Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
l...@gnu.org (Ludovic Courtès) writes: > Leo Famulariskribis: > >> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote: >>> Leo Famulari writes: >>> >>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: >>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable. >>> >> (ed)[replacement]: New field. >>> > >>> > Can you add a comment with a link to the bug report? >>> > >>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html >>> >>> Good find. I wonder, was this issue only present in the unreleased >>> 1.14.0? I can't reproduce it with the current Guix version. >> >> Good catch; I can only reproduce it with 1.14, and the ed maintainer >> points out that it was introduced in 1.14. >> >>> I'll wait and see what the response on oss-sec is. Maybe we can just >>> push the update to core-updates. >> >> I think it's fine for core-updates. > > With 200 dependent packages, it could even go to ‘master’. "guix refresh -l" is _way_ off in this case. 'ed' is a native-input for 'patch', which is of course entails a full rebuild. Mark
Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
Ludovic Courtèswrites: > Leo Famulari skribis: > >> On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote: >>> Leo Famulari writes: >>> >>> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: >>> >> * gnu/packages/ed.scm (ed-1.14.1): New variable. >>> >> (ed)[replacement]: New field. >>> > >>> > Can you add a comment with a link to the bug report? >>> > >>> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html >>> >>> Good find. I wonder, was this issue only present in the unreleased >>> 1.14.0? I can't reproduce it with the current Guix version. >> >> Good catch; I can only reproduce it with 1.14, and the ed maintainer >> points out that it was introduced in 1.14. >> >>> I'll wait and see what the response on oss-sec is. Maybe we can just >>> push the update to core-updates. >> >> I think it's fine for core-updates. > > With 200 dependent packages, it could even go to ‘master’. > > https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html When I first built it on 'master', Guix went ahead and downloaded the bootstrap binaries, so I suspect `guix refresh` fails to recognize the full scope of this update. 'ed' is used as a native-input for 'patch', could that be related? signature.asc Description: PGP signature
Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
Leo Famulariskribis: > On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote: >> Leo Famulari writes: >> >> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: >> >> * gnu/packages/ed.scm (ed-1.14.1): New variable. >> >> (ed)[replacement]: New field. >> > >> > Can you add a comment with a link to the bug report? >> > >> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html >> >> Good find. I wonder, was this issue only present in the unreleased >> 1.14.0? I can't reproduce it with the current Guix version. > > Good catch; I can only reproduce it with 1.14, and the ed maintainer > points out that it was introduced in 1.14. > >> I'll wait and see what the response on oss-sec is. Maybe we can just >> push the update to core-updates. > > I think it's fine for core-updates. With 200 dependent packages, it could even go to ‘master’. https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html Ludo’.
Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
Leo Famulariwrites: > On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote: >> Leo Famulari writes: >> >> > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: >> >> * gnu/packages/ed.scm (ed-1.14.1): New variable. >> >> (ed)[replacement]: New field. >> > >> > Can you add a comment with a link to the bug report? >> > >> > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html >> >> Good find. I wonder, was this issue only present in the unreleased >> 1.14.0? I can't reproduce it with the current Guix version. > > Good catch; I can only reproduce it with 1.14, and the ed maintainer > points out that it was introduced in 1.14. > >> I'll wait and see what the response on oss-sec is. Maybe we can just >> push the update to core-updates. > > I think it's fine for core-updates. Me too; pushed. Thanks for checking! signature.asc Description: PGP signature
Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
On Thu, Jan 12, 2017 at 10:56:51PM +0100, Marius Bakke wrote: > Leo Famulariwrites: > > > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: > >> * gnu/packages/ed.scm (ed-1.14.1): New variable. > >> (ed)[replacement]: New field. > > > > Can you add a comment with a link to the bug report? > > > > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html > > Good find. I wonder, was this issue only present in the unreleased > 1.14.0? I can't reproduce it with the current Guix version. Good catch; I can only reproduce it with 1.14, and the ed maintainer points out that it was introduced in 1.14. > I'll wait and see what the response on oss-sec is. Maybe we can just > push the update to core-updates. I think it's fine for core-updates. signature.asc Description: PGP signature
Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
Leo Famulariwrites: > On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: >> * gnu/packages/ed.scm (ed-1.14.1): New variable. >> (ed)[replacement]: New field. > > Can you add a comment with a link to the bug report? > > https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html Good find. I wonder, was this issue only present in the unreleased 1.14.0? I can't reproduce it with the current Guix version. I'll wait and see what the response on oss-sec is. Maybe we can just push the update to core-updates. signature.asc Description: PGP signature
Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: > * gnu/packages/ed.scm (ed-1.14.1): New variable. > (ed)[replacement]: New field. Can you add a comment with a link to the bug report? https://lists.gnu.org/archive/html/bug-ed/2017-01/msg0.html LGTM!
Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
John Darringtonwrites: > Why bother with the replacement? Why not just upgrade it? It's always a good sign when you update a package, and Guix goes along and downloads the bootstrap binaries :-) `guix refresh` seems to have some problems with packages used in early bootstrap. 'ed' is a native-input for 'patch', which I think causes "everything" to rebuild. signature.asc Description: PGP signature
Re: [PATCH] gnu: ed: Replace with 1.14.1 [fixes security issues].
Why bother with the replacement? Why not just upgrade it? J' On Thu, Jan 12, 2017 at 09:13:53PM +0100, Marius Bakke wrote: * gnu/packages/ed.scm (ed-1.14.1): New variable. (ed)[replacement]: New field. --- gnu/packages/ed.scm | 13 + 1 file changed, 13 insertions(+) diff --git a/gnu/packages/ed.scm b/gnu/packages/ed.scm index 3668aac19..c51a4b82f 100644 --- a/gnu/packages/ed.scm +++ b/gnu/packages/ed.scm @@ -28,6 +28,7 @@ (define-public ed (package (name "ed") +(replacement ed-1.14.1) (version "1.13") (source (origin (method url-fetch) @@ -55,3 +56,15 @@ interactively and via shell scripts. Its method of command input allows complex tasks to be performed in an automated way. GNU ed offers several extensions over the standard utility.") (license gpl3+))) + +(define ed-1.14.1 + (package (inherit ed) + (source +(let ((version "1.14.1")) + (origin +(method url-fetch) +(uri (string-append "mirror://gnu/ed/ed-" +version ".tar.lz")) +(sha256 + (base32 + "0ajm69pma7gigddlrq2qi4dsllz9vhm8gqwpkcdagdd2yaw7xfgz"))) -- 2.11.0 -- Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. signature.asc Description: Digital signature