From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id MMRfKV5TJmQOSwEASxT56A (envelope-from ) for ; Fri, 31 Mar 2023 05:28:30 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 8JsiKV5TJmRh8AAAauVa8A (envelope-from ) for ; Fri, 31 Mar 2023 05:28:30 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6539A1313C for ; Fri, 31 Mar 2023 05:28:30 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pi5Qq-0005Wb-9N; Thu, 30 Mar 2023 23:28:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pi5Qo-0005WF-JV for guix-patches@gnu.org; Thu, 30 Mar 2023 23:28:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pi5Qo-0004jd-Bj for guix-patches@gnu.org; Thu, 30 Mar 2023 23:28:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pi5Qn-00067r-V5 for guix-patches@gnu.org; Thu, 30 Mar 2023 23:28:01 -0400 Subject: bug#62380: [staging PATCH 0/4] Update hdf5. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-To: guix-patches@gnu.org Resent-Date: Fri, 31 Mar 2023 03:28:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 62380 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Greg Hogan Cc: 62380-done@debbugs.gnu.org Mail-Followup-To: 62380@debbugs.gnu.org, maxim.cournoyer@gmail.com, code@greghogan.com Received: via spool by 62380-done@debbugs.gnu.org id=D62380.168023323223480 (code D ref 62380); Fri, 31 Mar 2023 03:28:01 +0000 Received: (at 62380-done) by debbugs.gnu.org; 31 Mar 2023 03:27:12 +0000 Received: from localhost ([127.0.0.1]:59938 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pi5Pz-00066e-Qs for submit@debbugs.gnu.org; Thu, 30 Mar 2023 23:27:12 -0400 Received: from mail-qv1-f44.google.com ([209.85.219.44]:41481) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pi5Pw-00066Q-T3 for 62380-done@debbugs.gnu.org; Thu, 30 Mar 2023 23:27:10 -0400 Received: by mail-qv1-f44.google.com with SMTP id g9so15580659qvt.8 for <62380-done@debbugs.gnu.org>; Thu, 30 Mar 2023 20:27:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680233223; x=1682825223; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=XGx5iCEWd4+M8HA8IsknaxDme3Kb62dBPbwNtywMMn4=; b=Hxd3pYzSMXSmoM4emiTo9Tf5AUoYvjYaPgVMmjERNwQsvLfMhUbBMavSCQOL9XShW9 PflCyTqpMk7SAuubveQFwyu3b9TLCpZE5XNHnJTDISfZL6XrL3vj/YrD5TEdAPZ8bs9u OQWlrLcygs3lF/UkoxdMs7eRj4ZKn+1kGQD2MlU9Cv8p+qPwDZY43mChzWPmCG+ozDM/ CwjSp7/dOOAbZSjzq1A9pr+FuLkk8T3u7cZTJ77C8yVmbveZb7UA/M0xA2LISQui4A4x Cx63svQEB6i0F3lD0C2dGSiUAQq6mZlZQoRfR3Mc2sYVWa8+le0tP88n62LW2WLupgVC 2yJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680233223; x=1682825223; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=XGx5iCEWd4+M8HA8IsknaxDme3Kb62dBPbwNtywMMn4=; b=R8mgtZKUjjPoWFr3ChXX96tsPb9rQYU2rYJnX/Px6pg51qSe1MKn2W8e7OJqqSD0k/ bboNTSUYY/3B72BGuN3cuCMuu6etycWL3zBvSIMd/WTnXCX+xmE7N2tv/eH32UVh5y9E yHV95XE9QJfGcD+JedzSm17Nbd7ZFrAwqiL53Zwfyb4I1TXUh+m0aGVT+Af7na9imart 4rdRUiJyU9pNnKG18aNHKpmK9H4I13jU+moC2008CV4gYKQ5BLK0Z2KNG13523jdjjet M1hXFHXIcrnvJTaKEmC4wf/5HY7GhAogXi5skshvZL0BWt1cgX+Aj0sR/AA7h9ZbllVS eXhA== X-Gm-Message-State: AAQBX9dt0kvTbEhkEy0fcTqZ9IEkGhbNmv03vvk44p5kmitGpDOVQ9mp SJNG+6Rr4pzRRSMaEyPxAw3OOx4MnWEuZQ== X-Google-Smtp-Source: AKy350aNX4jyioSodYAfRfP/Knq7PdZKsld/UD0z2JrJDihH5vAIC9HtmKedBpY6ogHwOqizXFjtjA== X-Received: by 2002:a05:6214:5084:b0:5a3:2f3c:4ee2 with SMTP id kk4-20020a056214508400b005a32f3c4ee2mr35469838qvb.42.1680233222865; Thu, 30 Mar 2023 20:27:02 -0700 (PDT) Received: from hurd (dsl-10-133-241.b2b2c.ca. [72.10.133.241]) by smtp.gmail.com with ESMTPSA id me17-20020a0562145d1100b005e1f6d5722asm115787qvb.65.2023.03.30.20.27.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Mar 2023 20:27:02 -0700 (PDT) From: Maxim Cournoyer References: <20230322135711.181552-1-code@greghogan.com> <20230322135711.181552-4-code@greghogan.com> Date: Thu, 30 Mar 2023 23:27:01 -0400 In-Reply-To: <20230322135711.181552-4-code@greghogan.com> (Greg Hogan's message of "Wed, 22 Mar 2023 13:57:11 +0000") Message-ID: <87fs9ly516.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1680233310; a=rsa-sha256; cv=none; b=SeUVyW2GSIZYPkxjiHMNcP/gP/WTS1lgj4zbes1XkKlHTRKtw8ZNuN2fv8WwEugXkeM3LA eRJg0WsxEAU13SOXKnju76ESmQuODums6fVXSOGSFPAXuxcsunih75yzP9Hj63Q/TSJ8bt YKCd0rPln6WB1aB90pVtry4froLa8Ss/cSY/KVg60wtlcR4WjkVD4I4boXwoMO2L3Decr2 CyMYVp9U7CZ6RiyuvvZMV0UnxbQrjRBJh/kwCGkv3ibaU3EHyuYp32F5cNKARFxylkr6YP HcdgNh7W9FR5+O4xRus4VA2ne7CRwAl/QY9zEjdkvkQX6Ldm6asbLUvzo9bNIQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=Hxd3pYzS; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1680233310; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-to:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=XGx5iCEWd4+M8HA8IsknaxDme3Kb62dBPbwNtywMMn4=; b=skVCNRm5WcW8ZB17LOXaDVfp1l3zboywIEcrVRtLZRW/faTIQHk+vz2BYlj0QMtaIXqbjS 4XFkqwTOMgfdlwkCI8YJsIqz/JR+WxZsf88kOZtF/C2qRUq2pJbZwdvnGSoDE1w9Wx8DW3 bQtYXVrj84Kf0HEqn5Tj0xWq2cFkfRwsckhshOQDLwu9mpYniO1RiAE2jttxCgxqttCXXw 7abhn8NXubKv1D/WM/YInZDbpNcLjVviDcL7X/w63Dh7lKA3iZUkIVMofE9nHbvc4pkFus OWZ7qAR+jaujtt5sgdMi3f9SBCH5VEJJoqJJSzOA2R2DZ7dW3GXipKDvlfqk1Q== Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=Hxd3pYzS; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -3.12 X-Spam-Score: -3.12 X-Migadu-Queue-Id: 6539A1313C X-TUID: J5bfZPOn5h93 Hello, I've installed the series to staging. It seems it could have also been on the limit to go to master, so in the future feel free to submit for master. Something we should look into is hide the (false positive, I assume?) CVEs reported by guix lint: --8<---------------cut here---------------start------------->8--- gnu/packages/maths.scm:1390:2: hdf5@1.8.23: probably vulnerable to CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812 gnu/packages/maths.scm:1515:2: hdf5@1.10.9: probably vulnerable to CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812 gnu/packages/maths.scm:1535:2: hdf5@1.12.2: probably vulnerable to CVE-2021-37501 --8<---------------cut here---------------end--------------->8--- This can be done by adding lint-hidden-cve properties, with explanatory comments. -- Thanks, Maxim