From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55598)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dJpSJ-0001XI-3F
	for guix-patches@gnu.org; Sat, 10 Jun 2017 19:06:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dJpSF-0001Nt-V2
	for guix-patches@gnu.org; Sat, 10 Jun 2017 19:06:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:36794)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dJpSF-0001Nk-09
	for guix-patches@gnu.org; Sat, 10 Jun 2017 19:06:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dJpSE-0000s0-GR
	for guix-patches@gnu.org; Sat, 10 Jun 2017 19:06:02 -0400
Subject: bug#27308: [PATCH] gnu: gnutls: Replace with 3.5.13.
Resent-Message-ID: <handler.27308.B27308.14971359463322@debbugs.gnu.org>
Date: Sat, 10 Jun 2017 19:05:37 -0400
From: Leo Famulari <leo@famulari.name>
Message-ID: <20170610230537.GA14865@jasmine>
References: <20170610135851.6341-1-mbakke@fastmail.com>
	<87bmpvykyv.fsf@gnu.org> <87poeblsxk.fsf@fastmail.com>
	<87mv9flry8.fsf@fastmail.com> <87ink3lnr6.fsf@fastmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV"
Content-Disposition: inline
In-Reply-To: <87ink3lnr6.fsf@fastmail.com>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: 27308@debbugs.gnu.org


--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sat, Jun 10, 2017 at 08:07:57PM +0200, Marius Bakke wrote:
> Thinking further about this, replacing a string of a fixed length with
> that of another sounds highly unsafe. So I'm not sure what the best
> approach here is. Maybe some dummy version number like 3.5.a? Or simply
> keep 3.5.9?

We did something similar when grafting bash [0], changing 4.4.0 to
4.4.A. It's not great, but it worked.

[0] commit 50b8a527efe375ac5377670ff0f159fbbce45312 (gnu: bash: Add
graft for patch #7 [fixes CVE-2017-5932].).

https://git.savannah.gnu.org/cgit/guix.git/commit/?id=50b8a527efe375ac5377670ff0f159fbbce45312

--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlk8ez0ACgkQJkb6MLrK
fwgwCA/8DG6sbMD6vJl9bvGDNVE27EnMl5CspCWcr1MISuzqC15MjeoF0kMdD+Bu
1Z3Bm1tHebjE+glAz61JomK3lTCHR8UHDOLOxA1gDii4Q/Sxs65vp0E5lRASGC4A
Met83CR9NsFBqHbyumdtPGrJi13R4AlQzs08G2rJSKMVHQDemhjOLpY72z21eKlY
24dQEo2VEpfzV7OU8B/XBDI6GRB4Fm0LCEpupx9/YxF3YkcuFFkEbMnIfV7wmr9O
ZFTyhoR0xiPVlrHS2Oz1lD4xm3MGVTg9dJmwBwnEHwG1EJFZ+7m8jyDJERHAThoE
J9pDnHpwQSubAK+a4ahe2IKeLPWIQJQFWItKjhFsSxGKR3/7Bm+TyOXH+YxH+fQP
kyRCqTjIHOzJZG2eM4eLWMjhjs2CQ6r+2F4C8qpQfwwiDRmXEesU6kexCf3FcYFp
7WfirFvQDFtaiwek8ezAFVvDqgeql+7Gh2ZJ0pQ0QqE//kubR8ZZ76TwobCRXzSe
qOJYVtKqC/No0PHW011HVlK2dALfSB26DAZiys+vjKf0+x2UzqUAFc+mn9sSPVdS
EyVYgD7IMin+0H2vXYcGPh5Kwe358eXiPHZxdV4MpYgSjF8e5NEsjXq2P1aF7vci
OTDfdJlpa+mzISgQCcWS32imxfVOfKjGlT6HwuwfKunxsfn6m1M=
=3QBP
-----END PGP SIGNATURE-----

--HcAYCG3uE/tztfnV--