bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-

From:	Ludovic Courtès
Subject:	bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]
Date:	Fri, 30 Jun 2017 00:27:57 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> On Thu, Jun 29, 2017 at 10:06:08PM +0200, Ludovic Courtès wrote:
>> Leo, let me know when you feel that we should start a new evaluation.
>
> First I want to ungraft today's libgcrypt and poppler replacements.
>
> I also want to apply the attached patch so we can stop using
> libgcrypt-1.5 with Shishi, and instead use the latest libgcrypt. This
> patch does require us to re-bootstrap Shishi, but I think it's worth it
> if it means we can drop the older libgcrypt package. Does anyone have
> feedback on this patch?

It’s a good idea.

> I'll do some local testing of this change in the next few hours and then
> start the evaluation.
>
> From 83fcaa7aac05f499a985ec02db55458e2d719de3 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <address@hidden>
> Date: Thu, 29 Jun 2017 04:11:18 -0400
> Subject: [PATCH] gnu: shishi: Build with latest libgcrypt.
>
> * gnu/packages/patches/shishi-fix-libgcrypt-detection.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/kerberos.scm (shishi)[source]: Use it.
> [inputs]: Replace libgcrypt-1.5 with libgcrypt.
> [native-inputs]: Add bootstrapping inputs.
> [arguments]: Add a 'bootstrap' phase.
> * gnu/packages/gnupg.scm (libgcrypt-1.5): Remove variable.

[...]

>        (method url-fetch)
>        (uri (string-append "mirror://gnu/shishi/shishi-"
>                            version ".tar.gz"))
> +      (patches (search-patches "shishi-fix-libgcrypt-detection.patch"))
>        (sha256
>         (base32
>          "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
>      (build-system gnu-build-system)
> -    (native-inputs `(("pkg-config" ,pkg-config)))
> +    (arguments
> +     `(#:phases
> +       (modify-phases %standard-phases
> +         (add-before 'configure 'bootstrap
> +           (lambda _ (zero? (system* "autoreconf" "-vfi")))))))
> +    (native-inputs `(("pkg-config" ,pkg-config)
> +                     ;; XXX For bootstrapping. Remove for the next Shishi
> +                     ;; release after 1.0.2.
> +                     ("autoconf" ,autoconf)
> +                     ("automake" ,automake)
> +                     ("gettext" ,gnu-gettext)
> +                     ("libtool" ,libtool)
> +                     ("texinfo" ,texinfo)))

I think you can achieve the same result but without adding these
dependencies etc. just by adding:

  #:configure-flags '("ac_cv_libgcrypt=yes")

which I think is marginally better (but no big deal).

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27429: Stack clash (CVE-2017-1000366 etc), (continued)

Prev by Date: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]
Next by Date: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]
Previous by thread: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]
Next by thread: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]
Index(es):
- Date
- Thread