From: ludo@gnu.org (Ludovic Courtès)
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org
Subject: Re: 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366.
Date: Sat, 01 Jul 2017 17:59:10 +0200 [thread overview]
Message-ID: <87h8ywb12p.fsf@gnu.org> (raw)
In-Reply-To: <87k23tpk4d.fsf@netris.org> (Mark H. Weaver's message of "Fri, 30 Jun 2017 11:31:46 -0400")
Hi Mark,
Mark H Weaver <mhw@netris.org> skribis:
> ludo@gnu.org (Ludovic Courtès) writes:
>
>> civodul pushed a commit to branch core-updates
>> in repository guix.
>>
>> commit 503a4df904b8d4b82caebdb17db9c5f76a952418
>> Author: Ludovic Courtès <ludo@gnu.org>
>> Date: Thu Jun 29 12:53:14 2017 +0200
>>
>> gnu: glibc/linux: Add patches for CVE-2017-1000366.
>>
>> * gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch,
>> gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch,
>> gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files.
>> * gnu/local.mk (dist_patch_DATA): Add them.
>> * gnu/packages/base.scm (glibc/linux)[source](patches): Add them.
>> [replacement]: Remove.
>> (glibc-2.25-patched): Remove.
>> (glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)
>> (glibc-locales): Remove 'replacement' field.
>
> Why did you remove the (replacement #f) fields from glibc-2.24,
> glibc-2.23, glibc-2.22, and glibc-2.21?
Simply to remove redundant lines.
> Keeping the inherited replacements will never do the right thing here,
> because the inherited replacement will always be for a newer version
> of glibc.
>
> It would be nice to have things arranged in such a way that we can
> simply add a replacement for 'glibc/linux', when needed. We did that
> work for CVE-2017-1000366. It would be good not to revert that work,
> to facilitate future security updates.
OK, I agree.
> More generally, I think we need to give more thought to how to handle
> 'replacement' fields when we inherit packages, in order to do the right
> thing when the inherited package is grafted. One way is to override
> (replacement #f). Another is to use the 'package/inherit' macro from
> (guix packages), which applies the same overrides to the replacement.
> I can't think of a case where it's proper to leave the 'replacement'
> unchanged when inheriting a package.
>
> What do you think?
First, we could mark the ‘replacement’ field as “innate”, which means it
will never be inherited (like the ‘location’ field.) Like you, I can’t
think of a situation where inheriting the replacement makes sense.
Then ‘package/inherit’ seems to be doing the rest of the job correctly.
The bad thing is that it’s easy to forget to use it. If we’re
motivated, we could hack this feature (let’s call it “recursive
inheritance”) right into (guix records).
Thoughts?
Thanks,
Ludo’.
next prev parent reply other threads:[~2017-07-01 15:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20170629200450.17825.10767@vcs0.savannah.gnu.org>
[not found] ` <20170629200450.E946620FFF@vcs0.savannah.gnu.org>
2017-06-30 15:31 ` 01/01: gnu: glibc/linux: Add patches for CVE-2017-1000366 Mark H Weaver
2017-07-01 4:08 ` Mark H Weaver
2017-07-01 15:45 ` Ludovic Courtès
2017-07-01 15:59 ` Ludovic Courtès [this message]
2017-07-01 17:03 ` Mark H Weaver
2017-07-01 17:28 ` Mark H Weaver
2017-07-03 10:14 ` Ludovic Courtès
2017-07-03 21:54 ` Ludovic Courtès
2017-07-04 3:07 ` Mark H Weaver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h8ywb12p.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.