1CcRBrvpXeYnzWjFOas8jNMy rWR8FeKZwldDL8qG6x30EZjQ8VC5kOl7y++q6Vw9Az8caK8wKDofSY7Bn8RdUJtgZQytVn PYViNxRelhu1u/clyj7poCjEWt1RE42nMopLh/X+nnAf6xO9ROb93z7KGlRScCJD22DFi4 dUDVq2iMrS/hKpiN9gdPsZG8N9G/42XnqW/mf4Y94/l05nj8qwLLSUnd4yV4lXycSbvTwj /epgZho9IP3XkEQ74WCJ+u50Mvr92sudEyEb4FE2K367SfGV5V9Ewh5VL3ey5g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -2.94 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 4B6802116A X-Spam-Score: -2.94 X-Migadu-Scanner: scn0.migadu.com X-TUID: Xa+tzsdXWBvQ Hi, Jack Hill skribis: > Using guix ae5128e21eb7afa66bd7cfd7fd1bc5764d00663e, the cve lint > check fails when fetching the CVE database as follows: > > $ guix lint -c cve hello > fetching CVE database for 2021... > Backtrace: > 15 (primitive-load "/home/jackhill/.config/guix/current/bi=E2= =80=A6") > In guix/ui.scm: > 2164:12 14 (run-guix-command _ . _) > In ice-9/boot-9.scm: > 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _) > 1731:15 12 (with-exception-handler # =E2=80=A6) > In srfi/srfi-1.scm: > 634:9 11 (for-each # =E2=80=A6) > In guix/scripts/lint.scm: > 65:4 10 (run-checkers _ _ #:store _) > In srfi/srfi-1.scm: > 634:9 9 (for-each # =E2=80=A6) > In guix/scripts/lint.scm: > 74:21 8 (_ _) > In guix/lint.scm: > 1178:4 7 (check-vulnerabilities _ _) > 1170:9 6 (_ _) > In unknown file: > 5 (force #) > In guix/lint.scm: > 1153:2 4 (_) > 1112:2 3 (call-with-networking-fail-safe _ _ _) > In ice-9/boot-9.scm: > 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _) > 1669:16 1 (raise-exception _ #:continuable? _) > 1667:16 0 (raise-exception _ #:continuable? _) > > ice-9/boot-9.scm:1667:16: In procedure raise-exception: > Wrong type (expecting array): #f Fixed: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D7dbc2fcb45fac4a0b= 64fef8efa8c858a047d0498 It looks like a couple of bogus CVE entries crept in. It=E2=80=99s surpris= ing because we never encountered such issues before, so I wonder if MITRE changed something on their side. Thanks, Ludo=E2=80=99.