From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8IqaEq+ZsGOSDQEAbAwnHQ (envelope-from ) for ; Sat, 31 Dec 2022 21:21:03 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id aHWqEa+ZsGM7bwEAG6o9tA (envelope-from ) for ; Sat, 31 Dec 2022 21:21:03 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1415E19E24 for ; Sat, 31 Dec 2022 21:21:03 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pBiLS-0002yw-EX; Sat, 31 Dec 2022 15:20:42 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pBiLQ-0002yj-FW for guix-devel@gnu.org; Sat, 31 Dec 2022 15:20:40 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pBiLQ-0003OX-79; Sat, 31 Dec 2022 15:20:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=dI3C87h231ZGpdbQy3gGrUag6N7kWP756Bu8y+CAjNQ=; b=WUIwygfaBqbOPKJQuZN2 /GGrWG/+xggXZUxnxF584qKl9xl3O8m+umpSyUXluN67rg/KQR/WiunYGt4rbrdpuLDmJHY165lb2 kV9Maetuk2Ayfz+4uuaBYTMDWNWqm9AMZMrbTcoLHX73jiEzEypYy1iae9HJhPMJBmy5S3INqmDYw 3mkOG+eKtS0Xi//3K/igJwQU38hDSXnzg6Xss8QYHMvBkn0nOqGMKVLUSeteymL+EolEBsfwHc8mE JJ/kRC7dFGgLuKEBfceP3kbBXevxHzaSXEKa+rVaQO6f/2TwWA/ZhLSgwvgR9AOHFT2FE//KoV9QQ sN5LyjT8jyxDtQ==; Received: from [188.113.115.135] (helo=localhost) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pBiLP-0001Vm-BI; Sat, 31 Dec 2022 15:20:39 -0500 From: Marius Bakke To: Liliana Marie Prikler , guix-devel@gnu.org Subject: Re: 06/06: gnu: samba/fixed: Update to 4.15.13. In-Reply-To: <20221231072546.625A9C00A7F@vcs2.savannah.gnu.org> References: <167247154530.11767.13745999012060035750@vcs2.savannah.gnu.org> <20221231072546.625A9C00A7F@vcs2.savannah.gnu.org> Date: Sat, 31 Dec 2022 21:20:37 +0100 Message-ID: <87358vs4tm.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1672518063; a=rsa-sha256; cv=none; b=NeypJoRG2lE3mk4nDmwtlbNzeaP20iQ2Wqc3C713zY5DEtNSHKhKKuw8W1S40puC2f5bs3 wd71hOceU5mNkhvujNvkWgxfr/CXXIYWKjRqVxfAcxnRLLY396jZrVura9wY5gO0dw2rSx 5low/V2+EZUILPwxV5j23pmwDeIzya5pGk08l3dDkQbrOOlwc++PgZ3nwO+G+w16Xw9tm9 6CAnsfV8AuldGk77ti4o4pW9osZO5fEyXU3K6lA87VfqC2KCWDacQuBOk3320r1AK5RT/W K9FZO+jYdLi9p02kg3A2L90CkdH9K0qNO36h40pRaHuL886n3rDkVz8tI/Fk1Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=WUIwygfa; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1672518063; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=dI3C87h231ZGpdbQy3gGrUag6N7kWP756Bu8y+CAjNQ=; b=SRmV0/DidYyyC1hUIEaXF8ACdEkw8pU480VkGr1NOKfl+nBFFoQSYlAnKec821laXLqBUl 5itkyrbiUmlLNwFmZdWCGrJ22z//jIgn1EEs7LY3xGhOe6qIxxZYLgswdoNETVjvxFTdah ZvnC/zZjciQhcqsbqWCCsmZiblZVD69GJQcJFK8cGdzwgGnY6/cIdq3HpSsoagt2MRM4NS adpkVR5Iq2/CR80eAWYPQCcWFfkrwZuxGMRD5vXZbUwSCPbo8NM24HuNs597p4ar9E98ak OCW1BLhTCFbpXZq7hF7E+5mjaNv8mKqtvqfl1JPEp3eBuC2+R9as4BJsn7pn3Q== X-Spam-Score: -10.88 X-Migadu-Queue-Id: 1415E19E24 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=WUIwygfa; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -10.88 X-TUID: KWsHfiyMuPHV --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Liliana, guix-commits@gnu.org skriver: > lilyp pushed a commit to branch master > in repository guix. > > commit c39db91e51e55e46f177378c7b5a797441dc7d1b > Author: Liliana Marie Prikler > AuthorDate: Sun Dec 18 08:29:07 2022 +0100 > > gnu: samba/fixed: Update to 4.15.13. >=20=20=20=20=20 > * gnu/packages/samba.scm (samba/fixed-patched): New variable. > (samba/fixed): Add replacement for samba/fixed-patched. [...] > (define-public samba/fixed > ;; Version that rarely changes, depended on by libsoup. > (hidden-package > - (package/inherit samba > + (package > + (inherit samba) > + (replacement samba/fixed-patched) > (version "4.15.3") [...] > +(define-public samba/fixed-patched > + (package > + (inherit samba/fixed) > + (version "4.15.13") This is dangerous: grafts must have exactly the same store name length since it patches binary files in-place. I'm surprised the grafting machinery does not bail out when they differ. I'm assuming this had security impliciations despite not being mentioned in the commit message or comment and fixed it with fb5514d3db19b5b405ea75cbe8fbf72d79baea1d instead of reverting. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIUEARYKAC0WIQRNTknu3zbaMQ2ddzTocYulkRQQdwUCY7CZlQ8cbWFyaXVzQGdu dS5vcmcACgkQ6HGLpZEUEHeQCgEA3RKSXqD6bXyqYyA0o2hAscFigxhj2QqBuOES E6mRun0BAIOARjvjiT2tp7k0FN9D719KbecQ1/DLJRcqTZ20uxwP =AEaB -----END PGP SIGNATURE----- --=-=-=--