* GnuTLS security advisories
@ 2017-01-10 18:18 Leo Famulari
2017-01-10 22:15 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}] Ludovic Courtès
0 siblings, 1 reply; 7+ messages in thread
From: Leo Famulari @ 2017-01-10 18:18 UTC (permalink / raw)
To: guix-devel
GNUTLS-SA-2017-1:
https://gnutls.org/security.html#GNUTLS-SA-2017-1
GNUTLS-SA-2017-2:
https://gnutls.org/security.html#GNUTLS-SA-2017-2
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}]. 2017-01-10 18:18 GnuTLS security advisories Leo Famulari @ 2017-01-10 22:15 ` Ludovic Courtès 2017-01-10 22:36 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}] Leo Famulari 0 siblings, 1 reply; 7+ messages in thread From: Ludovic Courtès @ 2017-01-10 22:15 UTC (permalink / raw) To: guix-devel * gnu/packages/tls.scm (gnutls-3.5.8): New variable. (gnutls)[replacement]: New field. --- gnu/packages/tls.scm | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index e577421fa..a2136e26a 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net> ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr> @@ -139,6 +139,7 @@ living in the same process.") (package (name "gnutls") (version "3.5.4") + (replacement gnutls-3.5.8) (source (origin (method url-fetch) (uri @@ -211,6 +212,20 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +(define-public gnutls-3.5.8 ;fixes GNUTLS-SA-2017-{1,2} + (package + (inherit gnutls) + (version "3.5.8") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (sha256 + (base32 + "1zyl2z63s68hx1dpxqx0lykmlf3rwrzlrf44sq3h7dvjmr1z55qf")))) + (replacement #f))) + (define-public openssl (package (name "openssl") -- 2.11.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}]. 2017-01-10 22:15 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}] Ludovic Courtès @ 2017-01-10 22:36 ` Leo Famulari 2017-01-10 22:41 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}] Ludovic Courtès 0 siblings, 1 reply; 7+ messages in thread From: Leo Famulari @ 2017-01-10 22:36 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 565 bytes --] On Tue, Jan 10, 2017 at 11:15:32PM +0100, Ludovic Courtès wrote: > * gnu/packages/tls.scm (gnutls-3.5.8): New variable. > (gnutls)[replacement]: New field. > +(define-public gnutls-3.5.8 ;fixes GNUTLS-SA-2017-{1,2} Typically these replacements are not exported. The last time I noticed an exported replacement, I found that it was resolved non-deterministically (using `guix build -S` in a loop), and we made the replacement private: http://git.savannah.gnu.org/cgit/guix.git/commit/?id=69aa6e0995b55a38d5ce174602a107645be726d5 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}]. 2017-01-10 22:36 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}] Leo Famulari @ 2017-01-10 22:41 ` Ludovic Courtès 2017-01-10 23:08 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}] Leo Famulari 0 siblings, 1 reply; 7+ messages in thread From: Ludovic Courtès @ 2017-01-10 22:41 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > On Tue, Jan 10, 2017 at 11:15:32PM +0100, Ludovic Courtès wrote: >> * gnu/packages/tls.scm (gnutls-3.5.8): New variable. >> (gnutls)[replacement]: New field. > >> +(define-public gnutls-3.5.8 ;fixes GNUTLS-SA-2017-{1,2} > > Typically these replacements are not exported. Good catch! I fixed that and pushed. > The last time I noticed an exported replacement, I found that it was > resolved non-deterministically (using `guix build -S` in a loop), and > we made the replacement private: > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=69aa6e0995b55a38d5ce174602a107645be726d5 I can’t seem to reproduce it here, but it sounds like an interesting bug. :-) Ludo’. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}]. 2017-01-10 22:41 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}] Ludovic Courtès @ 2017-01-10 23:08 ` Leo Famulari 2017-01-11 17:17 ` Leo Famulari 0 siblings, 1 reply; 7+ messages in thread From: Leo Famulari @ 2017-01-10 23:08 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel On Tue, Jan 10, 2017 at 11:41:40PM +0100, Ludovic Courtès wrote: > Leo Famulari <leo@famulari.name> skribis: > > The last time I noticed an exported replacement, I found that it was > > resolved non-deterministically (using `guix build -S` in a loop), and > > we made the replacement private: > > > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=69aa6e0995b55a38d5ce174602a107645be726d5 > > I can’t seem to reproduce it here, but it sounds like an interesting > bug. :-) Me neither. IIRC, it would manifest at least 1/10 iterations of the loop. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}]. 2017-01-10 23:08 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}] Leo Famulari @ 2017-01-11 17:17 ` Leo Famulari 2017-01-12 14:18 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}] Ludovic Courtès 0 siblings, 1 reply; 7+ messages in thread From: Leo Famulari @ 2017-01-11 17:17 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 2704 bytes --] On Tue, Jan 10, 2017 at 06:08:39PM -0500, Leo Famulari wrote: > On Tue, Jan 10, 2017 at 11:41:40PM +0100, Ludovic Courtès wrote: > > Leo Famulari <leo@famulari.name> skribis: > > > The last time I noticed an exported replacement, I found that it was > > > resolved non-deterministically (using `guix build -S` in a loop), and > > > we made the replacement private: > > > > > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=69aa6e0995b55a38d5ce174602a107645be726d5 > > > > I can’t seem to reproduce it here, but it sounds like an interesting > > bug. :-) > > Me neither. IIRC, it would manifest at least 1/10 iterations of the > loop. I can reproduce it by applying the diff below on 88f2dd1ddf8123f628ee0b64406b6fd2a6a9f076 and running: $ while true; do ./pre-inst-env guix build gnutls -S; done guix build: warning: ambiguous package specification `gnutls' guix build: warning: choosing gnutls-3.5.4 from gnu/packages/tls.scm:139:2 /gnu/store/kfjzkvlxjp98mcf356ay027vy5p5lsp3-gnutls-3.5.8.tar.xz guix build: warning: ambiguous package specification `gnutls' guix build: warning: choosing gnutls-3.5.4 from gnu/packages/tls.scm:216:2 /gnu/store/kfjzkvlxjp98mcf356ay027vy5p5lsp3-gnutls-3.5.8.tar.xz guix build: warning: ambiguous package specification `gnutls' guix build: warning: choosing gnutls-3.5.4 from gnu/packages/tls.scm:216:2 /gnu/store/kfjzkvlxjp98mcf356ay027vy5p5lsp3-gnutls-3.5.8.tar.xz guix build: warning: ambiguous package specification `gnutls' guix build: warning: choosing gnutls-3.5.4 from gnu/packages/tls.scm:139:2 /gnu/store/kfjzkvlxjp98mcf356ay027vy5p5lsp3-gnutls-3.5.8.tar.xz diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index e577421fa..19d5049c3 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -138,6 +138,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") + (replacement gnutls-3.5.8) (version "3.5.4") (source (origin (method url-fetch) @@ -211,6 +212,20 @@ required structures.") (properties '((ftp-server . "ftp.gnutls.org") (ftp-directory . "/gcrypt/gnutls"))))) +(define-public gnutls-3.5.8 + (package + (inherit gnutls) + (source + (let ((version "3.5.8")) + (origin + (method url-fetch) + (uri (string-append "mirror://gnupg/gnutls/v" + (version-major+minor version) + "/gnutls-" version ".tar.xz")) + (sha256 + (base32 + "1zyl2z63s68hx1dpxqx0lykmlf3rwrzlrf44sq3h7dvjmr1z55qf"))))))) + (define-public openssl (package (name "openssl") [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}]. 2017-01-11 17:17 ` Leo Famulari @ 2017-01-12 14:18 ` Ludovic Courtès 0 siblings, 0 replies; 7+ messages in thread From: Ludovic Courtès @ 2017-01-12 14:18 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > On Tue, Jan 10, 2017 at 06:08:39PM -0500, Leo Famulari wrote: >> On Tue, Jan 10, 2017 at 11:41:40PM +0100, Ludovic Courtès wrote: >> > Leo Famulari <leo@famulari.name> skribis: >> > > The last time I noticed an exported replacement, I found that it was >> > > resolved non-deterministically (using `guix build -S` in a loop), and >> > > we made the replacement private: >> > > >> > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=69aa6e0995b55a38d5ce174602a107645be726d5 >> > >> > I can’t seem to reproduce it here, but it sounds like an interesting >> > bug. :-) >> >> Me neither. IIRC, it would manifest at least 1/10 iterations of the >> loop. > > I can reproduce it by applying the diff below on > 88f2dd1ddf8123f628ee0b64406b6fd2a6a9f076 and running: > > $ while true; do ./pre-inst-env guix build gnutls -S; done > guix build: warning: ambiguous package specification `gnutls' > guix build: warning: choosing gnutls-3.5.4 from gnu/packages/tls.scm:139:2 > /gnu/store/kfjzkvlxjp98mcf356ay027vy5p5lsp3-gnutls-3.5.8.tar.xz > guix build: warning: ambiguous package specification `gnutls' > guix build: warning: choosing gnutls-3.5.4 from gnu/packages/tls.scm:216:2 > /gnu/store/kfjzkvlxjp98mcf356ay027vy5p5lsp3-gnutls-3.5.8.tar.xz > guix build: warning: ambiguous package specification `gnutls' > guix build: warning: choosing gnutls-3.5.4 from gnu/packages/tls.scm:216:2 > /gnu/store/kfjzkvlxjp98mcf356ay027vy5p5lsp3-gnutls-3.5.8.tar.xz > guix build: warning: ambiguous package specification `gnutls' > guix build: warning: choosing gnutls-3.5.4 from gnu/packages/tls.scm:139:2 > /gnu/store/kfjzkvlxjp98mcf356ay027vy5p5lsp3-gnutls-3.5.8.tar.xz Oh, I see. I can imagine that this has to do with the ordering of package objects and first-class variables in the various hash tables and vhashes involved. I’d say it doesn’t matter much because we shouldn’t be providing two packages with the exact same name and version in the first place (which is what this patch does). Ludo’. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-01-12 14:18 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-10 18:18 GnuTLS security advisories Leo Famulari
2017-01-10 22:15 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}] Ludovic Courtès
2017-01-10 22:36 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}] Leo Famulari
2017-01-10 22:41 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}] Ludovic Courtès
2017-01-10 23:08 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1,2}] Leo Famulari
2017-01-11 17:17 ` Leo Famulari
2017-01-12 14:18 ` [PATCH] gnu: gnutls: Replace with 3.5.8 [fixes GNUTLS-SA-2017-{1, 2}] Ludovic Courtès
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).