From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id WAwtLYSIWGZqdQEAA41jLg (envelope-from ) for ; Thu, 30 May 2024 16:09:08 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id eBfiKYSIWGaezQAA62LTzQ (envelope-from ) for ; Thu, 30 May 2024 16:09:08 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=YenFAytK; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=oeSuJCLy; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1717078148; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=T92NOeKfD6lZ3gqGxthAd3cpo7z30zriJ/2wGBE92go=; b=jxMQ7YgqdhUL19IrT6LUpWTgJGI5pD2V92/db2IfUta11UnPGxSnJo1ftMnBPltmCBRqNN 8AuV5U0Z2QjgqbmrQiZc5CRxh0+B7a8kQdEdFgRn3X6LAdY6PnWvurPRBvY9Ni0bmpftt0 dzwE2fqC0w+AKKpY4uwFhe5h0nr4iDra8nxJ5Uj+QAl6zm3c22/sgW8459gvBp6JBmz1pD BqNSgM7Q+ZRQ3mOr+LXQeIEhVft8JEbXmHjf8oejXwz1awE2U8p1AxA0C6EXmlqt9akPvB xkALhu7Cp/uK7bNfXTwlt49oRKkktcEe+FgwPs5gWTgLbTs2/kP9dlmKACZ0UA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=YenFAytK; dkim=fail ("headers rsa verify failed") header.d=wolfsden.cz header.s=mail header.b=oeSuJCLy; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=wolfsden.cz (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1717078148; a=rsa-sha256; cv=none; b=MkjlnoI3YrMlyrWenOBrRYlw6vAYL10ZsgALNhOz5zl+3iGvSCcM6t34QFXdNaLVlxFKoz MrwnwZSZVrDZogm9/7z4hSfEgrx5gs+hsA5BijvLtEP2G6nnOxeovNnCgJWn0yjkhNAD0H Bxk9/S3sdskvRAjiTVBlY6GQey2bMWHg8PjWHhzNHT5FZgsMmsbP2pEDIzNZI6Eqg1+Wn1 NxbKizq9sE+mubZ7M5Q2EF35BwQb/JJq4gREoFCXLkYD7vIALT721xXNDaR7K9WHSnGfp4 IXbJGuKU2Kp4VXqLkvxNuZQoKLGfTb17mJsZdrcziduQ9BlTdUQib5rx+VG9ew== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 4B46C117A0 for ; Thu, 30 May 2024 16:09:08 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sCgSd-0007WT-0k; Thu, 30 May 2024 10:08:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sCgSa-0007Ti-Eo for guix-patches@gnu.org; Thu, 30 May 2024 10:08:52 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sCgSa-0001Ba-3z for guix-patches@gnu.org; Thu, 30 May 2024 10:08:52 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sCgSk-0008En-9m for guix-patches@gnu.org; Thu, 30 May 2024 10:09:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#71125] [PATCH] gnu: buildah: Update to 1.35.4 [security fixes]. Resent-From: Tomas Volf <~@wolfsden.cz> Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 30 May 2024 14:09:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 71125 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 71125-done@debbugs.gnu.org Received: via spool by 71125-done@debbugs.gnu.org id=D71125.171707812131625 (code D ref 71125); Thu, 30 May 2024 14:09:02 +0000 Received: (at 71125-done) by debbugs.gnu.org; 30 May 2024 14:08:41 +0000 Received: from localhost ([127.0.0.1]:38761 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sCgSP-0008E1-A4 for submit@debbugs.gnu.org; Thu, 30 May 2024 10:08:41 -0400 Received: from wolfsden.cz ([37.205.8.62]:34304) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <~@wolfsden.cz>) id 1sCgSK-0008Dg-4w for 71125-done@debbugs.gnu.org; Thu, 30 May 2024 10:08:39 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id E28B924CCB4; Thu, 30 May 2024 14:08:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1717078103; bh=9HohzBXXenMDncvCieQX2tjyzclDc1FXZPHF1WMhFUs=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=YenFAytKTH/YH1p1SLfCuMZOtEIrnGHv8oBgHbqxAB6TJ95oDJEPoumITn7e9F7o0 YuQZ1OCuqc4vBjODRt6autwkZhnSrs+2sCJjax6ylsK0m2+v2GxwzFfvGkepmRaecO 5loD6PyVSTlN112AcDFBj+W32HwH+1UoX7G90murye35hl+yxna/o3RGVVmIbsJR1K gPB0Qfc9kSzpBOXBLZJww50oh5wt6dlnnI1trgalXftYMZOFbv23sWC8lOw6+2uiFx wngAnlfgoyiTrtHEx44Bn+PTAp4RVBrzPnWBM2uZ8ukFTXsHjOs81zzZuS3FeSu5f0 2EiOBOQuLyDcbBQx8HkkVOi3chjU3ZvpAK4LkA6QkHbyz+v+i8zi7y/DzRmHGt7gn6 3gmqOZDPD/StGmGRgfrw5y+wcs68s4Yb/s2w/hKRehF/nI1EFkPRZx1OcWn4w7jxbd v3EqNrwthaTtbNxswcdvvjug/5fs63GyVgleS5201947pAbAYqXBLX/9YS/543IBZZ 5ITRj4/B6JDJ2Dx6vE7h9UvOLZDrGhdxmuQw1TcBkOrLnT7vyz+g4W3et3l21Q5K/A 3pfX060wwA7+Tt/9v+msG+EoqIn6KkZvE4Lw3NB+W925oI7+qm/4lIQ3D79TMPxxQM y3tQz9qaEu7cnOQd2l/FtWKw= Received: from localhost (unknown [193.32.127.159]) by wolfsden.cz (Postfix) with ESMTPSA id C197824D9AB; Thu, 30 May 2024 14:08:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1717078102; bh=9HohzBXXenMDncvCieQX2tjyzclDc1FXZPHF1WMhFUs=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=oeSuJCLyG5GjPuSk9ElVd7iui0ZS6XYTISZTZhNfiQR7+5jxRPXvRd7c1VdWRHb+/ U5Z3NIQTBaHeiFSMIsIamqspAxWydwBRrkVoFIuPzphRjswg1wu/vFbGydqMwRUb6f H5hgV2ylTYkd+xI3ZO5q7sZctPLOL2Y9moH5lTiOClx5amRKrtUbvCdTYif38Qq5EJ NTjCXo+9CFBZZb1mNzpHNeq5fE4/VeQs9s63H+nhkT6ZFN//AnlGXDgn4sWjsW3DF5 8TdvhKC27dFEYdY1kvbTDPf7bVuitRtgrwZy+MZyGZfggur2+XYMznwxYad9M4ikr7 m7MRayxrwBDcTGv8sOrEywzoDMPP3OG1V8u8O9/ljIf/wkRdYQC53c/hYLNUIquOPI o0DlGPgGfAvCqrWGGLojA+yCTxIYXyeZe46R56E1a41UXG/WNwp2pKl/tiBdMKSFy9 XvhbQrk+FTtNvb6B+2wrTuKdmTgYDD8PxSVH0tHZNFQrh1+nmrm13rFuAB8p4eZ6K2 XoovYyg7HpaxVoNDsJ5Jhk2WAwrN2Wl22XReYJlcVMcB/119Ok3DRdZCEkBDyL4NxI 4FfZPUXwgwk5P3ZtK1nrdvdVwJIgeRUxUPpQuyGsLTJ46l4rQC6b2l2Bd1ATFmitJ3 1Mu44ypjUoBmSdcniLnuIPC0= Date: Thu, 30 May 2024 16:08:22 +0200 From: Tomas Volf <~@wolfsden.cz> Message-ID: References: <3199a6f4c03372b649f40145a4da52837f9a1f70.1716403923.git.~@wolfsden.cz> <87frtze8f0.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2AG0MAcwm2Dxuqpy" Content-Disposition: inline In-Reply-To: <87frtze8f0.fsf@gmail.com> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 1.05 X-Spam-Score: 1.05 X-Migadu-Queue-Id: 4B46C117A0 X-Migadu-Scanner: mx13.migadu.com X-TUID: YEUFS5qBiIr7 --2AG0MAcwm2Dxuqpy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On 2024-05-30 09:28:03 -0400, Maxim Cournoyer wrote: > Hi, > > Tomas Volf <~@wolfsden.cz> writes: > > > This fixes CVE-2024-3727 and CVE-2024-28180. > > > > * gnu/packages/containers.scm (buildah): Update to 1.35.4. > > I see another patch of yours has landed meanwhile, updating it to > 1.36.0. I trust this is resolved. Yes, I believe so. I should have paid more attention and close this (obsolete) patch. Sorry about that. Tomas -- There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --2AG0MAcwm2Dxuqpy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmZYiFYACgkQL7/ufbZ/ wakv+RAAi0cKcFqd+VDvvixn05XWpmmBKWpZf1XzPaxxQyCpFJsRqIgMqiKBtaTe FR5l7sOYvUzfuzRYpBXXsVdysTlKSCA/5in3PNSZ2VRSaoYQIy3EoURcctKh89Dx wmCS4QTpAVThWHCdTHGO7+BAyvRAk1F4hylUgkO9RoDdVSDiahRaX77TKXe3hyyY lp0T0XGNXk6K8hZ3VFvihPKWBUes8mSFxIKU+OOzw/WMxyTDkgjeEbgBtACMBpAx kdKaFJAdnVuG6reW+rZEYB5gdS7O/b7BG4AY7HkABZ7uc5dT4ugQNbrlsiHCr/Hi P50g/hpkcnSdNl0fmuf2PkeAwYZMkJNLSMHxjsO/Y2/oyhoeEeHnSc/bh0SA7hd2 tDwnd2QK6cwYaCv8msfcpxB+8Q7SLSdH2WJYzm3S+jfhJ7CyoSjIkT8yqd7wMENN utnrJa8syZ4rPvQQakBdyi8bW9nyqC42sod1Dqlsjx9rZx8C4vCKxjSzAb98UxUk 8PVq/PzzAKGoII48URuxPjs6lmuhKeiRNf65VHgQiU6aIO01iLgYkiGBDy4fIA67 3rJd+8bSyh4qhJ/YX8GeJqtEDA9gwYcFUd8wzeK/Dd0MOcqfr+B3VAUwFRckCjM5 M2QOF1zWK4yxeDAce6nZ2ZMr3PZd2Gg/+u/LGnp0KoKfU82koHc= =udTM -----END PGP SIGNATURE----- --2AG0MAcwm2Dxuqpy--