From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark H Weaver Subject: Re: IMPORTANT: glibc security update Date: Sun, 21 Feb 2016 18:14:45 -0500 Message-ID: <8737sl7j16.fsf@netris.org> References: <87povsn7u4.fsf@netris.org> <20160220052036.GA2887@jasmine> <87lh6esuvw.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46382) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aXdDY-00075F-Pq for guix-devel@gnu.org; Sun, 21 Feb 2016 18:15:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aXdDV-0005uK-Fw for guix-devel@gnu.org; Sun, 21 Feb 2016 18:15:08 -0500 Received: from world.peace.net ([50.252.239.5]:59558) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aXdDV-0005tI-C3 for guix-devel@gnu.org; Sun, 21 Feb 2016 18:15:05 -0500 In-Reply-To: <87lh6esuvw.fsf@netris.org> (Mark H. Weaver's message of "Sat, 20 Feb 2016 20:40:51 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Leo Famulari Cc: guix-devel@gnu.org Mark H Weaver writes: > Leo Famulari writes: > >> At least two users on #guix (including me) have found that `guix pull` >> is not fetching the latest snapshot. That is, the downloaded snapshot >> is of some commit before the CVE-2015-7547 patch was applied. >> >> Can you take a look? > > Indeed, you are right. The problem is that, by default, "guix pull" > downloads the latest source from: > > http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz > > and unfortunately, something is currently broken on Savannah, and that > snapshot is stuck on the commit before the glibc security update :-( It appears that this problem is now fixed, so the workaround should no longer be needed. Mark