From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0r.migadu.com with LMTPS id gOhZJLKn4mG+KgEALuJCtg (envelope-from ) for ; Sat, 15 Jan 2022 11:53:38 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id eOXGIbKn4mGTtQAAauVa8A (envelope-from ) for ; Sat, 15 Jan 2022 11:53:38 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 533002AC90 for ; Sat, 15 Jan 2022 11:53:33 +0100 (CET) Received: from localhost ([::1]:40258 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1n8gge-0003wk-HG for larch@yhetil.org; Sat, 15 Jan 2022 05:53:32 -0500 Received: from eggs.gnu.org ([209.51.188.92]:58690) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n8ggA-0003de-Kt for guix-patches@gnu.org; Sat, 15 Jan 2022 05:53:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:46286) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1n8ggA-0003yb-Ay for guix-patches@gnu.org; Sat, 15 Jan 2022 05:53:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1n8gg9-0002LF-SB for guix-patches@gnu.org; Sat, 15 Jan 2022 05:53:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#51747] [PATCH]: gnu: nix: Update to 2.4. Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 15 Jan 2022 10:53:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51747 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Zhu Zihao Cc: Oleg Pykhalov , 51747@debbugs.gnu.org Received: via spool by 51747-submit@debbugs.gnu.org id=B51747.16422439498956 (code B ref 51747); Sat, 15 Jan 2022 10:53:01 +0000 Received: (at 51747) by debbugs.gnu.org; 15 Jan 2022 10:52:29 +0000 Received: from localhost ([127.0.0.1]:39189 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n8gfc-0002KO-Ud for submit@debbugs.gnu.org; Sat, 15 Jan 2022 05:52:29 -0500 Received: from albert.telenet-ops.be ([195.130.137.90]:54522) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n8gfb-0002KF-7P for 51747@debbugs.gnu.org; Sat, 15 Jan 2022 05:52:28 -0500 Received: from [172.20.10.5] ([188.188.185.222]) by albert.telenet-ops.be with bizsmtp id iysQ2600j4oKcDo06ysQoX; Sat, 15 Jan 2022 11:52:25 +0100 Message-ID: <0cb528695857acda121e58dee76b1095634ea7bb.camel@telenet.be> From: Maxime Devos Date: Sat, 15 Jan 2022 11:52:19 +0100 In-Reply-To: <86bl0da6rn.fsf@163.com> References: <86sfw4chme.fsf@163.com> <864k8kcdzu.fsf@163.com> <861r3oau4u.fsf@163.com> <86lf1njad0.fsf@163.com> <86ilw4e6av.fsf@163.com> <87y23mheag.fsf_-_@gmail.com> <86pmoyrxyy.fsf@163.com> <190ec030edbca1c16fb030c51acd60ffc6bae269.camel@telenet.be> <86zgo0nsgf.fsf@163.com> <86pmoucl3g.fsf@163.com> <86bl0da6rn.fsf@163.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-nbRT66l/CPoap8F/sBmt" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1642243945; bh=IPBqd4xkguwEHdbIU5agBN4FTBzAm/DVhdhtJR2btRw=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=Y34J3We9r8+9WgfyOcvtYsFNwp4t3btYFj7gLUOx70fNwsLPZjTyjXV3e/WSwykbX NM4K12vTqqK3hIXExuS07NmRJk1Z/q2GtGLAWLxSjsLujjURkczkWiuwjw/pExrKV5 XWJEM3X+uzvXkmR6HSWSOwHpxPlmRerKpjd+iSbQzXlwHWPw8kZinEWeN4DZyuxSu9 Zn+E+aNj84zduxc2GeLC1RIOKVo/VmL40CupnqiPPvR7RnjJN+9lfxz9vcyfMmUiQa fVqhHbKQ28noilLSwpjqOemvA6p3qeQrt94PNCFE7FO84pS1KsKNlDmkW3grxpVd6i zbPI5paSv9OYg== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1642244013; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=IPBqd4xkguwEHdbIU5agBN4FTBzAm/DVhdhtJR2btRw=; b=FrRGZ7errYiz+ihvb8FVa+5eAo93GOk/Odcfs3Bst6qVcikfmy3J7njKQ7fGrfCpnGi6KF 3yTB3sGiGCUxTQmdvsSf3py5I3CW8oypcjjMS9VhrLnpEkOlFNFZ+0nd01gmPGBZ9et/z6 88cpPYmjvME1rkWHXIoWMHwAxHXtVN/iN202M3mvbkwf0YKMFxX2KNalUiiuTOvtDyj/zY Nkq5oSGgqawJgHKsWrkrkkQ/iL2ttVlpB2Ks0LndixVj0nw/qpePnuo8iJIDDSw85TE0rF cyfk5XVO+VXEo/RoaY3gkHgJWL0d8rAjY+bF56Z3+NIURTG/c0fquZ4qK48a/w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1642244013; a=rsa-sha256; cv=none; b=euT5y9Ww/qY9hHtOmEUE5eK83ijjb/bY3021K2swgOuJMbaouVnzDqkrczRDZKL3uBwIgb sau3WqLgrjZWJCnvv+X+lFn7I5xUnD/5MKnIgLWD1usdF5svr/t15+hDxkSvcBm/M+TVpf glzsz85bhFEU3SXX8dSAdhjNSyNAl4zkB+4LJBMN2088S7zz/if/XLhdCt+L4e19Nv7Xb1 WUOujeYC8lSmu6lbKiok64OmqNdPPCXbk7dbGRNkdDHf4uwunrKvjjiJWtjVMaFUqDOu/k l3ddc4Wl//ltb8Zxef13SAGttzfNb4xLuzQQgLUp0UuLH/jaQLBlNr6TvCy/Sg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=Y34J3We9; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.72 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=telenet.be header.s=r22 header.b=Y34J3We9; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 533002AC90 X-Spam-Score: -4.72 X-Migadu-Scanner: scn0.migadu.com X-TUID: c62AC5tXUx/p --=-nbRT66l/CPoap8F/sBmt Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, I looked a bit in the source code, and it seems to be missing some error checking. E.g., in libcpuid/cpuid_main.c:, it is not verified that 'malloc' succeeded. list->names =3D (char**) malloc(sizeof(char*) * n); [...] list->names[n] =3D (char*) malloc (i - last) [....] list->names[n][i - last - 1 =3D '\0'] It doesn't seem exploitable here, but I would recommend something like 'xmalloc' instead to avoid (anti-)learning by bad examples. Also, in the package definition, you are using cmake-build-system. This works, but the README doesn't mention CMake anywhere and instead mentions the autotools (autoconf etc.) and has configure.ac, so I would use gnu-build-system instead. Zhu Zihao schreef op za 15-01-2022 om 13:47 [+0800]: > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (arguments > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (list > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #:configure-flags #~(list "-D= LIBCPUID_TESTS=3DON") > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #:phases > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 #~(modify-phases %standard-ph= ases > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (add-= after 'unpack 'absolutize > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 (lambda* (#:key inputs #:allow-other-keys) > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 ;; Linux specific > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0 (when #$(target-linux?) > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (substitute* "libcpuid/rdmsr.c" > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 (("modprobe") (which "modprobe")= )))))))) This use of 'which' doesn't work when cross-compiling because it looks in $PATH (which contains (possibly implicit) native-inputs) and not 'inputs' -- 'inputs' and 'native-inputs' are merged together when compiling natively so this doesn't cause errors when compiling natively but it doesn't work when cross-compiling -- try "./pre-inst-env guix build libcpuid --target=3Daarch64-linux-gnu". I would use 'search-input-file' instead: ;; using (when #$(target-linux? ...) ...) instead ;; of 'guard' would also work #~(modify-phases %standard-phases (add-after 'unpack 'absolutize (lambda* (#:key inputs #:allow-other-keys) ;; modprobe doesn't exist on the Hurd=20 (guard (c ((search-error? c) (values))) (substitute* "libcpuid/rdmsr.c" (("modprobe") (search-input-file inputs "bin/modprobe"))))))))) > + confused with the @code{cpuid} command line utility from package > + @code{cpuid}.") A definite article is missing before 'package'. > + (native-inputs (list python-3)) ;required by tests I would keep the original comment ;; a python from the 3. series is required by tests here, because it is important that it comes from the 3. series -- the shebang uses "/usr/bin/env python3", not "python3". This comment would be helpful when updating python to the 4. series (these versions don't exist yet but presumably they eventually will), as it would make it clear that we cannot simply replace 'python-3' with 'python-4'. Greetings, Maxime. --=-nbRT66l/CPoap8F/sBmt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYeKnYxccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7jTiAP9tz223exwQ8XEuUlo9UxVOSQ3V jlenKR+InbQAFjTkLAD9HtBDDYber/Sn9+CdrRGY5SFZXKBOAI0cdoJqwgTysA8= =VW7/ -----END PGP SIGNATURE----- --=-nbRT66l/CPoap8F/sBmt--