* [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
@ 2017-01-12 20:13 Marius Bakke
2017-01-12 20:53 ` John Darrington
2017-01-12 21:50 ` Leo Famulari
0 siblings, 2 replies; 11+ messages in thread
From: Marius Bakke @ 2017-01-12 20:13 UTC (permalink / raw)
To: guix-devel; +Cc: Marius Bakke
* gnu/packages/ed.scm (ed-1.14.1): New variable.
(ed)[replacement]: New field.
---
gnu/packages/ed.scm | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 3668aac19..c51a4b82f 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -28,6 +28,7 @@
(define-public ed
(package
(name "ed")
+ (replacement ed-1.14.1)
(version "1.13")
(source (origin
(method url-fetch)
@@ -55,3 +56,15 @@ interactively and via shell scripts. Its method of command input allows
complex tasks to be performed in an automated way. GNU ed offers several
extensions over the standard utility.")
(license gpl3+)))
+
+(define ed-1.14.1
+ (package (inherit ed)
+ (source
+ (let ((version "1.14.1"))
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/ed/ed-"
+ version ".tar.lz"))
+ (sha256
+ (base32
+ "0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz")))))))
--
2.11.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-12 20:13 [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues] Marius Bakke
@ 2017-01-12 20:53 ` John Darrington
2017-01-12 20:58 ` Marius Bakke
2017-01-12 21:50 ` Leo Famulari
1 sibling, 1 reply; 11+ messages in thread
From: John Darrington @ 2017-01-12 20:53 UTC (permalink / raw)
To: Marius Bakke; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1709 bytes --]
Why bother with the replacement? Why not just upgrade it?
J'
On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
* gnu/packages/ed.scm (ed-1.14.1): New variable.
(ed)[replacement]: New field.
---
gnu/packages/ed.scm | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
index 3668aac19..c51a4b82f 100644
--- a/gnu/packages/ed.scm
+++ b/gnu/packages/ed.scm
@@ -28,6 +28,7 @@
(define-public ed
(package
(name "ed")
+ (replacement ed-1.14.1)
(version "1.13")
(source (origin
(method url-fetch)
@@ -55,3 +56,15 @@ interactively and via shell scripts. Its method of command input allows
complex tasks to be performed in an automated way. GNU ed offers several
extensions over the standard utility.")
(license gpl3+)))
+
+(define ed-1.14.1
+ (package (inherit ed)
+ (source
+ (let ((version "1.14.1"))
+ (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnu/ed/ed-"
+ version ".tar.lz"))
+ (sha256
+ (base32
+ "0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz")))))))
--
2.11.0
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-12 20:53 ` John Darrington
@ 2017-01-12 20:58 ` Marius Bakke
0 siblings, 0 replies; 11+ messages in thread
From: Marius Bakke @ 2017-01-12 20:58 UTC (permalink / raw)
To: John Darrington; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 396 bytes --]
John Darrington <john@darrington.wattle.id.au> writes:
> Why bother with the replacement? Why not just upgrade it?
It's always a good sign when you update a package, and Guix goes along
and downloads the bootstrap binaries :-)
`guix refresh` seems to have some problems with packages used in early
bootstrap. 'ed' is a native-input for 'patch', which I think causes
"everything" to rebuild.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-12 20:13 [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues] Marius Bakke
2017-01-12 20:53 ` John Darrington
@ 2017-01-12 21:50 ` Leo Famulari
2017-01-12 21:56 ` Marius Bakke
1 sibling, 1 reply; 11+ messages in thread
From: Leo Famulari @ 2017-01-12 21:50 UTC (permalink / raw)
To: Marius Bakke; +Cc: guix-devel
On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
> * gnu/packages/ed.scm (ed-1.14.1): New variable.
> (ed)[replacement]: New field.
Can you add a comment with a link to the bug report?
https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
LGTM!
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-12 21:50 ` Leo Famulari
@ 2017-01-12 21:56 ` Marius Bakke
2017-01-12 22:17 ` Leo Famulari
0 siblings, 1 reply; 11+ messages in thread
From: Marius Bakke @ 2017-01-12 21:56 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 547 bytes --]
Leo Famulari <leo@famulari.name> writes:
> On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>> (ed)[replacement]: New field.
>
> Can you add a comment with a link to the bug report?
>
> https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
Good find. I wonder, was this issue only present in the unreleased
1.14.0? I can't reproduce it with the current Guix version.
I'll wait and see what the response on oss-sec is. Maybe we can just
push the update to core-updates.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-12 21:56 ` Marius Bakke
@ 2017-01-12 22:17 ` Leo Famulari
2017-01-12 22:30 ` Marius Bakke
2017-01-13 13:07 ` Ludovic Courtès
0 siblings, 2 replies; 11+ messages in thread
From: Leo Famulari @ 2017-01-12 22:17 UTC (permalink / raw)
To: Marius Bakke; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 808 bytes --]
On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
> Leo Famulari <leo@famulari.name> writes:
>
> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
> >> (ed)[replacement]: New field.
> >
> > Can you add a comment with a link to the bug report?
> >
> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
>
> Good find. I wonder, was this issue only present in the unreleased
> 1.14.0? I can't reproduce it with the current Guix version.
Good catch; I can only reproduce it with 1.14, and the ed maintainer
points out that it was introduced in 1.14.
> I'll wait and see what the response on oss-sec is. Maybe we can just
> push the update to core-updates.
I think it's fine for core-updates.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-12 22:17 ` Leo Famulari
@ 2017-01-12 22:30 ` Marius Bakke
2017-01-13 13:07 ` Ludovic Courtès
1 sibling, 0 replies; 11+ messages in thread
From: Marius Bakke @ 2017-01-12 22:30 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 917 bytes --]
Leo Famulari <leo@famulari.name> writes:
> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>> Leo Famulari <leo@famulari.name> writes:
>>
>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>> >> (ed)[replacement]: New field.
>> >
>> > Can you add a comment with a link to the bug report?
>> >
>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
>>
>> Good find. I wonder, was this issue only present in the unreleased
>> 1.14.0? I can't reproduce it with the current Guix version.
>
> Good catch; I can only reproduce it with 1.14, and the ed maintainer
> points out that it was introduced in 1.14.
>
>> I'll wait and see what the response on oss-sec is. Maybe we can just
>> push the update to core-updates.
>
> I think it's fine for core-updates.
Me too; pushed. Thanks for checking!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-12 22:17 ` Leo Famulari
2017-01-12 22:30 ` Marius Bakke
@ 2017-01-13 13:07 ` Ludovic Courtès
2017-01-13 13:20 ` Marius Bakke
2017-01-13 17:44 ` Mark H Weaver
1 sibling, 2 replies; 11+ messages in thread
From: Ludovic Courtès @ 2017-01-13 13:07 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> skribis:
> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>> Leo Famulari <leo@famulari.name> writes:
>>
>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>> >> (ed)[replacement]: New field.
>> >
>> > Can you add a comment with a link to the bug report?
>> >
>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
>>
>> Good find. I wonder, was this issue only present in the unreleased
>> 1.14.0? I can't reproduce it with the current Guix version.
>
> Good catch; I can only reproduce it with 1.14, and the ed maintainer
> points out that it was introduced in 1.14.
>
>> I'll wait and see what the response on oss-sec is. Maybe we can just
>> push the update to core-updates.
>
> I think it's fine for core-updates.
With 200 dependent packages, it could even go to ‘master’.
https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html
Ludo’.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-13 13:07 ` Ludovic Courtès
@ 2017-01-13 13:20 ` Marius Bakke
2017-01-13 17:44 ` Mark H Weaver
1 sibling, 0 replies; 11+ messages in thread
From: Marius Bakke @ 2017-01-13 13:20 UTC (permalink / raw)
To: Ludovic Courtès, Leo Famulari; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1333 bytes --]
Ludovic Courtès <ludo@gnu.org> writes:
> Leo Famulari <leo@famulari.name> skribis:
>
>> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>>> Leo Famulari <leo@famulari.name> writes:
>>>
>>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>>> >> (ed)[replacement]: New field.
>>> >
>>> > Can you add a comment with a link to the bug report?
>>> >
>>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
>>>
>>> Good find. I wonder, was this issue only present in the unreleased
>>> 1.14.0? I can't reproduce it with the current Guix version.
>>
>> Good catch; I can only reproduce it with 1.14, and the ed maintainer
>> points out that it was introduced in 1.14.
>>
>>> I'll wait and see what the response on oss-sec is. Maybe we can just
>>> push the update to core-updates.
>>
>> I think it's fine for core-updates.
>
> With 200 dependent packages, it could even go to ‘master’.
>
> https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html
When I first built it on 'master', Guix went ahead and downloaded the
bootstrap binaries, so I suspect `guix refresh` fails to recognize the
full scope of this update.
'ed' is used as a native-input for 'patch', could that be related?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-13 13:07 ` Ludovic Courtès
2017-01-13 13:20 ` Marius Bakke
@ 2017-01-13 17:44 ` Mark H Weaver
2017-01-14 17:50 ` Ludovic Courtès
1 sibling, 1 reply; 11+ messages in thread
From: Mark H Weaver @ 2017-01-13 17:44 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
ludo@gnu.org (Ludovic Courtès) writes:
> Leo Famulari <leo@famulari.name> skribis:
>
>> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>>> Leo Famulari <leo@famulari.name> writes:
>>>
>>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>>> >> (ed)[replacement]: New field.
>>> >
>>> > Can you add a comment with a link to the bug report?
>>> >
>>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
>>>
>>> Good find. I wonder, was this issue only present in the unreleased
>>> 1.14.0? I can't reproduce it with the current Guix version.
>>
>> Good catch; I can only reproduce it with 1.14, and the ed maintainer
>> points out that it was introduced in 1.14.
>>
>>> I'll wait and see what the response on oss-sec is. Maybe we can just
>>> push the update to core-updates.
>>
>> I think it's fine for core-updates.
>
> With 200 dependent packages, it could even go to ‘master’.
"guix refresh -l" is _way_ off in this case. 'ed' is a native-input for
'patch', which is of course entails a full rebuild.
Mark
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
2017-01-13 17:44 ` Mark H Weaver
@ 2017-01-14 17:50 ` Ludovic Courtès
0 siblings, 0 replies; 11+ messages in thread
From: Ludovic Courtès @ 2017-01-14 17:50 UTC (permalink / raw)
To: Mark H Weaver; +Cc: guix-devel
Mark H Weaver <mhw@netris.org> skribis:
> ludo@gnu.org (Ludovic Courtès) writes:
>
>> Leo Famulari <leo@famulari.name> skribis:
>>
>>> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>>>> Leo Famulari <leo@famulari.name> writes:
>>>>
>>>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>>>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>>>> >> (ed)[replacement]: New field.
>>>> >
>>>> > Can you add a comment with a link to the bug report?
>>>> >
>>>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html
>>>>
>>>> Good find. I wonder, was this issue only present in the unreleased
>>>> 1.14.0? I can't reproduce it with the current Guix version.
>>>
>>> Good catch; I can only reproduce it with 1.14, and the ed maintainer
>>> points out that it was introduced in 1.14.
>>>
>>>> I'll wait and see what the response on oss-sec is. Maybe we can just
>>>> push the update to core-updates.
>>>
>>> I think it's fine for core-updates.
>>
>> With 200 dependent packages, it could even go to ‘master’.
>
> "guix refresh -l" is _way_ off in this case. 'ed' is a native-input for
> 'patch', which is of course entails a full rebuild.
Oh indeed, sorry for the confusion!
From the viewpoint of ‘guix refresh -l’, (@ (gnu packages ed) ed) is not
the same package/derivation as the one that ‘patch’ in (@ (gnu packages
commencement) %final-inputs) refers to.
So ‘guix refresh -l’ is not “wrong”, but clearly it fails to capture
something important here.
Ludo’.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-01-14 17:50 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-12 20:13 [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues] Marius Bakke
2017-01-12 20:53 ` John Darrington
2017-01-12 20:58 ` Marius Bakke
2017-01-12 21:50 ` Leo Famulari
2017-01-12 21:56 ` Marius Bakke
2017-01-12 22:17 ` Leo Famulari
2017-01-12 22:30 ` Marius Bakke
2017-01-13 13:07 ` Ludovic Courtès
2017-01-13 13:20 ` Marius Bakke
2017-01-13 17:44 ` Mark H Weaver
2017-01-14 17:50 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).