Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Mark H Weaver]

Hi Ludovic,

ludo@gnu.org (Ludovic Courtès) writes:

> civodul pushed a commit to branch core-updates
> in repository guix.
>
> commit 503a4df904b8d4b82caebdb17db9c5f76a952418
> Author: Ludovic Courtès <ludo@gnu.org>
> Date:   Thu Jun 29 12:53:14 2017 +0200
>
>     gnu: glibc/linux: Add patches for CVE-2017-1000366.
>     
>     * gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch,
>     gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch,
>     gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files.
>     * gnu/local.mk (dist_patch_DATA): Add them.
>     * gnu/packages/base.scm (glibc/linux)[source](patches): Add them.
>     [replacement]: Remove.
>     (glibc-2.25-patched): Remove.
>     (glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)
>     (glibc-locales): Remove 'replacement' field.

Why did you remove the (replacement #f) fields from glibc-2.24,
glibc-2.23, glibc-2.22, and glibc-2.21?  Keeping the inherited
replacements will never do the right thing here, because the inherited
replacement will always be for a newer version of glibc.

It would be nice to have things arranged in such a way that we can
simply add a replacement for 'glibc/linux', when needed.  We did that
work for CVE-2017-1000366.  It would be good not to revert that work,
to facilitate future security updates.

More generally, I think we need to give more thought to how to handle
'replacement' fields when we inherit packages, in order to do the right
thing when the inherited package is grafted.  One way is to override
(replacement #f).  Another is to use the 'package/inherit' macro from
(guix packages), which applies the same overrides to the replacement.
I can't think of a case where it's proper to leave the 'replacement'
unchanged when inheriting a package.

What do you think?

      Mark

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Mark H Weaver]

Another problem with this commit is that it fails to add
"glibc-vectorized-strcspn-guards.patch", so it will fail to build on
i686, as described in <https://bugs.gnu.org/27489>.

Also, it leaves the 'patches' fields in glibc-2.24, glibc-2.23,
glibc-2.22, and glibc-2.21.  Those should be removed.

I'll fix it up.

    Mark

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Ludovic Courtès]

Mark H Weaver <mhw@netris.org> skribis:

> Another problem with this commit is that it fails to add
> "glibc-vectorized-strcspn-guards.patch", so it will fail to build on
> i686, as described in <https://bugs.gnu.org/27489>.

Oops, my bad.

> Also, it leaves the 'patches' fields in glibc-2.24, glibc-2.23,
> glibc-2.22, and glibc-2.21.  Those should be removed.
>
> I'll fix it up.

Thank you!

Ludo’.

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Ludovic Courtès]

Hi Mark,

Mark H Weaver <mhw@netris.org> skribis:

> ludo@gnu.org (Ludovic Courtès) writes:
>
>> civodul pushed a commit to branch core-updates
>> in repository guix.
>>
>> commit 503a4df904b8d4b82caebdb17db9c5f76a952418
>> Author: Ludovic Courtès <ludo@gnu.org>
>> Date:   Thu Jun 29 12:53:14 2017 +0200
>>
>>     gnu: glibc/linux: Add patches for CVE-2017-1000366.
>>     
>>     * gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch,
>>     gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch,
>>     gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files.
>>     * gnu/local.mk (dist_patch_DATA): Add them.
>>     * gnu/packages/base.scm (glibc/linux)[source](patches): Add them.
>>     [replacement]: Remove.
>>     (glibc-2.25-patched): Remove.
>>     (glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)
>>     (glibc-locales): Remove 'replacement' field.
>
> Why did you remove the (replacement #f) fields from glibc-2.24,
> glibc-2.23, glibc-2.22, and glibc-2.21?

Simply to remove redundant lines.

> Keeping the inherited replacements will never do the right thing here,
> because the inherited replacement will always be for a newer version
> of glibc.
>
> It would be nice to have things arranged in such a way that we can
> simply add a replacement for 'glibc/linux', when needed.  We did that
> work for CVE-2017-1000366.  It would be good not to revert that work,
> to facilitate future security updates.

OK, I agree.

> More generally, I think we need to give more thought to how to handle
> 'replacement' fields when we inherit packages, in order to do the right
> thing when the inherited package is grafted.  One way is to override
> (replacement #f).  Another is to use the 'package/inherit' macro from
> (guix packages), which applies the same overrides to the replacement.
> I can't think of a case where it's proper to leave the 'replacement'
> unchanged when inheriting a package.
>
> What do you think?

First, we could mark the ‘replacement’ field as “innate”, which means it
will never be inherited (like the ‘location’ field.)  Like you, I can’t
think of a situation where inheriting the replacement makes sense.

Then ‘package/inherit’ seems to be doing the rest of the job correctly.
The bad thing is that it’s easy to forget to use it.  If we’re
motivated, we could hack this feature (let’s call it “recursive
inheritance”) right into (guix records).

Thoughts?

Thanks,
Ludo’.

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Mark H Weaver]

ludo@gnu.org (Ludovic Courtès) writes:

> Mark H Weaver <mhw@netris.org> skribis:
>
>> More generally, I think we need to give more thought to how to handle
>> 'replacement' fields when we inherit packages, in order to do the right
>> thing when the inherited package is grafted.  One way is to override
>> (replacement #f).  Another is to use the 'package/inherit' macro from
>> (guix packages), which applies the same overrides to the replacement.
>> I can't think of a case where it's proper to leave the 'replacement'
>> unchanged when inheriting a package.
>>
>> What do you think?
>
> First, we could mark the ‘replacement’ field as “innate”, which means it
> will never be inherited (like the ‘location’ field.)  Like you, I can’t
> think of a situation where inheriting the replacement makes sense.
>
> Then ‘package/inherit’ seems to be doing the rest of the job correctly.
> The bad thing is that it’s easy to forget to use it.  If we’re
> motivated, we could hack this feature (let’s call it “recursive
> inheritance”) right into (guix records).
>
> Thoughts?

I've considered this, but I see a problem: when creating the replacement
package itself, e.g. 'glibc-2.25-patched' on the 'master' branch, we
need to inherit from the original package and *discard* the replacement.
If we used 'package/inherit' there, it would lead to an infinite series
of replacements.

It still might make sense to hack 'package/inherit' into (guix records)
as the default behavior, but then we would need a separate mechanism for
creating replacements.

What do you think?

      Mark

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Mark H Weaver]

ludo@gnu.org (Ludovic Courtès) writes:

> First, we could mark the ‘replacement’ field as “innate”, which means it
> will never be inherited (like the ‘location’ field.)  Like you, I can’t
> think of a situation where inheriting the replacement makes sense.

I think we should do this.  It's not a complete solution, but it would
be a step in the right direction.

      Mark

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Ludovic Courtès]

[-- Attachment #1: Type: text/plain, Size: 2656 bytes --]

Hi,

Mark H Weaver <mhw@netris.org> skribis:

> ludo@gnu.org (Ludovic Courtès) writes:
>
>> First, we could mark the ‘replacement’ field as “innate”, which means it
>> will never be inherited (like the ‘location’ field.)  Like you, I can’t
>> think of a situation where inheriting the replacement makes sense.
>
> I think we should do this.  It's not a complete solution, but it would
> be a step in the right direction.

I’ll push the attached patch if that’s fine with you.
It has the desired effect:

--8<---------------cut here---------------start------------->8---
scheme@(guile-user)> ,use(guix)
scheme@(guile-user)> ,use(gnu packages base)
scheme@(guile-user)> (package-replacement glibc)
$1 = #<package glibc@2.25 gnu/packages/base.scm:906 2f69780>
scheme@(guile-user)> (package-replacement glibc-locales)
$2 = #f
scheme@(guile-user)> (package-replacement glibc-2.24)
$3 = #f
scheme@(guile-user)> ,optimize (package (inherit glibc) (name "foo"))
$4 = (make-struct/no-tail
  (@@ (guix packages) <package>)
  "foo"
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    1)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    2)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    3)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    4)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    5)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    6)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    7)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    8)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    9)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    10)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    11)
  (lambda () #f)    ; <——— ‘replacement’ field
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    13)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    14)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    15)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    16)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    17)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    18)
  (struct-ref
    ((@@ (gnu packages base) glibc-for-target))
    19)
  ((@@ (guix packages) and=>)
   '((line . 5) (column . 10) (filename . #f))
   (@@ (guix packages) source-properties->location)))
--8<---------------cut here---------------end--------------->8---

Thanks,
Ludo’.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: the patch --]
[-- Type: text/x-patch, Size: 11291 bytes --]

From 59c12882e6954b17750c617abddf4997a9bcbfa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 3 Jul 2017 12:07:23 +0200
Subject: [PATCH] packages: Mark 'replacement' as an "innate" field.

Suggested by Mark H Weaver
at <https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00355.html>.

* guix/packages.scm (<package>)[replacement]: Mark as "innate".
* gnu/packages/base.scm (glibc-2.25-patched, glibc-2.24)
(glibc-2.23, glibc-2.22, glibc-2.21, glibc-locales): Remove
'replacement' field, which was set to #f.
* gnu/packages/commencement.scm (perl-boot0): Likewise.
* gnu/packages/fontutils.scm (graphite2/fixed): Likewise.
* gnu/packages/ghostscript.scm (ghostscript/fixed): Likewise.
* gnu/packages/gnupg.scm (libgcrypt-1.7.8): Likewise.
* gnu/packages/guile.scm (guile-2.0/fixed, guile-2.2): Likewise.
* gnu/packages/icu4c.scm (icu4c/fixed): Likewise.
* gnu/packages/image.scm (libpng-apng): Likewise.
* gnu/packages/make-bootstrap.scm (%guile-static): Likewise.
* gnu/packages/pcre.scm (pcre/fixed): Likewise.
* gnu/packages/perl.scm (perl/fixed): Likewise.
* gnu/packages/ruby.scm (ruby-2.3, ruby-2.2, ruby-2.1)
(ruby-1.8): Likewise.
* gnu/packages/tls.scm (gnutls-3.5.13, gnutls/guile-2.2): Likewise.
* gnu/packages/xml.scm (expat-2.2.1): Likewise.
---
 gnu/packages/base.scm           | 6 ------
 gnu/packages/commencement.scm   | 1 -
 gnu/packages/fontutils.scm      | 1 -
 gnu/packages/ghostscript.scm    | 1 -
 gnu/packages/gnupg.scm          | 2 --
 gnu/packages/guile.scm          | 4 +---
 gnu/packages/icu4c.scm          | 1 -
 gnu/packages/image.scm          | 1 -
 gnu/packages/make-bootstrap.scm | 1 -
 gnu/packages/pcre.scm           | 1 -
 gnu/packages/perl.scm           | 1 -
 gnu/packages/ruby.scm           | 4 ----
 gnu/packages/tls.scm            | 2 --
 gnu/packages/xml.scm            | 1 -
 guix/packages.scm               | 5 ++++-
 15 files changed, 5 insertions(+), 27 deletions(-)

diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 979d65795..81f8b3c8d 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -905,7 +905,6 @@ GLIBC/HURD for a Hurd host"
 (define glibc-2.25-patched
   (package
     (inherit glibc)
-    (replacement #f)
     (source (origin
               (inherit (package-source glibc))
               (patches (search-patches "glibc-ldd-x86_64.patch"
@@ -923,7 +922,6 @@ GLIBC/HURD for a Hurd host"
   (package
     (inherit glibc)
     (version "2.24")
-    (replacement #f)
     (source (origin
               (inherit (package-source glibc))
               (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -943,7 +941,6 @@ GLIBC/HURD for a Hurd host"
   (package
     (inherit glibc)
     (version "2.23")
-    (replacement #f)
     (source (origin
               (inherit (package-source glibc))
               (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -963,7 +960,6 @@ GLIBC/HURD for a Hurd host"
   (package
     (inherit glibc)
     (version "2.22")
-    (replacement #f)
     (source (origin
               (inherit (package-source glibc))
               (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -991,7 +987,6 @@ GLIBC/HURD for a Hurd host"
   (package
     (inherit glibc-2.22)
     (version "2.21")
-    (replacement #f)
     (source (origin
               (inherit (package-source glibc-2.22))
               (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -1004,7 +999,6 @@ GLIBC/HURD for a Hurd host"
   (package
     (inherit glibc)
     (name "glibc-locales")
-    (replacement #f)
     (source (origin (inherit (package-source glibc))
                     (patches (cons (search-patch "glibc-locales.patch")
                                    (origin-patches (package-source glibc))))))
diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 069ffba88..54cf89bf4 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -294,7 +294,6 @@
   (let ((perl (package
                 (inherit perl)
                 (name "perl-boot0")
-                (replacement #f)
                 (arguments
                  ;; At the very least, this must not depend on GCC & co.
                  (let ((args `(#:disallowed-references
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index efea81dc1..75736a73d 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -415,7 +415,6 @@ and returns a sequence of positioned glyphids from the font.")
   (package
     (inherit graphite2)
     (name "graphite2")
-    (replacement #f)
     (source
      (origin
        (method url-fetch)
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 1cb651c96..dc5dbcc85 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -219,7 +219,6 @@ output file formats and printers.")
 (define ghostscript/fixed
   (package
     (inherit ghostscript)
-    (replacement #f)
     (source
       (origin
         (inherit (package-source ghostscript))
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 4ddf13dcc..e71ec8dce 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -119,7 +119,6 @@ generation.")
 (define libgcrypt-1.7.8
   (package
     (inherit libgcrypt)
-    (replacement #f)
     (version "1.7.8")
     (source (origin
              (method url-fetch)
@@ -131,7 +130,6 @@ generation.")
 
 (define-public libgcrypt-1.5
   (package (inherit libgcrypt)
-    (replacement #f)
     (version "1.5.6")
     (source
      (origin
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index 6bff34342..d79094e1e 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -217,14 +217,12 @@ without requiring the source code to be rewritten.")
   ;; in the `base' module, and thus changing it entails a full rebuild.
   (package
     (inherit guile-2.0)
-    (properties '((hidden? . #t)))          ;people should install 'guile-2.0'
-    (replacement #f)))
+    (properties '((hidden? . #t)))))        ;people should install 'guile-2.0'
 
 (define-public guile-2.2
   (package (inherit guile-2.0)
     (name "guile")
     (version "2.2.2")
-    (replacement #f)
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/guile/guile-" version
diff --git a/gnu/packages/icu4c.scm b/gnu/packages/icu4c.scm
index 3e9652005..224319f84 100644
--- a/gnu/packages/icu4c.scm
+++ b/gnu/packages/icu4c.scm
@@ -71,7 +71,6 @@ C/C++ part.")
 (define icu4c/fixed
   (package
     (inherit icu4c)
-    (replacement #f)
     (source (origin
               (inherit (package-source icu4c))
               (patches
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 504df60fb..8a03cbc3c 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -94,7 +94,6 @@ library.  It supports almost all PNG features and is extensible.")
 (define-public libpng-apng
   (package
     (inherit libpng)
-    (replacement #f) ;libpng's replacement doesn't apply here
     (name "libpng-apng")
     (version (package-version libpng))
     (arguments
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index 9efe338a1..844b110eb 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -509,7 +509,6 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
                     (patches patches)))
          (guile (package (inherit guile-2.0)
                   (name (string-append (package-name guile-2.0) "-static"))
-                  (replacement #f)
                   (source source)
                   (synopsis "Statically-linked and relocatable Guile")
 
diff --git a/gnu/packages/pcre.scm b/gnu/packages/pcre.scm
index 58beab0a9..67a8db1c7 100644
--- a/gnu/packages/pcre.scm
+++ b/gnu/packages/pcre.scm
@@ -75,7 +75,6 @@ POSIX regular expression API.")
 (define pcre/fixed
   (package
     (inherit pcre)
-    (replacement #f)
     (source (origin
               (inherit (package-source pcre))
               (patches (search-patches "pcre-CVE-2017-7186.patch"))))))
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 6da4bb13f..6a59e6bf8 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -151,7 +151,6 @@
 (define perl/fixed
   (package
     (inherit perl)
-    (replacement #f)
     (source
       (origin
         (inherit (package-source perl))
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 7680f4eae..7eba68444 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -106,7 +106,6 @@ a focus on simplicity and productivity.")
   (package
     (inherit ruby)
     (version "2.3.4")
-    (replacement #f)
     (source
      (origin
        (method url-fetch)
@@ -124,7 +123,6 @@ a focus on simplicity and productivity.")
 
 (define-public ruby-2.2
   (package (inherit ruby)
-    (replacement #f)
     (version "2.2.7")
     (source
      (origin
@@ -138,7 +136,6 @@ a focus on simplicity and productivity.")
 
 (define-public ruby-2.1
   (package (inherit ruby)
-    (replacement #f)
     (version "2.1.10")
     (source
      (origin
@@ -172,7 +169,6 @@ a focus on simplicity and productivity.")
 
 (define-public ruby-1.8
   (package (inherit ruby)
-    (replacement #f)
     (version "1.8.7-p374")
     (source
      (origin
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 9198bae02..f80f7d3bc 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -222,7 +222,6 @@ required structures.")
     ;; We use 'D' instead of '13' here to keep the store file name at
     ;; the same length. See <https://bugs.gnu.org/27308>.
     (version "3.5.D")
-    (replacement #f)
     (source (origin
               (method url-fetch)
               (uri
@@ -240,7 +239,6 @@ required structures.")
   ;; GnuTLS for Guile 2.2.  This is supported by GnuTLS >= 3.5.5.
   (package
     (inherit gnutls)
-    (replacement #f)
     (source (package-source gnutls-3.5.13))
     (name "guile2.2-gnutls")
     (arguments
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index 2b471e80d..67d6c8e8d 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -79,7 +79,6 @@ things the parser might find in the XML document (like start tags).")
   (package
     (inherit expat)
     (version "2.2.1")
-    (replacement #f)
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://sourceforge/expat/expat/"
diff --git a/guix/packages.scm b/guix/packages.scm
index 464fc433b..f60303404 100644
--- a/guix/packages.scm
+++ b/guix/packages.scm
@@ -269,8 +269,11 @@ name of its URI."
                                                   ; inputs
   (native-search-paths package-native-search-paths (default '()))
   (search-paths package-search-paths (default '()))
+
+  ;; The 'replacement' field is marked as "innate" because it never makes
+  ;; sense to inherit a replacement as is.  See the 'package/inherit' macro.
   (replacement package-replacement                ; package | #f
-               (default #f) (thunked))
+               (default #f) (thunked) (innate))
 
   (synopsis package-synopsis)                    ; one-line description
   (description package-description)              ; one or two paragraphs
-- 
2.13.2

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Ludovic Courtès]

ludo@gnu.org (Ludovic Courtès) skribis:

> From 59c12882e6954b17750c617abddf4997a9bcbfa6 Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
> Date: Mon, 3 Jul 2017 12:07:23 +0200
> Subject: [PATCH] packages: Mark 'replacement' as an "innate" field.
>
> Suggested by Mark H Weaver
> at <https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00355.html>.
>
> * guix/packages.scm (<package>)[replacement]: Mark as "innate".
> * gnu/packages/base.scm (glibc-2.25-patched, glibc-2.24)
> (glibc-2.23, glibc-2.22, glibc-2.21, glibc-locales): Remove
> 'replacement' field, which was set to #f.
> * gnu/packages/commencement.scm (perl-boot0): Likewise.
> * gnu/packages/fontutils.scm (graphite2/fixed): Likewise.
> * gnu/packages/ghostscript.scm (ghostscript/fixed): Likewise.
> * gnu/packages/gnupg.scm (libgcrypt-1.7.8): Likewise.
> * gnu/packages/guile.scm (guile-2.0/fixed, guile-2.2): Likewise.
> * gnu/packages/icu4c.scm (icu4c/fixed): Likewise.
> * gnu/packages/image.scm (libpng-apng): Likewise.
> * gnu/packages/make-bootstrap.scm (%guile-static): Likewise.
> * gnu/packages/pcre.scm (pcre/fixed): Likewise.
> * gnu/packages/perl.scm (perl/fixed): Likewise.
> * gnu/packages/ruby.scm (ruby-2.3, ruby-2.2, ruby-2.1)
> (ruby-1.8): Likewise.
> * gnu/packages/tls.scm (gnutls-3.5.13, gnutls/guile-2.2): Likewise.
> * gnu/packages/xml.scm (expat-2.2.1): Likewise.

Pushed as d5ec5ed7197d121130af6953378bcfd8929a9754.

Ludo’.

Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.

[Mark H Weaver]

ludo@gnu.org (Ludovic Courtès) writes:

> ludo@gnu.org (Ludovic Courtès) skribis:
>
>> From 59c12882e6954b17750c617abddf4997a9bcbfa6 Mon Sep 17 00:00:00 2001
>> From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
>> Date: Mon, 3 Jul 2017 12:07:23 +0200
>> Subject: [PATCH] packages: Mark 'replacement' as an "innate" field.
[...]
>
> Pushed as d5ec5ed7197d121130af6953378bcfd8929a9754.

Looks good to me, thanks!

    Mark