On Sat, Aug 27, 2016 at 08:54:34PM -0400, Leo Famulari wrote:
> On Sat, Aug 27, 2016 at 11:48:10PM +0200, Ludovic Courtès wrote:
> > Hello!
> > 
> > Leo Famulari <leo@famulari.name> skribis:
> > 
> > > On Fri, Aug 26, 2016 at 06:14:26PM -0400, Leo Famulari wrote:
> > >> Subject: [PATCH] gnu: flex: Fix CVE-2016-6354.
> > >> 
> > >> * gnu/packages/flex.scm (flex)[replacement]: New field.
> > >> (flex/fixed): New variable.
> > >> * gnu/packages/patches/flex-CVE-2016-6354.patch: New file.
> > >> * gnu/local.mk (dist_patch_DATA): Add it.
> > >
> > > As Mark pointed out on #guix, bugs in flex's generated code can not be
> > > addressed with a graft.
> > 
> > Indeed.  We should add this patch to ‘core-updates’ and start building
> > it (I haven’t checked the status of the various branches, though.)
> 
> Done as eba7fab890.
> 
> I'm not sure of the overall health of the branch, but I have built some
> packages from it locally on x86_64. So, the base system seems to be
> working.
> 

I somehow managed to push a lot to the branch, and currently cmake is
broken, both the "old" version and the "new" version I pushed. They are
broken in the same way, so (based on nothing at all) I assume its
related to the file update.

Also, gcc-4.9.4 causes the same breakage on arm as 5.3.0 did.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted