From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kei Kebreau <kei@openmailbox.org>
Subject: Re: [PATCH 1/1] gnu: cyrus-sasl: Fix CVE-2013-4122.
Date: Sat, 26 Nov 2016 15:34:23 -0500
Message-ID: <87wpfqdlps.fsf@openmailbox.org>
References: <a40b41357a4774fe78f88cfacf90f7c1142b6c05.1480190623.git.leo@famulari.name>
	<20161126200826.GA13521@jasmine>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55927)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kei@openmailbox.org>) id 1cAjgJ-0006Ue-GF
	for guix-devel@gnu.org; Sat, 26 Nov 2016 15:34:44 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kei@openmailbox.org>) id 1cAjgG-0002JG-9f
	for guix-devel@gnu.org; Sat, 26 Nov 2016 15:34:43 -0500
Received: from smtp14.openmailbox.org ([62.4.1.48]:36039)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <kei@openmailbox.org>) id 1cAjgF-0002Il-Vr
	for guix-devel@gnu.org; Sat, 26 Nov 2016 15:34:40 -0500
In-Reply-To: <20161126200826.GA13521@jasmine> (Leo Famulari's message of "Sat,
	26 Nov 2016 15:08:26 -0500")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain

Leo Famulari <leo@famulari.name> writes:

> On Sat, Nov 26, 2016 at 03:03:46PM -0500, Leo Famulari wrote:
>> * gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add it.
>> * gnu/packages/cyrus-sasl.scm (cyrus-sasl)[replacement]: New field.
>> (cyrus-sasl/fixed): New variable.
>> [source]: Use patch.
>
>> diff --git a/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
>> b/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
>> new file mode 100644
>> index 0000000..4e79947
>> --- /dev/null
>> +++ b/gnu/packages/patches/cyrus-sasl-CVE-2013-4122.patch
>> @@ -0,0 +1,130 @@
>> +Fix CVE-2013-4122.
>> +
>> +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4122
>> +
>> +Upstream patch:
>> +https://cgit.cyrus.foundation/cyrus-sasl/patch/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
>
> I forgot to update this URL to the new repo:
>
> https://github.com/cyrusimap/cyrus-sasl/commit/dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
>
> I can't reach the cyrus.foundation repo.

Neither can I. This patch looks good with the new repo!

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAlg58c8ACgkQ5qXuPBlG
eg0Rlw/9HFsEKrUjMcf9NWp7AescOMGW3e7EZg+XH5ZxutTojXcOI6R7x6fo5mSm
lPdUebCNp0cjRYleQMVcTrIvF8TAQP2gNAKYRJQMXiiC27qs/S9igpfCpp9+0krF
TpqV1+yYvJn/FwqRDEmry/74ZPi1NvGmQ6sgmd10rsl6DBcoxc2Sfbi01PQVKiZ/
RnTreZ0FPS/ZIc5RiQeojLhQTJd5EU2VIGfLwsCoz8xaNV11O6VBTY3REL3TELsN
6eMve8pre+y0Yxs9w1jnzTpW5Uvnh9WyJFJ4qZNE4T054b5jl26hoRojD464JAeL
31vPvmPPyOAqDOtE7DHwn4l4Gpr3V3jWqRAdTez2YCBndNQwIM+t8uDlXtc0Viih
0dagd2E5xJZf+o7j8YBM7VvibE4IBl/dvLci44gX9E8zJd4c/P5kxnPrqmF+RJ5m
MpBjA6j9keoaJeYd3UbmFuouhXe+Ns7eLtKnfdcp0leiWH59PfMdmu/5uDITHJPc
azxbNLHHzt8j/V5LLR4hDVbpv4Bx5bnLrxbzR6IskzhHq3iM2x8nORor1jPphTxi
EwWblyFRIDUvq/0oyGTE8yJOrvSvUny2F5COA3KuvkhqGHvTOenrD/quMpAANxaW
X1KUxTDA64OELUEIZO6v/PD4/yDwBNRAWOWMEBlJS+GaNbSvnYU=
=UECl
-----END PGP SIGNATURE-----
--=-=-=--