From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id PSEBGxxLrWAcgAEAgWs5BA (envelope-from ) for ; Tue, 25 May 2021 21:08:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id AOU7FhxLrWA9XQAAB5/wlQ (envelope-from ) for ; Tue, 25 May 2021 19:08:12 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id F3F2E1AB0B for ; Tue, 25 May 2021 21:08:11 +0200 (CEST) Received: from localhost ([::1]:50838 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1llcPS-0007U6-Vt for larch@yhetil.org; Tue, 25 May 2021 15:08:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58028) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llcPL-0007Tm-Gp for guix-patches@gnu.org; Tue, 25 May 2021 15:08:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35234) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1llcPK-0000iw-FW for guix-patches@gnu.org; Tue, 25 May 2021 15:08:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1llcPK-0000wo-Ag for guix-patches@gnu.org; Tue, 25 May 2021 15:08:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520. Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 25 May 2021 19:08:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 48656 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 48656@debbugs.gnu.org X-Debbugs-Original-To: Solene Rapenne via Guix-patches via X-Debbugs-Original-Cc: 48656@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16219696373572 (code B ref -1); Tue, 25 May 2021 19:08:02 +0000 Received: (at submit) by debbugs.gnu.org; 25 May 2021 19:07:17 +0000 Received: from localhost ([127.0.0.1]:46774 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llcOb-0000vY-9r for submit@debbugs.gnu.org; Tue, 25 May 2021 15:07:17 -0400 Received: from lists.gnu.org ([209.51.188.17]:37830) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llcOW-0000vB-3B for submit@debbugs.gnu.org; Tue, 25 May 2021 15:07:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57844) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llcOV-00075j-UA for guix-patches@gnu.org; Tue, 25 May 2021 15:07:11 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:44425) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1llcOT-0000Di-Ui for guix-patches@gnu.org; Tue, 25 May 2021 15:07:11 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 07DB95C0198; Tue, 25 May 2021 15:07:08 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 25 May 2021 15:07:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=58NHWTP0XqkA83zNdH1tnGYR pGndbHcLVuueiI5RTmk=; b=Q+laSKWNLp3mewnSNaqW+AYwgxel6/xJ8l3nmDXt Fvei6seY7i429UwppRjxL+OJXYdHwYhWsbfBfpU5Fy1O+1aIREreiIwWrfLz9FsK coHH3dELRbEHhLcGuydF063Lty7yhgqRWZkjsHKaBV9W535V1tjKzeu2VPtdzXZk Xes= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=58NHWT P0XqkA83zNdH1tnGYRpGndbHcLVuueiI5RTmk=; b=uau04qIqRN5keboL2K2RtN Uk+v/3Hwb2i7iGVe7+D2WrEhdYTz1z8dcyUpWR++S6hjOEUuHoRkE8nd4vBu9F4j oISu5x8nb6ZyJM/LdLtFHDdm7kG+hBClZA8xWtMmJY5K3UEQHcg3xSI8qBNUrDyq ZBLZIWJCjn+2w7xOkJrgqnm6vHAb2fTAxMTRzlyl/2eNOFspVs5EXNoS3z3QucYm tXnvNElNS+aY3ZTr0qwQnoqd7SVflAWqjE7JOzAzhQEUJLRA+UJAXHidYl2JJcAg /fXU6FhGWzw9B7FbUD2TlmiyuNZTyKH5yzWonztWTMdYENZspohdUpTSvRtOd0LQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdekuddgudefhecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhephefgleevhfdttdefheeitdfgheffffffledvlefhgfektdethefguefgheeg tefhnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepuddttddruddurdduie elrdduudeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhho mheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 25 May 2021 15:07:07 -0400 (EDT) Date: Tue, 25 May 2021 15:07:05 -0400 From: Leo Famulari Message-ID: References: <20210525202407.383e1713@perso.pw> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210525202407.383e1713@perso.pw> Received-SPF: pass client-ip=66.111.4.28; envelope-from=leo@famulari.name; helo=out4-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1621969692; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=58NHWTP0XqkA83zNdH1tnGYRpGndbHcLVuueiI5RTmk=; b=dF0oJWm66WMr6oEyqinF5etlHf6oSjTy7hDgumeexGlJJMvwcP+jX/zuiMFr/9hzKtJNV3 oXNnScoj+CSyr/7zLUVetVXYRynEUL1ePzmsImnJTY42vQjKl9gTY7oMgEU+L54csg/gn6 tnknAYW69EQpktLng3ao8Xt0Ti0des/VKnFBFkJ4gw90f+Zkvce/GnRoNwG2G4HlMzt6kS 7BNh1j9Y1aOVKV5CYqPiWZ2uoljUkGZ3OXTivqdZDyaSo34qV8+Rxu8flBXMhYA/wunWFD GlRrZXwJsMrXPhU532TfydZH2fRx/hRZjxYA5UVqZM4Hk4Iw60UtETYvq5MKGQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1621969692; a=rsa-sha256; cv=none; b=A4NIYu6S4YBibO6Q3J7VZsisKDBggORo1QVeStRd8YcMpNTXXK15DXXACfmclrORfJBE3c 2cowEPNzAreGQoTRD594LaqqtxDNXQgVQwcMki1HyDs+69cn6lqzokguWpTKJb8MbfIyog i7pX1rXKlS17MUAe0NugpKZTvFvj7E2cmYlIrNSRskmA3v8pLhh7ztCECYMJpI4TZaa22j LhXRL7vOXslpAcBsCZ1OUPDI1xgcG0+hdsxTBiAI8g3+AlmxwcMjVJIVVHgEi8EMh4SCwV /WN+w2tksM2cfUGnJECCFgdUVpsatTw9pJgCMNpdrYgglAs7GYOvGcPFnUAoQg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=Q+laSKWN; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=uau04qIq; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: 0.07 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=Q+laSKWN; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=uau04qIq; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: F3F2E1AB0B X-Spam-Score: 0.07 X-Migadu-Scanner: scn0.migadu.com X-TUID: YYz0I/aMjOKe On Tue, May 25, 2021 at 08:24:07PM +0200, Solene Rapenne via Guix-patches via wrote: > This imports a patch that is not committed upstream yet > but pending for merge on github > > https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7 > > This is already widely used in many distributions distributing lz4 > > --- > gnu/packages/compression.scm | 7 +++++-- > gnu/packages/patches/lz4-CVE-2021-3520.patch | 15 +++++++++++++++ When adding a new patch file, you have to register it in 'gnu/local.mk'. Is there any discussion about this upstream? Why isn't it included in lz4 yet?