While working on some package updates, I found that the source code
downloader will accept an X.509 certificate for an incorrect site.
Here is what happens:
--
$ ./pre-inst-env guix build -S opus-tools --check
@ build-started
/gnu/store/nn93hkik8kvrigcf2pvmym01zg7jqm4v-opus-tools-0.1.10.tar.
Hi Efraim,
Thanks so much for working on this!
Grafting glibc is something we haven't done before to my knowledge, and
it is a bit tricky because of all of the inherited versions of glibc.
At present, those inherited versions are not expressed in such a way to
make grafting work.
One important t
On Mon, Jun 19, 2017 at 08:34:57PM -0400, Leo Famulari wrote:
> On Mon, Jun 19, 2017 at 08:29:56PM -0400, Leo Famulari wrote:
> > Starting download of
> > /gnu/store/x8x9s119g1xhdxrzaka35lx4p45qd3vg-linux-libre-4.4.47-gnu.tar.xz
> > From ftp://alpha.gnu.org/gnu/guix/mirror/linux-libre-4.4.47-gnu.t
On Tue, Jun 20, 2017 at 10:18:57AM +0300, Efraim Flashner wrote:
> Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366.
>
> * gnu/packages/base.scm (glibc)[replacement]: New field.
> (glibc-2.25-fixed): New variable.
> (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patch.
> [replace
On Mon, Jun 19, 2017 at 08:49:20PM -0400, Leo Famulari wrote:
> On the glibc bugs (CVE-2016-1000366), civodul said:
>
> [21:02:26] lfam: i *think* GuixSD is immune to the
> LD_LIBRARY_PATH one, FWIW
> [...]
> [21:02:43] lfam: because of the way is_trusted_path works
> in glib
