From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id kCDXJ3G6UWAUawAA0tVLHw (envelope-from ) for ; Wed, 17 Mar 2021 08:14:41 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id UFmNI3G6UWC8HwAAbx9fmQ (envelope-from ) for ; Wed, 17 Mar 2021 08:14:41 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1F149A2D8 for ; Wed, 17 Mar 2021 09:14:41 +0100 (CET) Received: from localhost ([::1]:60134 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lMRKC-0005z9-92 for larch@yhetil.org; Wed, 17 Mar 2021 04:14:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53232) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lMRJa-0005fe-FU for guix-patches@gnu.org; Wed, 17 Mar 2021 04:14:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:58558) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lMRJa-0005D0-86 for guix-patches@gnu.org; Wed, 17 Mar 2021 04:14:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lMRJa-0002vt-2a for guix-patches@gnu.org; Wed, 17 Mar 2021 04:14:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#47193] Fancify guix lint -c cve output Resent-From: =?UTF-8?Q?L=C3=A9o?= Le Bouter Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 17 Mar 2021 08:14:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47193 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Tobias Geerinckx-Rice Cc: 47193@debbugs.gnu.org X-Debbugs-Original-Cc: guix-patches@gnu.org, 47193@debbugs.gnu.org Received: via spool by 47193-submit@debbugs.gnu.org id=B47193.161596883311245 (code B ref 47193); Wed, 17 Mar 2021 08:14:02 +0000 Received: (at 47193) by debbugs.gnu.org; 17 Mar 2021 08:13:53 +0000 Received: from localhost ([127.0.0.1]:41868 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMRJR-0002vJ-FT for submit@debbugs.gnu.org; Wed, 17 Mar 2021 04:13:53 -0400 Received: from mail.zaclys.net ([178.33.93.72]:47083) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lMRJN-0002v3-Or for 47193@debbugs.gnu.org; Wed, 17 Mar 2021 04:13:52 -0400 Received: from guix-xps.local (82-64-145-38.subs.proxad.net [82.64.145.38]) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12H8DgOw059913 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 17 Mar 2021 09:13:42 +0100 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12H8DgOw059913 Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1615968823; bh=ElJThSKmCIRopXH6G3XUQ8sxHE04Fz4WRi4SflMQx1Q=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=GF9UPesBhtGRu1RuStUWlUvIWV/h5ij1lnhfZVVWs+McWya3mFCEv8nzQ0KcIZEsq t6KJn/4+3ixYy3AYKQiXOcum+I7BcCiZnSRvWoqBxf5cVGQzlYqjg/x5wDThcpu1Is NgTVW/YEQ0fnxXswo1u0E4CoeFQsKjCTrrS4KiYA= Message-ID: Date: Wed, 17 Mar 2021 09:13:36 +0100 In-Reply-To: <87a6r2n6pd.fsf@nckx> References: <87im5rm6lw.fsf@nckx> <0524f6bfe10befabf7969aa0fbf90503e7db1ab7.camel@zaclys.net> <87a6r2n6pd.fsf@nckx> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-fe9/7lP/3Bt8kHiWt+yj" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: =?UTF-8?Q?L=C3=A9o?= Le Bouter X-ACL-Warn: , =?UTF-8?Q?L=C3=A9o?= Le Bouter via Guix-patches From: =?UTF-8?Q?L=C3=A9o?= Le Bouter via Guix-patches via X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1615968881; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=ElJThSKmCIRopXH6G3XUQ8sxHE04Fz4WRi4SflMQx1Q=; b=N2bHCJW7oC5ahd7AGi/n8+fqEMJ1tfZYpZpWhvU2/TcS2OaYk36CUP3dPhZB8hSqiCLa+y WBSVImqgJkN9rWxU6v4nifX67nXd1ry4pT/MMIZsbxhuRjkDojqeUxCVNtwyI/JyRQRPkc gjcxPpQaLWw471kVGvUeNjPyELlxu93zg8zQdENt/mf8S2ovc2ZW8t65eRg/q1GfQju/c9 HI8suIhGG/ca+KCs5sQ/PUW+ST4lAzhRRngdCHczf/MqfRfsgUvNFsEsQ6iEgS21eaVCkq RUQt0NcHM6z12xPU9TzNDb9liyUWWyFWt4blzgUpTZRVd2oTvt6JKjpDTcxz9Q== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615968881; a=rsa-sha256; cv=none; b=E7FtbSgNF/fBWtxEDk6XMC8Q5D//bGxJyiXIGYk4wxqSrZBVpaLteErUoKfk6LDD8hk+GM ErsOoEP93/BXdTTv8N4LO28/8qmYeSR6IiR87Mj9JsncvDyeHzcGTZPmEOPgKgckuYVnTv jR1gx6nDUKWuux5Kzvyvcam7ioq8dK/XwgX+UkKi6Yv3WHG+eg0oXxZ/+s8Hym9amrcr/9 ydmw3orSfNVG7KlL2ZvyPKlZg2WLZNyTtXATLf9rDMhtkyqOBh50efCIAy2JNZS59jlXkD Dd6h4NU/V/2Ivu6UTK+l0VQhTcamLccTcVSBPtKxUHyif+2ylIWz/h4hGjFi8A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=zaclys.net header.s=default header.b=GF9UPesB; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -5.00 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=zaclys.net header.s=default header.b=GF9UPesB; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 1F149A2D8 X-Spam-Score: -5.00 X-Migadu-Scanner: scn0.migadu.com X-TUID: kA3y/x/kcKC0 --=-fe9/7lP/3Bt8kHiWt+yj Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2021-03-16 at 22:12 +0100, Tobias Geerinckx-Rice wrote: > L=C3=A9o! Tobias! :-) > L=C3=A9o Le Bouter via Guix-patches via =E5=86=99=E9=81=93=EF=BC=9A > > guix/cve.scm:328:18: warning: possibly unbound variable=20 > > `cve-item-base- > > severity' >=20 > One dark and stormy night I turned away an old woman at my doors,=20 > and ever since I have been cursed to include at least one stupid=20 > typo in each patch I send. True story. >=20 > Thanks for testing. Fixed but it should not affect running guix=20 > lint. I tried fixing it as well, $ git diff diff --git a/guix/cve.scm b/guix/cve.scm index 3809e4493f..d52ea05117 100644 --- a/guix/cve.scm +++ b/guix/cve.scm @@ -325,7 +325,7 @@ versions." return #f if ITEM does not list any configuration or if it does not list any \"a\" (application) configuration." (let ((id (cve-id (cve-item-cve item))) - (severity (cve-item-base-severity item))) + (severity (cve-item-cvssv3-base-severity item))) (match (cve-item-configurations item) (() ;no configurations #f) Look right? > Hmm. I bet =E2=80=98rm -rf ~/.cache/guix/http=E2=80=99 will make this go= =20 > conveniently away, just like lady stormypants. I tried that (without the fix above) and: $ ./pre-inst-env guix lint -c cve patch fetching CVE database for 2021... Backtrace: In ice-9/boot-9.scm: 1736:10 18 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 17 (apply-smob/0 #) In ice-9/boot-9.scm: 718:2 16 (call-with-prompt _ _ #) In ice-9/eval.scm: 619:8 15 (_ #(#(#))) In guix/ui.scm: 2164:12 14 (run-guix-command _ . _) In ice-9/boot-9.scm: 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _) 1731:15 12 (with-exception-handler # =E2=80=A6) In srfi/srfi-1.scm: 634:9 11 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 65:4 10 (run-checkers _ _ #:store _) In srfi/srfi-1.scm: 634:9 9 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 74:21 8 (_ _) In guix/lint.scm: 1205:4 7 (check-vulnerabilities _ _) 1151:9 6 (_ _) In unknown file: 5 (force #) In guix/lint.scm: 1134:2 4 (_) 1093:2 3 (call-with-networking-fail-safe _ _ _) In ice-9/boot-9.scm: 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _) 1669:16 1 (raise-exception _ #:continuable? _) 1667:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1667:16: In procedure raise-exception: error: cve-item-base-severity: unbound variable Then *with* the fix: $ ./pre-inst-env guix lint -c cve patch fetching CVE database for 2021... Backtrace: In ice-9/boot-9.scm: 1736:10 18 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 17 (apply-smob/0 #) In ice-9/boot-9.scm: 718:2 16 (call-with-prompt _ _ #) In ice-9/eval.scm: 619:8 15 (_ #(#(#))) In guix/ui.scm: 2164:12 14 (run-guix-command _ . _) In ice-9/boot-9.scm: 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _) 1731:15 12 (with-exception-handler # =E2=80=A6) In srfi/srfi-1.scm: 634:9 11 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 65:4 10 (run-checkers _ _ #:store _) In srfi/srfi-1.scm: 634:9 9 (for-each # =E2=80=A6) In guix/scripts/lint.scm: 74:21 8 (_ _) In guix/lint.scm: 1205:4 7 (check-vulnerabilities _ _) 1151:9 6 (_ _) In unknown file: 5 (force #) In guix/lint.scm: 1134:2 4 (_) 1093:2 3 (call-with-networking-fail-safe _ _ _) In ice-9/boot-9.scm: 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _) 1669:16 1 (raise-exception _ #:continuable? _) 1667:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1667:16: In procedure raise-exception: Throw to key `match-error' with args `("match" "no matching pattern" (vulnerabilities 2 ((v "CVE-2021-0212" "MEDIUM" (("contrail_networking" (< "1911.31")))) (v "CVE-2021-0220" "MEDIUM" (("junos_space" (or "19.1" (or "18.4" (or "18.3" (or "18.2" (or "18.1r1" (or "18.1" (or "17.21.4" (or "17.2" (or "17.1" (or "16.1" (or "15.2" (or "15.14" (or "15.12" (or "15.1" (or "14.1" (or "13.33" (or "13.11.8" (or "13.1" (or "12.3" (or "12.2" (or "12.1" (or "11.4" (or "11.3" (or "11.2" (or "11.1" (or "2.0" (or "1.4" (or "1.3" (or "1.2" (or "1.1" "1.0"))))))))))))))))))))))))))))))))) (v "CVE-2021-1051" "HIGH" (("gpu_driver" (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>=3D "418") (< "427.11")) (and (>=3D "390") (< "392.63")))))))) (v "CVE-2021-1052" "HIGH" (("gpu_driver" (or (or (and (>=3D "460") (< "460.32.03")) (or (and (>=3D "450") (< "450.102.04")) (and (>=3D "390") (< "390.141")))) (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>=3D "418") (< "427.11")) (and (>=3D "390") (< "392.63"))))))))) (v "CVE-2021-1053" "MEDIUM" (("gpu_driver" (or (or (and (>=3D "460") (< "460.32.03")) (or (and (>=3D "450") (< "450.102.04")) (and (>=3D "390") (< "390.141")))) (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>=3D "418") (< "427.11")) (and (>=3D "390") (< "392.63"))))))))) (v "CVE-2021-1054" "MEDIUM" (("gpu_driver" (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>=3D "418") (< "427.11")) (and (>=3D "390") (< "392.63")))))))) (v "CVE-2021-1055" "MEDIUM" (("gpu_driver" (or (and (>=3D "460") (< "461.09")) (or (and (>=3D "450") (< "452.77")) (or (and (>= =3D " [...] I ran "$ rm -rf ~/.cache/guix/http" between each and every of these attempts. The cache is clear, I also did make clean and recompiled (so no left around .go file). >=20 > > (v "CVE-2021-0212" (("contrail_networking" ... >=20 > This is a stale cache file lacking the newly added =E2=80=98severity=E2= =80=99=20 > field: >=20 > (v "CVE-2021-0212" "MEDIUM" (("contrail_networking" ... >=20 > I bumped the format version to 2 in (guix cve) to signal this=20 > incompatible change, but it appears this field may exist merely as=20 > a friendly reminder to actually add version handling some day...? >=20 > I guess today is that day. >=20 > Bah, Don't know! I think there's some other issue here, or maybe you modified the patch a little more on your side. PS: I looked at the image you initially posted and the output looks really nice and helpful!! >=20 > T G-R Thank you :-D L=C3=A9o --=-fe9/7lP/3Bt8kHiWt+yj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBRujAACgkQRaix6GvN EKbABxAAxIQIanIXnFBBdfYDq37dBFdPHW76Ds7Ca7s6/SG5eEFd/W3vYQ2+e5qu bru3iy/UWD7jXkwCwym0UdB1e5SRcOTfRO7raELjLIe/AfnIEg0KCE+wDCHkyxFv uu2PmshtHbcIZHKumiXjL470PoG2v3OGUQHm6Zk4eSJPcxW6OoiNK/CB8oguBI5C 31iyGyyWri0Z4ITYCt7e3KuGVIbr6WkUO1yOc5v71rmfgrs7TVtkDXcEsBOeH5eF Axaw77S+ehRDeI/UVaMYkjLG8aPdgMGitFQE7UNzonnUCNxMbPs1/1i3KE7pUHpt 0Kb9P+HbhgdmgL3keH3i2UFOTjh548fnGfbhFgR/9LFroQUY9DKSGQnQq2GCahFM 0fptMRcxsOFd/awIK9Ef35FzbLL9wxNB4nAs3xLeid8/mJ/3CJxLOz/eNuFfvvjP 7Wl9FagPhuVMhEbLAB+inKIRe8Jkhz2+XUMBih9utRFtNuUYUsoYIEmZp3CRq4LO tLcIyhq9G5gLfKvw0VCQeT6f/LgiSVTeud0jsL40SrDoHmh/jue+Mvro2d4enmXu epjtIXorc5DjAbjFgvbCpDhrWd6DrwPsPwS+O206RQcgPwwyFKiRoz9PW0f7yI7f ZODDjyzkjyfPMwdD6r5oe27t68ZaeOn/PXHOQIhFzOeB3InDzKI= =WI21 -----END PGP SIGNATURE----- --=-fe9/7lP/3Bt8kHiWt+yj--