From: Nicolas Graves via Guix-patches via <guix-patches@gnu.org>
To: 74034@debbugs.gnu.org
Cc: Nicolas Graves <ngraves@ngraves.fr>
Subject: [bug#74034] [PATCH v5 01/16] cve: Add cpe-vendor and lint-hidden-cpe-vendors properties.
Date: Tue, 19 Nov 2024 08:45:49 +0100 [thread overview]
Message-ID: <20241119074612.19048-1-ngraves@ngraves.fr> (raw)
In-Reply-To: <20241026222934.25890-1-ngraves@ngraves.fr>
* guix/cve.scm: Exploit cpe vendors information.
(cpe->package-name): Rename to...
(cpe->package-identifier): Renamed from cpe->package-name. Use
cpe_vendor:cpe_name in place or cpe_name.
(vulnerabily-matches?): Add helper function.
(vulnerabilities->lookup-proc): Extract cpe_name for table
hashes. Add vendor and hidden-vendor arguments. Adapt condition to
pass vulnerabilities to result in the fold.
(write-cache): Update the format version.
* guix/lint.scm (package-vulnerabilities): Use additional arguments
from vulnerabilities->lookup-proc.
* tests/cve.scm (%expected-vulnerabilities): Adapt variable to changes
in guix/cve.scm.
---
guix/cve.scm | 147 +++++++++++++++++++++++++++++---------------------
guix/lint.scm | 10 +++-
tests/cve.scm | 14 ++---
3 files changed, 101 insertions(+), 70 deletions(-)
diff --git a/guix/cve.scm b/guix/cve.scm
index 9e1cf5b587..ed4665d727 100644
--- a/guix/cve.scm
+++ b/guix/cve.scm
@@ -25,11 +25,11 @@ (define-module (guix cve)
#:use-module (web uri)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
- #:use-module (srfi srfi-11)
#:use-module (srfi srfi-19)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
+ #:use-module (srfi srfi-71)
#:use-module (ice-9 match)
#:use-module (ice-9 regex)
#:use-module (ice-9 vlist)
@@ -108,15 +108,16 @@ (define %cpe-package-rx
;; "cpe:2.3:a:VENDOR:PACKAGE:VERSION:PATCH-LEVEL".
(make-regexp "^cpe:2\\.3:a:([^:]+):([^:]+):([^:]+):([^:]+):"))
-(define (cpe->package-name cpe)
+(define (cpe->package-identifier cpe)
"Converts the Common Platform Enumeration (CPE) string CPE to a package
-name, in a very naive way. Return two values: the package name, and its
-version string. Return #f and #f if CPE does not look like an application CPE
-string."
+identifier, in a very naive way. Return three values: the CPE vendor, the
+package name, and its version string.
+Return three #f values if CPE does not look like an application CPE string."
(cond ((regexp-exec %cpe-package-rx cpe)
=>
(lambda (matches)
- (values (match:substring matches 2)
+ (values (match:substring matches 1)
+ (match:substring matches 2)
(match (match:substring matches 3)
("*" '_)
(version
@@ -128,7 +129,7 @@ (define (cpe->package-name cpe)
;; "cpe:2.3:a:openbsd:openssh:6.8:p1".
(string-drop patch-level 1)))))))))
(else
- (values #f #f))))
+ (values #f #f #f))))
(define (cpe-match->cve-configuration alist)
"Convert ALIST, a \"cpe_match\" alist, into an sexp representing the package
@@ -142,17 +143,18 @@ (define (cpe-match->cve-configuration alist)
;; Normally "cpe23Uri" is here in each "cpe_match" item, but CVE-2020-0534
;; has a configuration that lacks it.
(and cpe
- (let-values (((package version) (cpe->package-name cpe)))
+ (let ((vendor package version (cpe->package-identifier cpe)))
(and package
- `(,package
- ,(cond ((and (or starti starte) (or endi ende))
- `(and ,(if starti `(>= ,starti) `(> ,starte))
- ,(if endi `(<= ,endi) `(< ,ende))))
- (starti `(>= ,starti))
- (starte `(> ,starte))
- (endi `(<= ,endi))
- (ende `(< ,ende))
- (else version))))))))
+ `(,vendor
+ ,package
+ ,(cond ((and (or starti starte) (or endi ende))
+ `(and ,(if starti `(>= ,starti) `(> ,starte))
+ ,(if endi `(<= ,endi) `(< ,ende))))
+ (starti `(>= ,starti))
+ (starte `(> ,starte))
+ (endi `(<= ,endi))
+ (ende `(< ,ende))
+ (else version))))))))
(define (configuration-data->cve-configurations alist)
"Given ALIST, a JSON dictionary for the baroque \"configurations\"
@@ -228,6 +230,23 @@ (define (version-matches? version sexp)
(('>= min)
(version>=? version min))))
+(define (vulnerability-matches? vuln vendor hidden-vendors)
+ "Checks if a VENDOR matches at least one of <vulnerability> VULN
+packages. When VENDOR is #f, ignore packages that have a vendor among
+HIDDEN-VENDORS."
+ (define hidden-vendor?
+ (if (list? hidden-vendors)
+ (cut member <> hidden-vendors)
+ (const #f)))
+
+ (match vuln
+ (($ <vulnerability> id packages)
+ (any (match-lambda
+ ((? (cut string=? <> vendor)) #t)
+ ((? hidden-vendor?) #f)
+ (otherwise (not vendor)))
+ (map car packages))))) ;candidate vendors
+
\f
;;;
;;; High-level interface.
@@ -259,7 +278,7 @@ (define-record-type <vulnerability>
(vulnerability id packages)
vulnerability?
(id vulnerability-id) ;string
- (packages vulnerability-packages)) ;((p1 sexp1) (p2 sexp2) ...)
+ (packages vulnerability-packages)) ;((v1 p1 sexp1) (v2 p2 sexp2) ...)
(define vulnerability->sexp
(match-lambda
@@ -272,39 +291,47 @@ (define sexp->vulnerability
(vulnerability id packages))))
(define (cve-configuration->package-list config)
- "Parse CONFIG, a config sexp, and return a list of the form (P SEXP)
-where P is a package name and SEXP expresses constraints on the matching
-versions."
+ "Parse CONFIG, a config sexp, and return a list of the form (V P SEXP)
+where V is a CPE vendor, P is a package name and SEXP expresses constraints on
+the matching versions."
(let loop ((config config)
- (packages '()))
+ (results '()))
(match config
(('or configs ...)
- (fold loop packages configs))
- (('and config _ ...) ;XXX
- (loop config packages))
- (((? string? package) '_) ;any version
- (cons `(,package _)
- (alist-delete package packages)))
- (((? string? package) sexp)
- (let ((previous (assoc-ref packages package)))
- (if previous
- (cons `(,package (or ,sexp ,@previous))
- (alist-delete package packages))
- (cons `(,package ,sexp) packages)))))))
+ (fold loop results configs))
+ (('and config _ ...) ;XXX
+ (loop config results))
+ (((? string? vendor) (? string? package) sexp)
+ (let ((pruned-results (remove (match-lambda
+ ((vendor package _) #t)
+ (otherwise #f))
+ results)))
+ (match sexp
+ ('_ ;any version
+ (cons `(,vendor ,package _) pruned-results))
+ (_
+ (match (assoc-ref (assoc-ref results vendor) package)
+ ((previous)
+ (cons `(,vendor ,package (or ,sexp ,previous)) pruned-results))
+ (_
+ (cons `(,vendor ,package ,sexp) results))))))))))
(define (merge-package-lists lst)
- "Merge the list in LST, each of which has the form (p sexp), where P
-is the name of a package and SEXP is an sexp that constrains matching
-versions."
+ "Merge the list in LST, each of which has the form (V P SEXP), where V is a
+CPE vendor, P is the name of a package and SEXP is an sexp that constrains
+matching versions."
(fold (lambda (plist result) ;XXX: quadratic
(fold (match-lambda*
- (((package version) result)
- (match (assoc-ref result package)
- (#f
- (cons `(,package ,version) result))
- ((previous)
- (cons `(,package (or ,version ,previous))
- (alist-delete package result))))))
+ (((vendor package version) result)
+ (match (assoc-ref result vendor)
+ (((? (cut string=? package <>)) previous)
+ (cons `(,vendor ,package (or ,version ,previous))
+ (remove (match-lambda
+ ((vendor package _) #t)
+ (otherwise #f))
+ result)))
+ (_
+ (cons `(,vendor ,package ,version) result)))))
result
plist))
'()
@@ -337,7 +364,7 @@ (define vulns
(json->vulnerabilities input))
(write `(vulnerabilities
- 1 ;format version
+ 2 ;format version
,(map vulnerability->sexp vulns))
cache))))
@@ -404,28 +431,26 @@ (define table
(($ <vulnerability> id packages)
(fold (lambda (package table)
(match package
- ((name . versions)
- (vhash-cons name (cons vuln versions)
+ ((vendor name versions)
+ (vhash-cons name (cons vuln `(,versions))
table))))
table
packages))))
vlist-null
vulnerabilities))
- (lambda* (package #:optional version)
- (vhash-fold* (if version
- (lambda (pair result)
- (match pair
- ((vuln sexp)
- (if (version-matches? version sexp)
- (cons vuln result)
- result))))
- (lambda (pair result)
- (match pair
- ((vuln . _)
- (cons vuln result)))))
- '()
- package table)))
+ (lambda* (package #:optional version #:key (vendor #f) (hidden-vendors '()))
+ (vhash-fold*
+ (lambda (pair result)
+ (match pair
+ ((vuln sexp)
+ (if (and (or (and (not vendor) (null? hidden-vendors))
+ (vulnerability-matches? vuln vendor hidden-vendors))
+ (or (not version) (version-matches? version sexp)))
+ (cons vuln result)
+ result))))
+ '()
+ package table)))
;;; cve.scm ends here
diff --git a/guix/lint.scm b/guix/lint.scm
index 8c6c20c723..bea6d0a194 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1551,8 +1551,14 @@ (define package-vulnerabilities
(package-name package)))
(version (or (assoc-ref (package-properties package)
'cpe-version)
- (package-version package))))
- ((force lookup) name version)))))
+ (package-version package)))
+ (vendor (assoc-ref (package-properties package)
+ 'cpe-vendor))
+ (hidden-vendors (assoc-ref (package-properties package)
+ 'lint-hidden-cpe-vendors)))
+ ((force lookup) name version
+ #:vendor vendor
+ #:hidden-vendors hidden-vendors)))))
;; Prevent Guile 3 from inlining this procedure so we can mock it in tests.
(set! package-vulnerabilities package-vulnerabilities)
diff --git a/tests/cve.scm b/tests/cve.scm
index b69da0e120..90ada2b647 100644
--- a/tests/cve.scm
+++ b/tests/cve.scm
@@ -34,19 +34,19 @@ (define %expected-vulnerabilities
(vulnerability "CVE-2019-0001"
;; Only the "a" CPE configurations are kept; the "o"
;; configurations are discarded.
- '(("junos" (or "18.21-s4" (or "18.21-s3" "18.2")))))
+ '(("juniper" "junos" (or "18.2" (or "18.21-s3" "18.21-s4")))))
(vulnerability "CVE-2019-0005"
- '(("junos" (or "18.11" "18.1"))))
+ '(("juniper" "junos" (or "18.1" "18.11"))))
;; CVE-2019-0005 has no "a" configurations.
(vulnerability "CVE-2019-14811"
- '(("ghostscript" (< "9.28"))))
+ '(("artifex" "ghostscript" (< "9.28"))))
(vulnerability "CVE-2019-17365"
- '(("nix" (<= "2.3"))))
+ '(("nixos" "nix" (<= "2.3"))))
(vulnerability "CVE-2019-1010180"
- '(("gdb" _))) ;any version
+ '(("gnu" "gdb" _))) ;any version
(vulnerability "CVE-2019-1010204"
- '(("binutils" (and (>= "2.21") (<= "2.31.1")))
- ("binutils_gold" (and (>= "1.11") (<= "1.16")))))
+ '(("gnu" "binutils" (and (>= "2.21") (<= "2.31.1")))
+ ("gnu" "binutils_gold" (and (>= "1.11") (<= "1.16")))))
;; CVE-2019-18192 has no associated configurations.
))
--
2.46.0
next prev parent reply other threads:[~2024-11-19 7:47 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-26 22:21 [bug#74034] [PATCH 00/21] Add lint-hidden-cve property for near-leaf packages Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 01/21] gnu: libgda: Rename patch for guix lint Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 02/21] gnu: upx: Update to 4.2.4 Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 03/21] gnu: halibut: Add lint-hidden-cve property Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 04/21] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 05/21] gnu: folders: Add lint-hidden-cve property Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 06/21] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 07/21] gnu: express: " Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 08/21] gnu: cli: " Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 09/21] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 10/21] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 11/21] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 12/21] gnu: sylpheed: Add release-monitoring-url property Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 13/21] gnu: openvswitch: Update to 3.4.0 Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 14/21] gnu: quagga: Fix build and hide CVE Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 15/21] gnu: bwm-ng: Add lint-hidden-cve property Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 16/21] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 17/21] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-15 12:58 ` [bug#74034] [PATCH v2] gnu: got: Update to 0.105 ashish.is--- via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 18/21] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 19/21] gnu: immer: Add lint-hidden-cve property Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 20/21] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 21/21] gnu: gerbv: " Nicolas Graves via Guix-patches via
2024-10-27 18:16 ` [bug#74034] [PATCH v2 00/16] Add cpe-vendor and lint-hidden-cpe-vendors properties Nicolas Graves via Guix-patches via
2024-10-27 18:16 ` [bug#74034] [PATCH v2 01/16] guix: cve: " Nicolas Graves via Guix-patches via
2024-10-27 18:16 ` [bug#74034] [PATCH v2 02/16] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 01/16] guix: cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 02/16] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 03/16] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 04/16] gnu: folders: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 05/16] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 06/16] gnu: express: " Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 07/16] gnu: cli: " Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 08/16] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 09/16] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 10/16] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 11/16] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 12/16] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 13/16] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 14/16] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 15/16] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 16/16] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-11-06 21:43 ` [bug#74034] [PATCH v2 01/16] guix: cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Ludovic Courtès
2024-11-07 8:45 ` Nicolas Graves via Guix-patches via
2024-11-07 20:07 ` Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 01/17] " Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 02/17] cve: Separate vendor and string Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 03/17] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 04/17] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 05/17] gnu: folders: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 06/17] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 07/17] gnu: express: " Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 08/17] gnu: cli: " Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 09/17] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 10/17] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 11/17] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 12/17] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 13/17] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 14/17] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 15/17] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 16/17] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 17/17] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-11-08 18:13 ` [bug#74034] [Nicolas Graves] [PATCH v3 02/17] cve: Separate vendor and string Nicolas Graves via Guix-patches via
2024-11-13 2:53 ` Maxim Cournoyer
2024-11-13 8:08 ` Nicolas Graves via Guix-patches via
2024-11-13 10:23 ` [bug#74034] [PATCH v4 01/16] cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Nicolas Graves via Guix-patches via
2024-11-13 10:23 ` [bug#74034] [PATCH v4 03/16] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-11-13 10:23 ` [bug#74034] [PATCH v4 05/16] gnu: spectra: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-13 10:23 ` [bug#74034] [PATCH v4 06/16] gnu: express: " Nicolas Graves via Guix-patches via
2024-11-13 10:23 ` [bug#74034] [PATCH v4 08/16] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-11-13 10:24 ` [bug#74034] [PATCH v4 10/16] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-11-13 10:24 ` [bug#74034] [PATCH v4 11/16] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-13 10:24 ` [bug#74034] [PATCH v4 12/16] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-11-13 10:24 ` [bug#74034] [PATCH v4 13/16] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-13 10:24 ` [bug#74034] [PATCH v4 14/16] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-11-13 10:24 ` [bug#74034] [PATCH v4 15/16] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-13 10:24 ` [bug#74034] [PATCH v4 16/16] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-11-17 17:19 ` [bug#74034] [PATCH v4 01/16] cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Ludovic Courtès
2024-11-17 17:20 ` Ludovic Courtès
2024-11-19 7:45 ` Nicolas Graves via Guix-patches via [this message]
2024-11-19 7:45 ` [bug#74034] [PATCH v5 02/16] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 03/16] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 04/16] gnu: folders: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 05/16] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 06/16] gnu: express: " Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 07/16] gnu: cli: " Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 08/16] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 09/16] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 10/16] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-11-19 7:45 ` [bug#74034] [PATCH v5 11/16] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-19 7:46 ` [bug#74034] [PATCH v5 12/16] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-11-19 7:46 ` [bug#74034] [PATCH v5 13/16] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-19 7:46 ` [bug#74034] [PATCH v5 14/16] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-11-19 7:46 ` [bug#74034] [PATCH v5 15/16] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-19 7:46 ` [bug#74034] [PATCH v5 16/16] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-11-20 22:10 ` [bug#74034] [PATCH v5 01/16] cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241119074612.19048-1-ngraves@ngraves.fr \
--to=guix-patches@gnu.org \
--cc=74034@debbugs.gnu.org \
--cc=ngraves@ngraves.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).