From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:53999) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ey1mC-0001Co-LS for guix-patches@gnu.org; Mon, 19 Mar 2018 16:53:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ey1mA-0005sW-1Z for guix-patches@gnu.org; Mon, 19 Mar 2018 16:53:04 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:34349) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ey1m9-0005sK-TI for guix-patches@gnu.org; Mon, 19 Mar 2018 16:53:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ey1m9-0003FK-M7 for guix-patches@gnu.org; Mon, 19 Mar 2018 16:53:01 -0400 Subject: [bug#30827] [PATCH] gnu: util-linux: Fix CVE-2018-7738. Resent-Message-ID: Date: Mon, 19 Mar 2018 16:52:21 -0400 From: Leo Famulari Message-ID: <20180319205221.GA20036@jasmine.lan> References: <871sggv32t.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="IS0zKkzwUGydFO0o" Content-Disposition: inline In-Reply-To: <871sggv32t.fsf@gnu.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 30827@debbugs.gnu.org --IS0zKkzwUGydFO0o Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 19, 2018 at 10:15:22AM +0100, Ludovic Court=C3=A8s wrote: > Hello! >=20 > Leo Famulari skribis: >=20 > > * gnu/packages/patches/util-linux-CVE-2018-7738.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Add it. > > * gnu/packages/linux.scm (util-linux)[replacement]: New field. > > (util-linux/fixed): New variable. >=20 > [...] >=20 > > +https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-7738 > > + > > +Patch copied from upstream source repository: > > + > > +https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d= 75e756883d3acc55 >=20 > I=E2=80=99m late to the party, but I=E2=80=99m wondering in this case if,= instead of > grafting, we should simply add an util-linux@2.31a package, and make > sure GuixSD uses that one in %base-packages. >=20 > That way, both GuixSD and manually installed util-linux would get the > Bash completion fix. It=E2=80=99s probably OK that packages that depend = on > util-linux don=E2=80=99t get the fixed version because users don=E2=80=99= t get bash > completion from there. >=20 > WDYT? That's a good idea. I'll test and push today. --IS0zKkzwUGydFO0o Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlqwIwUACgkQJkb6MLrK fwi3pQ/+NifKSoZrgWF+MZfabLUcmG1DQWdRCd+qKRKuOTGwfyVLZmAQEe8oyc5s aK8ahIBRMZSqYZcEfQ3z5yGhsUJqozpbriNNjBU5y8KGGBQiuF0WR6oL3daLSX/8 H0dq6ELNix5wHDmV3pe4ie+6Nco1y9qtekGxtcMytpLCJwnMBXfGujfIoEhBgHKn I4IfRm3gsBEeDKaAQLGfadbSpCcobSz2CNXb+Cub9lYFKN0QTh0LpneqDA945LK7 EmPzdztFeN3JRIJTjhuhhbz9aWt+4VcxC+jPAgF8qckILD4xqy8z5i7Phbb4wvPQ 6Cx6aVY8u4S+2aOeeYCxYwy/FAf9XulIgOv89LYmvdEwzzM6tpGdQeMIQwCfabId c2dz63EoiGJwtsLReSehInIz/OHHw5+zFYS8RkbHK+2TPpECESi+CTymg8xUY1Ic zV+VEzP+vmpikybpX2u61PGOoNXaS8WSv4kBKGOsJseFdftgI6Y+Xp/VWxUXcD1c ELd1zULZhxg696jG68N19SjKLO5S/RKstJSLfmft17P3bjxsgrG+iLnch8mGvTvs mzzI6ZwQye7v2sP8za9ISoE3r6QpIG2VRrRaOWgdRpGwc29L+qbirI+vweG4lOkl ZRJH7xZi8XG/JE7yG8EKBsP4wDK8aH0mupnuLunsjXzfF4gPoTI= =hXmw -----END PGP SIGNATURE----- --IS0zKkzwUGydFO0o--