From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2GsOEpq9AmTS6gAAbAwnHQ (envelope-from ) for ; Sat, 04 Mar 2023 04:40:10 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id +DspEZq9AmTK4AAAG6o9tA (envelope-from ) for ; Sat, 04 Mar 2023 04:40:10 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E766810C81 for ; Sat, 4 Mar 2023 04:40:09 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b="XQW/HBsF"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1677901210; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=oXtSAhaMSvb7wa3DpYbH9ZCiGWMXaqYQf8OpPqeQiYo=; b=Scr2vJwKoMxEfHIA20CJaU5No3aOgs85rZt0yQNUYvDMZuCxRw0dLm1I43cdMOznUn4RHx MQEeHKC/I0uhOEk3nbVYc8ukKMG4zZTmd9FlDtQ4araGJUL8GxqtXrW4HIoTTTs8QVY6Nu Uk1Zdzep3q7K0vpiJ5xADRAUdpeMdNq9kOShO7UHLgm1jexpW7kzQy6kDFjjpfapxcjusg RQ9xExyZTPnqek2NR5hyCen18LsWcWwLJr9xRlDGJ0wymCK2bmFbq85QDR3I7Jrh1Tl7i/ FBfog69Qt1884vAJ0eoD4LJtGuOqkKQ0gREsDHia+gCeP8K1drAWlD2KyM/Gug== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b="XQW/HBsF"; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1677901210; a=rsa-sha256; cv=none; b=kSN+9v1mR09J7iOQmeSWyHpjWOPk60dN/pdnV8sJ6vScnJMP/oXDJIBCE5u2Czim5HByk4 o/hRtVe+vlGNh6gWGObyEIBQsRCQRd27SUW+v+4kBBJhWUI7Br3Rm8D+93+IOyI9oCcxVQ b93yKeg15bwkYQZ3RnMoSqpBf8eSLFHpq2TSykLX4QyZUlrS7yZ9jbsjLbP7Uq4qMwlHHj k2kbjKgh3+Jj0IQSqlzNoJ3857zsD9EXdGHvZuPug852P+K5ACHTTaz4OJGoxcq6BwN40+ 82OWJxyS1NXM6qoQTxhxheLQo9mvO/HAdUyn42EMj+Fx/GUCzdcne3lKj6gojQ== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pYIkd-0005O8-MB; Fri, 03 Mar 2023 22:40:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pYIkc-0005Nk-Aj for guix-patches@gnu.org; Fri, 03 Mar 2023 22:40:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pYIkc-0006eu-0p for guix-patches@gnu.org; Fri, 03 Mar 2023 22:40:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pYIkb-0002FK-NI for guix-patches@gnu.org; Fri, 03 Mar 2023 22:40:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#61583] [PATCH] gnu: git: Update to 2.39.2 [fixes CVE-2023-22490 & CVE-2023-23946]. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 04 Mar 2023 03:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61583 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Simon Tournier Cc: Josselin Poiret , Tobias Geerinckx-Rice , 61583@debbugs.gnu.org, Mathieu Othacehe , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Christopher Baines , Greg Hogan , Ricardo Wurmus Received: via spool by 61583-submit@debbugs.gnu.org id=B61583.16779011718591 (code B ref 61583); Sat, 04 Mar 2023 03:40:01 +0000 Received: (at 61583) by debbugs.gnu.org; 4 Mar 2023 03:39:31 +0000 Received: from localhost ([127.0.0.1]:35043 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pYIk7-0002EU-AK for submit@debbugs.gnu.org; Fri, 03 Mar 2023 22:39:31 -0500 Received: from mail-qt1-f178.google.com ([209.85.160.178]:44006) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pYIk6-0002EH-0s for 61583@debbugs.gnu.org; Fri, 03 Mar 2023 22:39:30 -0500 Received: by mail-qt1-f178.google.com with SMTP id cf14so5118810qtb.10 for <61583@debbugs.gnu.org>; Fri, 03 Mar 2023 19:39:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=oXtSAhaMSvb7wa3DpYbH9ZCiGWMXaqYQf8OpPqeQiYo=; b=XQW/HBsFGcMpppiPi65Ms6oaF6rBiyuqsWmbChGzpGfUO1WzqYSCiJ0tRLTtCfI3yq WufLEBZlRTqG5cY/ObMdLJ+XhBTkktlB2xQFUy7c4CQdaOF24NTDFZoPfZsRIVk1Nduj K7MF93YJ8xeEuivrtqnQhtl53sikvDgKXig/AFBcLCYvKW/KeJmC0jt62GvbiXr7kfvN NooANgqXJibR25XKhm/8fML3KwVft9LoofwiEHYKiCS43uy5FhKTvqpmwUzKTksdmO16 rLw7sZx/4MPUr7Gn4Y3fwhODGR1/R7xPOhVbCoWlwyHQXMkyjDFCihk6aNo0QHCnc315 8Hnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=oXtSAhaMSvb7wa3DpYbH9ZCiGWMXaqYQf8OpPqeQiYo=; b=YZHQ3HmZWI1sV6aye4Yh6xOPjhyVff5bVWJe4Z+lXYYj1wc2SJzfoyrWj0UBGZwsX7 ZNVE4wz1h+tZYNv4KNJsfwdnfyFiEJg7BU6Gzw9dPJvWXfFs3CCXQej0b7C1npzWM2yJ DMN4oHorMKhHWJ+2mymYNul4VbYhVxo7ag055OX3eYddQAl7QJ8gjL1kSvyAep2eYt5S uizo8QlAnyZPBkO8zidAZGcnYtb8vsuruiAeOiFndO1KxjeJ6s3p33Ca5JzrjpDq2ISP PeFCJcUzukCm69vhQ7tgFBR7Jgms05maN64glE34s7/QlLlrQ4TA1zmGsb9T9uF3DB7i flbw== X-Gm-Message-State: AO0yUKX27NovMRjxxxgAIIMhK0GtIIzOMO/a7gGUl4AjJga2iX9YueZT B0IzRpxWyD9VJiT/JsZOeAE= X-Google-Smtp-Source: AK7set+CIa2nBLmoYoI90RvzKcohTR6nG5zYWWP24fxauW7KOKdrKxj9W8mnoSTN6Ba+zBUmID7RlQ== X-Received: by 2002:ac8:5906:0:b0:3bf:bb9a:8e44 with SMTP id 6-20020ac85906000000b003bfbb9a8e44mr7153917qty.4.1677901164550; Fri, 03 Mar 2023 19:39:24 -0800 (PST) Received: from hurd (dsl-10-129-180.b2b2c.ca. [72.10.129.180]) by smtp.gmail.com with ESMTPSA id d11-20020a05620a158b00b0073b8745fd39sm2951557qkk.110.2023.03.03.19.39.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Mar 2023 19:39:24 -0800 (PST) From: Maxim Cournoyer References: <20230217180402.29401-1-code@greghogan.com> <87y1os36js.fsf@gmail.com> <867cvxzlz4.fsf@gmail.com> Date: Fri, 03 Mar 2023 22:39:23 -0500 In-Reply-To: <867cvxzlz4.fsf@gmail.com> (Simon Tournier's message of "Fri, 03 Mar 2023 20:14:07 +0100") Message-ID: <87v8jh2nis.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: X-Migadu-Spam-Score: -1.10 X-Spam-Score: -1.10 X-Migadu-Scanner: scn0.migadu.com X-Migadu-Queue-Id: E766810C81 List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-TUID: HSq0WMkPvJZd Hi Simon, Simon Tournier writes: > Hi, > > CC: core team > > On Mon, 20 Feb 2023 at 12:44, Simon Tournier w= rote: > >> On ven., 17 f=C3=A9vr. 2023 at 18:04, Greg Hogan wr= ote: > >>> * gnu/packages/version-control.scm (git): Update to 2.39.2. >> >> As noticed previously for an update of Git, this implies a lot of >> rebuilds because git-minimal inherits from git. > > Well, I locally rebuilt all and maybe a couple of packages break. The > rebuild is intensive and I do not know if such update should to master > or core-updates and/or use some grafts. > > For instance, QA is still saying nothing after 12 days. > > https://qa.guix.gnu.org/issue/61583 > > >> Well, I am checking if git-minimal is used only for the tests by some of >> the packages. > > I have tried to replace the plain =E2=80=99git=E2=80=99 or =E2=80=99git-m= inimal=E2=80=99 by > =E2=80=99git-minimal/pinned=E2=80=99 for some packages. It does not chan= ge much. > > >> For sure, it is a concern since it is a security fixes. > > Hum, we are not very reactive. :-) I think the number of rebuilt packages is in the thousands, so that's a core-updates change. On master it should be grafted instead, if that's possible. --=20 Thanks, Maxim