From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: GnuTLS security update Date: Mon, 12 Sep 2016 14:56:13 +0200 Message-ID: <87zindtgya.fsf@gnu.org> References: <20160911154108.GA13920@jasmine> <87zinei2dq.fsf@gnu.org> <20160912015322.GA3951@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <20160912015322.GA3951@jasmine> (Leo Famulari's message of "Sun, 11 Sep 2016 21:53:22 -0400") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org, bug-guix@gnu.org List-Id: bug-guix.gnu.org Leo Famulari skribis: > $ ./pre-inst-env guix build gnutls=20=20=20=20=20=20=20=20=20=20=20=20 > /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug > /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc > /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2 > > $ guix build gnutls # This Guix is from `guix pull`, not my Git repo. > /gnu/store/7dy8xca0y8vz94af242cqnq9ddk2nwxn-gnutls-3.5.2-debug > /gnu/store/q27cnlfkf8kc6gjl0cdw5nvq45lfllvx-gnutls-3.5.2-doc > /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2 > > $ guix gc --references $(./pre-inst-env guix build msmtp)=20 > /gnu/store/9nifwk709wajpyfwa0jzaa3p6mf10vxs-gcc-4.9.3-lib > /gnu/store/l1s4cw9g58hmcpd2qgbckfl228143qzx-glib-2.48.0 > /gnu/store/m9vxvhdj691bq1f85lpflvnhcvrdilih-glibc-2.23 > /gnu/store/nwzi32dmlrvqkfy5fplrh9ndnivxv851-libsecret-0.18.5 > /gnu/store/ppd0q1mwl6rz51y5bmmwz3x89hc561cw-msmtp-1.6.5 > /gnu/store/r60cjgawd6dqz3gfdmw4ihkvbcp27f3a-gsasl-1.8.0 > /gnu/store/ykzwykkvr2c80rw4l1qh3mvfdkl7jibi-bash-4.3.42 > /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2 > > The problem is that the msmtp package I have built using this patch does > not refer to the grafted gnutls. I got the same result after building a > fresh Git clone of Guix. Indeed, there=E2=80=99s a bug. :-/ With your patch, I get: --8<---------------cut here---------------start------------->8--- $ git describe v0.11.0-970-g8d4169a $ guix gc --references $(./pre-inst-env guix build msmtp)|grep gnutls /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2 $ ./pre-inst-env guix build gnutls /gnu/store/4x9r7rkinycxr7xda5a92knm8ikila6p-gnutls-3.5.2-debug /gnu/store/n93gb4n301rz46k9cm0d12hb26gq5lg5-gnutls-3.5.2-doc /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2 $ ./pre-inst-env guix build gnutls --no-grafts /gnu/store/23vx0mdw6q96pakyps2cjjvcjng1mxqx-gnutls-3.5.2-debug /gnu/store/p0zrk9424l0aljzsqyqx5zgh86x9glmi-gnutls-3.5.2-doc /gnu/store/1qv5i6rfxjc4d0rg7z6r9dapmf85kzmy-gnutls-3.5.2 $ /gnu/store/yrl3c1mxqwcpppyh0sjlwn3sj2w5qj54-gnutls-3.5.2/bin/gnutls-cli -= -version gnutls-cli 3.5.2 Copyright (C) 2000-2016 Free Software Foundation, and others, all rights re= served. This is free software. It is licensed for use, modification and redistribution under the terms of the GNU General Public License, version 3 or later Please send bug reports to: $ /gnu/store/di3yhn5hy4hzshpazkc6dkb4r67dbhks-gnutls-3.5.2/bin/gnutls-cli -= -version gnutls-cli 3.5.4 Copyright (C) 2000-2016 Free Software Foundation, and others, all rights re= served. This is free software. It is licensed for use, modification and redistribution under the terms of the GNU General Public License, version 3 or later Please send bug reports to: --8<---------------cut here---------------end--------------->8--- msmtp uses a GnuTLS that is different from from both other GnuTLS. I think the bug has to do with the fact that GnuTLS has a replacement and at the same time needs to be grafted (the libidn and libgcrypt grafts apply to GnuTLS). In the meantime, I suggest that you apply the patch anyway. Ludo=E2=80=99.