From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Bavier <ericbavier@gmail.com>
Subject: Re: Handling =?utf-8?B?4oCYZmlsZeKAmQ==?= CVE
Date: Thu, 13 Nov 2014 14:42:01 -0600
Message-ID: <87fvdmvnmu.fsf@gmail.com>
References: <87389nl6wi.fsf@gnu.org> <87mw7vhwgz.fsf@gnu.org>
	<87egt7f052.fsf@yeeloong.lan> <87h9y3uee3.fsf@gmail.com>
	<87zjbu6er4.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56658)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ericbavier@gmail.com>) id 1Xp1Cs-0003e8-QX
	for guix-devel@gnu.org; Thu, 13 Nov 2014 15:41:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ericbavier@gmail.com>) id 1Xp1Ck-0001g7-HC
	for guix-devel@gnu.org; Thu, 13 Nov 2014 15:41:30 -0500
In-reply-to: <87zjbu6er4.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Cc: Guix-devel <guix-devel@gnu.org>


Ludovic Courtès writes:

> Eric Bavier <ericbavier@gmail.com> skribis:
>
>> Mark H Weaver writes:
>>
>>> Finally, 'file' is a propagated-input for 'intltool', which means that
>>> if anyone installs 'intltool' in their profile, they will have the buggy
>>> 'file' in their PATH.
>>
>> The attached patch might be enough to fix this.
>>
>> +    (arguments
>> +     `(#:phases (alist-cons-after
>> +                 'unpack 'patch-file-references
>> +                 (lambda _
>> +                   (substitute* "intltool-update.in"
>> +                     (("`file") (string-append "`" (which "file"))))))))
>
> Should use (string-append (assoc-ref inputs "file") "/bin/file") to work
> correctly in a cross-compilation context.

I thought that might need to be done, but couldn't think why.  Thanks
for providing the reason ;)

> Also, the last argument to ‘alist-cons-after’ is missing.

I noticed that soon after I emailed the patch. 

> Could you push the updated patch to ‘core-updates’?  We’ll see how where
> it takes us.

Will do.

> The main limitation here is that it takes almost a week for the MIPS
> machine to rebuild everything (~2 days for Intel), and I’d like
> everything to be built on the D-day.

That would be nice, yes.

-- 
Eric Bavier

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html