From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id aAcGEkLUQWbiDQAAqHPOHw:P1 (envelope-from ) for ; Mon, 13 May 2024 10:50:10 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id aAcGEkLUQWbiDQAAqHPOHw (envelope-from ) for ; Mon, 13 May 2024 10:50:10 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=AdA5ow92; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1715590210; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=ZMICGLG9NsH5RQuH57IBKKb/KsoXjXw8Ju1twXcp5ao=; b=CxuGxOYM5WE4hC4vb8qDE5yH3Ndg4lPXt7nU7bOZHZDFyZBMzPjoV+0TxscfJ8pVZSfdt/ dwggeKO7tHq/ohD3J9c0qrRRgOmRydqe9qbCiUlnjm9XP0hmj1SZDOMtJ2DuRekkXSEETI PzhJ8/lg4re3GVxvdsLqvf17WLw1RK0s0G+ze8oQJd1KtTyJo4jm39MPhqinOis11B+kWp Grv83s1dpsQhQe8oHQgfe0NkUpTc/4ZQEm8N8RoL45zPDHCs41WTpeu8Z4MVQI50DNPG6F MiorY6Nyp8nwAlPu1767C3pfExaf0phHn6/A5eA0bfS7zxKj1XC5Z5QcC387/w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=AdA5ow92; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1715590210; a=rsa-sha256; cv=none; b=nWQ1paYQecvLduz9OsANdTlUQvyuLdNpXo2h0YbTXj73RewfDQx+RHeNV1E8vrmju0EYCl laV2eX2HuVPbNI2QiE59yFjItZlhidMGDyLUa4dBVuKtUfel9NgHme8q6k0KaqwhVLqSRs YOAk6QZKL0QKyDZJgSjwdI34Tsltap1u+tBMFsS26P1SUXklYooRaMVHjqy6eInsMsy4DL pQIxGcHb/9Tnbv5zYflQ6cOnU9VjgIpvgWU/CkMSh9WB/XInlgXANUz4Hpo/4bWs1nOAex mw0c7A9p+eSGihzDxaDJ5/CKxOxRHT0f0BGB7I2hpySRet2Z12/Fd43ClyekrA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1133A927C for ; Mon, 13 May 2024 10:50:10 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s6RNK-0003YJ-UN; Mon, 13 May 2024 04:49:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s6RNK-0003YB-0E for guix-devel@gnu.org; Mon, 13 May 2024 04:49:38 -0400 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s6RNF-0006Tj-29; Mon, 13 May 2024 04:49:37 -0400 Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-41ffad242c8so17457145e9.3; Mon, 13 May 2024 01:49:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715590171; x=1716194971; darn=gnu.org; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date:message-id:reply-to; bh=ZMICGLG9NsH5RQuH57IBKKb/KsoXjXw8Ju1twXcp5ao=; b=AdA5ow92VhK5jPIK2UJMobdssjlX/ssrYsTa2hFx+TFIz0/6E7LYl4YlQtC5ZtRUAy y5kggbMq7Aio9eBkcHT8Mja1fng0Prh640n0Zvji6x97635wbNTli7so5tYhAH8bZHTH nFGql0VEkhSXo1ZqbcQ7+gpqQ7X8nV35yRIy8ZkwHsrX6K3NCow16kqTvd4Zl4POpu79 1SaMVyXC9nJmsvgu3Tn6y1ZYLXMZsr+3migba3Ia2eLqZUyMTCuKCD0ljePXQrLdTeGS 2uFYE383OpHEGaxp9OdP+wkkR56iclbxtB7rbKI8gYEE7XrL713jfvi0FEsgcpKJnKVo cciA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715590171; x=1716194971; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZMICGLG9NsH5RQuH57IBKKb/KsoXjXw8Ju1twXcp5ao=; b=a5Fk0DHJVm2psOFasbqfLl7a3Bd1ZfF2xwAFbu/LMKNPiWJ/yc85UhoexG6vXhjYhZ gRpPUYTFLzhD8Twd1XxrkMqGKWgQ0ktiMpr4sFXhi1nEtf7t8Z1oiff7xEui55ZCi+bl ALAzAa5KdIqRdxYr+jGSz1h6QtM1kkw59GjUDCQSrmZdW1VPtWq0pDYvMiARvhhwFZU6 vCM2KEUop0AmXadubXJXcd2rQIPxGRelJjLNig4IdtkVugx59J2YKU0BfLxm6R51zEXr 4b9Sz7KjQpTAETQguJR6Sl5A+rEayrVKgQWzYOeTZu4T+QGN5hKgADqNQjUkZsreHB/9 bW3A== X-Forwarded-Encrypted: i=1; AJvYcCWseLAV7066sSOTeSZQsFaaNL2/fVvKIoplHY7W6kIHsyYTPPrTA5HW0Rspc4uSJRNXXtpROlKiC++TNfscE1ZOiRE= X-Gm-Message-State: AOJu0Yx9LZIKmc3MWUV0FZK/q/3dt8DMqVCbgUCc9n4f4JJLB5xuaN/y 1Kfxsm1ORUJgdPmpkuGcw4uwwHhwBhtlkfKCN8jvpxOt9Fo6ws+N X-Google-Smtp-Source: AGHT+IFWYae4Ajhmmvm1o9TcxwczoxP745SudP/LW5YNwpgTQoHPbbu/Nbw+89E4/Zi+VltW8DAVfA== X-Received: by 2002:a05:600c:474b:b0:41c:13f6:1eec with SMTP id 5b1f17b1804b1-41fea931ffemr89506115e9.3.1715590170340; Mon, 13 May 2024 01:49:30 -0700 (PDT) Received: from localhost ([37.46.46.122]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-41fccbe8fb5sm149572235e9.9.2024.05.13.01.49.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 01:49:29 -0700 (PDT) Date: Mon, 13 May 2024 11:49:28 +0300 From: Efraim Flashner To: Josselin Poiret Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , Maxim Cournoyer , Steve George , Kaelyn , guix-devel@gnu.org Subject: Re: Core updates status Message-ID: Mail-Followup-To: Josselin Poiret , Ludovic =?utf-8?Q?Court=C3=A8s?= , Maxim Cournoyer , Steve George , Kaelyn , guix-devel@gnu.org References: <4qoo3nfwivyjoqduswls7tptq5z2e2pz5xwogdvubxz7kmr4si@xaxu5sqskgl6> <87y18o3s4d.fsf@jpoiret.xyz> <87o79j7jgm.fsf@gmail.com> <87v83r499q.fsf@jpoiret.xyz> <87msp3jl5a.fsf@gnu.org> <87seys4qwp.fsf@jpoiret.xyz> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="irBIqGRxdZJXO5R4" Content-Disposition: inline In-Reply-To: <87seys4qwp.fsf@jpoiret.xyz> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=efraim.flashner@gmail.com; helo=mail-wm1-x32a.google.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -0.97 X-Migadu-Queue-Id: 1133A927C X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -0.97 X-TUID: KWxSfjPjek08 --irBIqGRxdZJXO5R4 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 08, 2024 at 11:03:02AM +0200, Josselin Poiret wrote: >=20 > The one thing that we need to do right now is update glibc 2.39 with all > the fixes from the upstream release/2.39/master branch. I don't think > we've done this before significantly, but since we have an occasion this > time we might as well. We can't really use git-fetch for glibc, so imo > the only feasible option is like what Debian does [1], which is keeping > a diff of the 2.39 tag and the release branch and applying it as a > patch. We'll then probably need to add autotools to glibc builds, but > this is doable even in commencement because we have them already > available at that point. >=20 > The own downside of this is that the patch name will not include the > fixed CVEs, so guix lint won't be aware that the CVEs have been patched. >=20 > [1] https://salsa.debian.org/glibc-team/glibc/-/blob/sid/debian/patches/g= it-updates.diff >=20 > WDYT? >=20 > Best, > --=20 > Josselin Poiret I think that's a good idea, and probably something we should do for the other copies of glibc we have. We can also use the package-property lint-hidden-cves to list the CVEs which are covered by the diff, and that'll hide the CVEs from 'guix lint'. --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --irBIqGRxdZJXO5R4 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmZB1BgACgkQQarn3Mo9 g1HXYRAAtuIxag5HJX5ElG5GWXr6meeCbWhaQpB5IGjYlucivMYMx52vXm0IV8c2 PQ9YsKfrEcMt2lHs9DIv1/TNPLe0QO/81i0p8dsKszsYDgscPyBXvwkEgAWbgUvA DBnoGh9mIOQSoCJZ+5bBQCSjRGlf9wNLuJ41dDC80flwf9heYsJWZdA3bDeWq+pi jPBuNPU7NYZ1nuerV2/pL6kQo6q8QcWL6ODYsRykK0Lk3BmHgU+wbJhGtctHA4++ rfpdjcszainrzFcjc1q6WYH/W3ZhBAeS3b11e05EJpzQmY8iK8P7KVoH91gaMH+U TOUxdlxKjgkrWfvf3mIFhXGhzbzMH96ziXLGA4VLrMAIiUfBJoiu0TZ2MgRjC9u4 u3k7Zf0TTX4iobI9MpyfN4vyrXcQNipJHR8wrN+3Qtyc8aE7S9XW+jz5A6i9YfzB A60ZkUE3TSSNG0KjlSTvClF7efwHC/KOfjJiqk+Cj/UC2iMqHB2cOgVSNesg+sDd TLEnbEtq2SjSnTj182D9RiHQLCIZtkojofNPUglsrFkjiK8RtdQbOVDZeYvMvPfo NQu2M49wLPkoFm01bd64BCgu0e1FZrIP5dw6kIJExqIEkOL8oF7SSXDvZKj1s1pJ wTRbZgwnlsspDSSEAfyjPaERFvWbM0NgeoPo4ppF61Bxvz5Adm4= =1K4E -----END PGP SIGNATURE----- --irBIqGRxdZJXO5R4--