unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
From: Nicolas Graves via Guix-patches via <guix-patches@gnu.org>
To: 74034@debbugs.gnu.org
Cc: ludo@gnu.org, Nicolas Graves <ngraves@ngraves.fr>
Subject: [bug#74034] [PATCH v6 01/16] cve: Add cpe-vendor and lint-hidden-cpe-vendors properties.
Date: Sun, 24 Nov 2024 21:16:19 +0100	[thread overview]
Message-ID: <20241124201638.10098-1-ngraves@ngraves.fr> (raw)
In-Reply-To: <20241026222934.25890-1-ngraves@ngraves.fr>

* guix/cve.scm: Exploit cpe vendors information.
(cpe->package-name): Rename to...
(cpe->package-identifier): Renamed from cpe->package-name. Use
cpe_vendor:cpe_name in place or cpe_name.
(vulnerabily-matches?): Add helper function.
(vulnerabilities->lookup-proc): Extract cpe_name for table
hashes. Add vendor and hidden-vendor arguments. Adapt condition to
pass vulnerabilities to result in the fold.
(write-cache, fetch-vulnerabilities): Update the format version.

* guix/lint.scm (package-vulnerabilities): Use additional arguments
from vulnerabilities->lookup-proc.

* tests/cve.scm (%expected-vulnerabilities): Adapt variable to changes
in guix/cve.scm.
---
 guix/cve.scm  | 153 +++++++++++++++++++++++++++++---------------------
 guix/lint.scm |  10 +++-
 tests/cve.scm |  14 ++---
 3 files changed, 105 insertions(+), 72 deletions(-)

diff --git a/guix/cve.scm b/guix/cve.scm
index 9e1cf5b587..098fdf0a05 100644
--- a/guix/cve.scm
+++ b/guix/cve.scm
@@ -25,11 +25,11 @@ (define-module (guix cve)
   #:use-module (web uri)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-9)
-  #:use-module (srfi srfi-11)
   #:use-module (srfi srfi-19)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
+  #:use-module (srfi srfi-71)
   #:use-module (ice-9 match)
   #:use-module (ice-9 regex)
   #:use-module (ice-9 vlist)
@@ -108,15 +108,16 @@ (define %cpe-package-rx
   ;; "cpe:2.3:a:VENDOR:PACKAGE:VERSION:PATCH-LEVEL".
   (make-regexp "^cpe:2\\.3:a:([^:]+):([^:]+):([^:]+):([^:]+):"))
 
-(define (cpe->package-name cpe)
+(define (cpe->package-identifier cpe)
   "Converts the Common Platform Enumeration (CPE) string CPE to a package
-name, in a very naive way.  Return two values: the package name, and its
-version string.  Return #f and #f if CPE does not look like an application CPE
-string."
+identifier, in a very naive way.  Return three values: the CPE vendor, the
+package name, and its version string.
+Return three #f values if CPE does not look like an application CPE string."
   (cond ((regexp-exec %cpe-package-rx cpe)
          =>
          (lambda (matches)
-           (values (match:substring matches 2)
+           (values (match:substring matches 1)
+                   (match:substring matches 2)
                    (match (match:substring matches 3)
                      ("*" '_)
                      (version
@@ -128,7 +129,7 @@ (define (cpe->package-name cpe)
                                         ;; "cpe:2.3:a:openbsd:openssh:6.8:p1".
                                         (string-drop patch-level 1)))))))))
         (else
-         (values #f #f))))
+         (values #f #f #f))))
 
 (define (cpe-match->cve-configuration alist)
   "Convert ALIST, a \"cpe_match\" alist, into an sexp representing the package
@@ -142,17 +143,18 @@ (define (cpe-match->cve-configuration alist)
     ;; Normally "cpe23Uri" is here in each "cpe_match" item, but CVE-2020-0534
     ;; has a configuration that lacks it.
     (and cpe
-         (let-values (((package version) (cpe->package-name cpe)))
+         (let ((vendor package version (cpe->package-identifier cpe)))
            (and package
-                `(,package
-                   ,(cond ((and (or starti starte) (or endi ende))
-                           `(and ,(if starti `(>= ,starti) `(> ,starte))
-                                 ,(if endi `(<= ,endi) `(< ,ende))))
-                          (starti `(>= ,starti))
-                          (starte `(> ,starte))
-                          (endi   `(<= ,endi))
-                          (ende   `(< ,ende))
-                          (else   version))))))))
+                `(,vendor
+                  ,package
+                  ,(cond ((and (or starti starte) (or endi ende))
+                          `(and ,(if starti `(>= ,starti) `(> ,starte))
+                                ,(if endi `(<= ,endi) `(< ,ende))))
+                         (starti `(>= ,starti))
+                         (starte `(> ,starte))
+                         (endi   `(<= ,endi))
+                         (ende   `(< ,ende))
+                         (else   version))))))))
 
 (define (configuration-data->cve-configurations alist)
   "Given ALIST, a JSON dictionary for the baroque \"configurations\"
@@ -228,6 +230,23 @@ (define (version-matches? version sexp)
     (('>= min)
      (version>=? version min))))
 
+(define (vulnerability-matches? vuln vendor hidden-vendors)
+  "Checks if a VENDOR matches at least one of <vulnerability> VULN
+packages.  When VENDOR is #f, ignore packages that have a vendor among
+HIDDEN-VENDORS."
+  (define hidden-vendor?
+    (if (list? hidden-vendors)
+        (cut member <> hidden-vendors)
+        (const #f)))
+
+  (match vuln
+    (($ <vulnerability> id packages)
+     (any (match-lambda
+            ((? (cut string=? <> vendor))   #t)
+            ((? hidden-vendor?)             #f)
+            (otherwise                      (not vendor)))
+          (map car packages)))))  ;candidate vendors
+
 \f
 ;;;
 ;;; High-level interface.
@@ -259,7 +278,7 @@ (define-record-type <vulnerability>
   (vulnerability id packages)
   vulnerability?
   (id         vulnerability-id)             ;string
-  (packages   vulnerability-packages))      ;((p1 sexp1) (p2 sexp2) ...)
+  (packages   vulnerability-packages))      ;((v1 p1 sexp1) (v2 p2 sexp2) ...)
 
 (define vulnerability->sexp
   (match-lambda
@@ -272,39 +291,47 @@ (define sexp->vulnerability
      (vulnerability id packages))))
 
 (define (cve-configuration->package-list config)
-  "Parse CONFIG, a config sexp, and return a list of the form (P SEXP)
-where P is a package name and SEXP expresses constraints on the matching
-versions."
+  "Parse CONFIG, a config sexp, and return a list of the form (V P SEXP)
+where V is a CPE vendor, P is a package name and SEXP expresses constraints on
+the matching versions."
   (let loop ((config config)
-             (packages '()))
+             (results '()))
     (match config
       (('or configs ...)
-       (fold loop packages configs))
-      (('and config _ ...)                        ;XXX
-       (loop config packages))
-      (((? string? package) '_)                   ;any version
-       (cons `(,package _)
-             (alist-delete package packages)))
-      (((? string? package) sexp)
-       (let ((previous (assoc-ref packages package)))
-         (if previous
-             (cons `(,package (or ,sexp ,@previous))
-                   (alist-delete package packages))
-             (cons `(,package ,sexp) packages)))))))
+       (fold loop results configs))
+      (('and config _ ...)                            ;XXX
+       (loop config results))
+      (((? string? vendor) (? string? package) sexp)
+       (let ((pruned-results (remove (match-lambda
+                                       ((vendor package _)  #t)
+                                       (otherwise           #f))
+                                     results)))
+         (match sexp
+           ('_  ;any version
+            (cons `(,vendor ,package _) pruned-results))
+           (_
+            (match (assoc-ref (assoc-ref results vendor) package)
+              ((previous)
+               (cons `(,vendor ,package (or ,sexp ,previous)) pruned-results))
+              (_
+               (cons `(,vendor ,package ,sexp) results))))))))))
 
 (define (merge-package-lists lst)
-  "Merge the list in LST, each of which has the form (p sexp), where P
-is the name of a package and SEXP is an sexp that constrains matching
-versions."
+  "Merge the list in LST, each of which has the form (V P SEXP), where V is a
+CPE vendor, P is the name of a package and SEXP is an sexp that constrains
+matching versions."
   (fold (lambda (plist result)                    ;XXX: quadratic
           (fold (match-lambda*
-                  (((package version) result)
-                   (match (assoc-ref result package)
-                     (#f
-                      (cons `(,package ,version) result))
-                     ((previous)
-                      (cons `(,package (or ,version ,previous))
-                            (alist-delete package result))))))
+                  (((vendor package version) result)
+                   (match (assoc-ref result vendor)
+                     (((? (cut string=? package <>)) previous)
+                      (cons `(,vendor ,package (or ,version ,previous))
+                            (remove (match-lambda
+                                      ((vendor package _)  #t)
+                                      (otherwise           #f))
+                                    result)))
+                     (_
+                      (cons `(,vendor ,package ,version) result)))))
                 result
                 plist))
         '()
@@ -337,7 +364,7 @@ (define vulns
         (json->vulnerabilities input))
 
       (write `(vulnerabilities
-               1                                  ;format version
+               2                                  ;format version
                ,(map vulnerability->sexp vulns))
              cache))))
 
@@ -371,8 +398,10 @@ (define (read* port)
          (sexp (read* port)))
     (close-port port)
     (match sexp
-      (('vulnerabilities 1 vulns)
-       (map sexp->vulnerability vulns)))))
+      (('vulnerabilities 2 vulns)
+       (map sexp->vulnerability vulns))
+      (('vulnerabilities 1 vulns)  ;old format, lacks vendor info
+       (map sexp-v1->vulnerability vulns)))))
 
 (define* (current-vulnerabilities #:key (timeout 10))
   "Return the current list of Common Vulnerabilities and Exposures (CVE) as
@@ -404,28 +433,26 @@ (define table
               (($ <vulnerability> id packages)
                (fold (lambda (package table)
                        (match package
-                         ((name . versions)
-                          (vhash-cons name (cons vuln versions)
+                         ((vendor name versions)
+                          (vhash-cons name (cons vuln `(,versions))
                                       table))))
                      table
                      packages))))
           vlist-null
           vulnerabilities))
 
-  (lambda* (package #:optional version)
-    (vhash-fold* (if version
-                     (lambda (pair result)
-                       (match pair
-                         ((vuln sexp)
-                          (if (version-matches? version sexp)
-                              (cons vuln result)
-                              result))))
-                     (lambda (pair result)
-                       (match pair
-                         ((vuln . _)
-                          (cons vuln result)))))
-                 '()
-                 package table)))
+  (lambda* (package #:optional version #:key (vendor #f) (hidden-vendors '()))
+    (vhash-fold*
+     (lambda (pair result)
+       (match pair
+         ((vuln sexp)
+          (if (and (or (and (not vendor) (null? hidden-vendors))
+                       (vulnerability-matches? vuln vendor hidden-vendors))
+                   (or (not version) (version-matches? version sexp)))
+              (cons vuln result)
+              result))))
+     '()
+     package table)))
 
 
 ;;; cve.scm ends here
diff --git a/guix/lint.scm b/guix/lint.scm
index 8c6c20c723..bea6d0a194 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1551,8 +1551,14 @@ (define package-vulnerabilities
                          (package-name package)))
             (version (or (assoc-ref (package-properties package)
                                     'cpe-version)
-                         (package-version package))))
-        ((force lookup) name version)))))
+                         (package-version package)))
+            (vendor (assoc-ref (package-properties package)
+                               'cpe-vendor))
+            (hidden-vendors (assoc-ref (package-properties package)
+                                       'lint-hidden-cpe-vendors)))
+        ((force lookup) name version
+         #:vendor vendor
+         #:hidden-vendors hidden-vendors)))))
 
 ;; Prevent Guile 3 from inlining this procedure so we can mock it in tests.
 (set! package-vulnerabilities package-vulnerabilities)
diff --git a/tests/cve.scm b/tests/cve.scm
index b69da0e120..90ada2b647 100644
--- a/tests/cve.scm
+++ b/tests/cve.scm
@@ -34,19 +34,19 @@ (define %expected-vulnerabilities
    (vulnerability "CVE-2019-0001"
                   ;; Only the "a" CPE configurations are kept; the "o"
                   ;; configurations are discarded.
-                  '(("junos" (or "18.21-s4" (or "18.21-s3" "18.2")))))
+                  '(("juniper" "junos" (or "18.2" (or "18.21-s3" "18.21-s4")))))
    (vulnerability "CVE-2019-0005"
-                  '(("junos" (or "18.11" "18.1"))))
+                  '(("juniper" "junos" (or "18.1" "18.11"))))
    ;; CVE-2019-0005 has no "a" configurations.
    (vulnerability "CVE-2019-14811"
-                  '(("ghostscript" (< "9.28"))))
+                  '(("artifex" "ghostscript" (< "9.28"))))
    (vulnerability "CVE-2019-17365"
-                  '(("nix" (<= "2.3"))))
+                  '(("nixos" "nix" (<= "2.3"))))
    (vulnerability "CVE-2019-1010180"
-                  '(("gdb" _)))                   ;any version
+                  '(("gnu" "gdb" _)))                   ;any version
    (vulnerability "CVE-2019-1010204"
-                  '(("binutils" (and (>= "2.21") (<= "2.31.1")))
-                    ("binutils_gold" (and (>= "1.11") (<= "1.16")))))
+                  '(("gnu" "binutils" (and (>= "2.21") (<= "2.31.1")))
+                    ("gnu" "binutils_gold" (and (>= "1.11") (<= "1.16")))))
    ;; CVE-2019-18192 has no associated configurations.
    ))
 
-- 
2.46.0





  parent reply	other threads:[~2024-11-24 20:17 UTC|newest]

Thread overview: 112+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-26 22:21 [bug#74034] [PATCH 00/21] Add lint-hidden-cve property for near-leaf packages Nicolas Graves via Guix-patches via
2024-10-26 22:41 ` [bug#74034] [PATCH 01/21] gnu: libgda: Rename patch for guix lint Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 02/21] gnu: upx: Update to 4.2.4 Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 03/21] gnu: halibut: Add lint-hidden-cve property Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 04/21] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 05/21] gnu: folders: Add lint-hidden-cve property Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 06/21] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 07/21] gnu: express: " Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 08/21] gnu: cli: " Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 09/21] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 10/21] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 11/21] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 12/21] gnu: sylpheed: Add release-monitoring-url property Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 13/21] gnu: openvswitch: Update to 3.4.0 Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 14/21] gnu: quagga: Fix build and hide CVE Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 15/21] gnu: bwm-ng: Add lint-hidden-cve property Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 16/21] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 17/21] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-15 12:58     ` [bug#74034] [PATCH v2] gnu: got: Update to 0.105 ashish.is--- via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 18/21] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 19/21] gnu: immer: Add lint-hidden-cve property Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 20/21] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-10-26 22:41   ` [bug#74034] [PATCH 21/21] gnu: gerbv: " Nicolas Graves via Guix-patches via
2024-10-27 18:16 ` [bug#74034] [PATCH v2 00/16] Add cpe-vendor and lint-hidden-cpe-vendors properties Nicolas Graves via Guix-patches via
2024-10-27 18:16   ` [bug#74034] [PATCH v2 01/16] guix: cve: " Nicolas Graves via Guix-patches via
2024-10-27 18:16   ` [bug#74034] [PATCH v2 02/16] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-10-27 18:20 ` [bug#74034] [PATCH v2 01/16] guix: cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 02/16] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 03/16] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 04/16] gnu: folders: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 05/16] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 06/16] gnu: express: " Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 07/16] gnu: cli: " Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 08/16] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 09/16] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 10/16] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 11/16] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 12/16] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 13/16] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 14/16] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 15/16] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-10-27 18:20   ` [bug#74034] [PATCH v2 16/16] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-11-06 21:43   ` [bug#74034] [PATCH v2 01/16] guix: cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Ludovic Courtès
2024-11-07  8:45     ` Nicolas Graves via Guix-patches via
2024-11-07 20:07       ` Nicolas Graves via Guix-patches via
2024-11-08 18:02 ` [bug#74034] [PATCH v3 01/17] " Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 02/17] cve: Separate vendor and string Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 03/17] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 04/17] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 05/17] gnu: folders: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 06/17] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 07/17] gnu: express: " Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 08/17] gnu: cli: " Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 09/17] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 10/17] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 11/17] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 12/17] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 13/17] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 14/17] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 15/17] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 16/17] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-08 18:02   ` [bug#74034] [PATCH v3 17/17] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-11-08 18:13 ` [bug#74034] [Nicolas Graves] [PATCH v3 02/17] cve: Separate vendor and string Nicolas Graves via Guix-patches via
2024-11-13  2:53   ` Maxim Cournoyer
2024-11-13  8:08     ` Nicolas Graves via Guix-patches via
2024-11-13 10:23 ` [bug#74034] [PATCH v4 01/16] cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Nicolas Graves via Guix-patches via
2024-11-13 10:23   ` [bug#74034] [PATCH v4 03/16] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-11-13 10:23   ` [bug#74034] [PATCH v4 05/16] gnu: spectra: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-13 10:23   ` [bug#74034] [PATCH v4 06/16] gnu: express: " Nicolas Graves via Guix-patches via
2024-11-13 10:23   ` [bug#74034] [PATCH v4 08/16] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-11-13 10:24   ` [bug#74034] [PATCH v4 10/16] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-11-13 10:24   ` [bug#74034] [PATCH v4 11/16] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-13 10:24   ` [bug#74034] [PATCH v4 12/16] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-11-13 10:24   ` [bug#74034] [PATCH v4 13/16] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-13 10:24   ` [bug#74034] [PATCH v4 14/16] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-11-13 10:24   ` [bug#74034] [PATCH v4 15/16] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-13 10:24   ` [bug#74034] [PATCH v4 16/16] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-11-17 17:19   ` [bug#74034] [PATCH v4 01/16] cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Ludovic Courtès
2024-11-17 17:20   ` Ludovic Courtès
2024-11-19  7:45 ` [bug#74034] [PATCH v5 " Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 02/16] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 03/16] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 04/16] gnu: folders: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 05/16] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 06/16] gnu: express: " Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 07/16] gnu: cli: " Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 08/16] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 09/16] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 10/16] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-11-19  7:45   ` [bug#74034] [PATCH v5 11/16] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-19  7:46   ` [bug#74034] [PATCH v5 12/16] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-11-19  7:46   ` [bug#74034] [PATCH v5 13/16] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-19  7:46   ` [bug#74034] [PATCH v5 14/16] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-11-19  7:46   ` [bug#74034] [PATCH v5 15/16] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-19  7:46   ` [bug#74034] [PATCH v5 16/16] gnu: cvs: " Nicolas Graves via Guix-patches via
2024-11-20 22:10   ` [bug#74034] [PATCH v5 01/16] cve: Add cpe-vendor and lint-hidden-cpe-vendors properties Ludovic Courtès
2024-11-24 20:16 ` Nicolas Graves via Guix-patches via [this message]
2024-11-24 20:16   ` [bug#74034] [PATCH v6 02/16] gnu: halibut: Add cpe-vendor property Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 03/16] gnu: portfolio: Update to 1.0.1 Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 04/16] gnu: folders: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 05/16] gnu: spectra: " Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 06/16] gnu: express: " Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 07/16] gnu: cli: " Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 08/16] gnu: h2c: " Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 09/16] gnu: xenon: Update to 0.9.3 Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 10/16] gnu: bolt: Update to 0.9.8 Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 11/16] gnu: bwm-ng: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 12/16] gnu: onedrive: Update to 2.5.2 Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 13/16] gnu: got: Update to 0.104 Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 14/16] gnu: dex: Update to 0.10.1 Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 15/16] gnu: immer: Add lint-hidden-cpe-vendors property Nicolas Graves via Guix-patches via
2024-11-24 20:16   ` [bug#74034] [PATCH v6 16/16] gnu: cvs: " Nicolas Graves via Guix-patches via

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241124201638.10098-1-ngraves@ngraves.fr \
    --to=guix-patches@gnu.org \
    --cc=74034@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    --cc=ngraves@ngraves.fr \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).