Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-13 Thread Mark H Weaver 
l...@gnu.org (Ludovic Courtès) writes:

> Leo Famulari  skribis:
>
>> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>>> Leo Famulari  writes:
>>> 
>>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>>> >> (ed)[replacement]: New field.
>>> >
>>> > Can you add a comment with a link to the bug report?
>>> >
>>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html
>>> 
>>> Good find. I wonder, was this issue only present in the unreleased
>>> 1.14.0? I can't reproduce it with the current Guix version.
>>
>> Good catch; I can only reproduce it with 1.14, and the ed maintainer
>> points out that it was introduced in 1.14.
>>
>>> I'll wait and see what the response on oss-sec is. Maybe we can just
>>> push the update to core-updates.
>>
>> I think it's fine for core-updates.
>
> With 200 dependent packages, it could even go to ‘master’.

"guix refresh -l" is _way_ off in this case.  'ed' is a native-input for
'patch', which is of course entails a full rebuild.

   Mark

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-13 Thread Marius Bakke 
Ludovic Courtès  writes:

> Leo Famulari  skribis:
>
>> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>>> Leo Famulari  writes:
>>> 
>>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>>> >> (ed)[replacement]: New field.
>>> >
>>> > Can you add a comment with a link to the bug report?
>>> >
>>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html
>>> 
>>> Good find. I wonder, was this issue only present in the unreleased
>>> 1.14.0? I can't reproduce it with the current Guix version.
>>
>> Good catch; I can only reproduce it with 1.14, and the ed maintainer
>> points out that it was introduced in 1.14.
>>
>>> I'll wait and see what the response on oss-sec is. Maybe we can just
>>> push the update to core-updates.
>>
>> I think it's fine for core-updates.
>
> With 200 dependent packages, it could even go to ‘master’.
>
>   https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html

When I first built it on 'master', Guix went ahead and downloaded the
bootstrap binaries, so I suspect `guix refresh` fails to recognize the
full scope of this update.

'ed' is used as a native-input for 'patch', could that be related?


signature.asc
Description: PGP signature

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-13 Thread Ludovic Courtès 
Leo Famulari  skribis:

> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>> Leo Famulari  writes:
>> 
>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>> >> (ed)[replacement]: New field.
>> >
>> > Can you add a comment with a link to the bug report?
>> >
>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html
>> 
>> Good find. I wonder, was this issue only present in the unreleased
>> 1.14.0? I can't reproduce it with the current Guix version.
>
> Good catch; I can only reproduce it with 1.14, and the ed maintainer
> points out that it was introduced in 1.14.
>
>> I'll wait and see what the response on oss-sec is. Maybe we can just
>> push the update to core-updates.
>
> I think it's fine for core-updates.

With 200 dependent packages, it could even go to ‘master’.

  https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html

Ludo’.

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-12 Thread Marius Bakke 
Leo Famulari  writes:

> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
>> Leo Famulari  writes:
>> 
>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>> >> (ed)[replacement]: New field.
>> >
>> > Can you add a comment with a link to the bug report?
>> >
>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html
>> 
>> Good find. I wonder, was this issue only present in the unreleased
>> 1.14.0? I can't reproduce it with the current Guix version.
>
> Good catch; I can only reproduce it with 1.14, and the ed maintainer
> points out that it was introduced in 1.14.
>
>> I'll wait and see what the response on oss-sec is. Maybe we can just
>> push the update to core-updates.
>
> I think it's fine for core-updates.

Me too; pushed. Thanks for checking!


signature.asc
Description: PGP signature

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-12 Thread Leo Famulari 
On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote:
> Leo Famulari  writes:
> 
> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
> >> * gnu/packages/ed.scm (ed-1.14.1): New variable.
> >> (ed)[replacement]: New field.
> >
> > Can you add a comment with a link to the bug report?
> >
> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html
> 
> Good find. I wonder, was this issue only present in the unreleased
> 1.14.0? I can't reproduce it with the current Guix version.

Good catch; I can only reproduce it with 1.14, and the ed maintainer
points out that it was introduced in 1.14.

> I'll wait and see what the response on oss-sec is. Maybe we can just
> push the update to core-updates.

I think it's fine for core-updates.


signature.asc
Description: PGP signature

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-12 Thread Marius Bakke 
Leo Famulari  writes:

> On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
>> * gnu/packages/ed.scm (ed-1.14.1): New variable.
>> (ed)[replacement]: New field.
>
> Can you add a comment with a link to the bug report?
>
> https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html

Good find. I wonder, was this issue only present in the unreleased
1.14.0? I can't reproduce it with the current Guix version.

I'll wait and see what the response on oss-sec is. Maybe we can just
push the update to core-updates.


signature.asc
Description: PGP signature

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-12 Thread Leo Famulari 
On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
> * gnu/packages/ed.scm (ed-1.14.1): New variable.
> (ed)[replacement]: New field.

Can you add a comment with a link to the bug report?

https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html

LGTM!

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-12 Thread Marius Bakke 
John Darrington  writes:

> Why bother with the replacement?  Why not just upgrade it?

It's always a good sign when you update a package, and Guix goes along
and downloads the bootstrap binaries :-)

`guix refresh` seems to have some problems with packages used in early
bootstrap. 'ed' is a native-input for 'patch', which I think causes
"everything" to rebuild.



signature.asc
Description: PGP signature

Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].

2017-01-12 Thread John Darrington 
Why bother with the replacement?  Why not just upgrade it?

J'

On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote:
 * gnu/packages/ed.scm (ed-1.14.1): New variable.
 (ed)[replacement]: New field.
 ---
  gnu/packages/ed.scm | 13 +
  1 file changed, 13 insertions(+)
 
 diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm
 index 3668aac19..c51a4b82f 100644
 --- a/gnu/packages/ed.scm
 +++ b/gnu/packages/ed.scm
 @@ -28,6 +28,7 @@
  (define-public ed
(package
  (name "ed")
 +(replacement ed-1.14.1)
  (version "1.13")
  (source (origin
   (method url-fetch)
 @@ -55,3 +56,15 @@ interactively and via shell scripts.  Its method of 
command input allows
  complex tasks to be performed in an automated way.  GNU ed offers several
  extensions over the standard utility.")
  (license gpl3+)))
 +
 +(define ed-1.14.1
 +  (package (inherit ed)
 +   (source
 +(let ((version "1.14.1"))
 +  (origin
 +(method url-fetch)
 +(uri (string-append "mirror://gnu/ed/ed-"
 +version ".tar.lz"))
 +(sha256
 + (base32
 +  
"0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz")))
 -- 
 2.11.0
 

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.



signature.asc
Description: Digital signature