From debbugs-submit-bounces@debbugs.gnu.org Sat Dec 02 04:55:15 2017 Received: (at 27943) by debbugs.gnu.org; 2 Dec 2017 09:55:15 +0000 Received: from localhost ([127.0.0.1]:40986 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eL4Vu-0000t8-Qj for submit@debbugs.gnu.org; Sat, 02 Dec 2017 04:55:15 -0500 Received: from [141.255.128.1] (port=36486 helo=hera.aquilenet.fr) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eL4Vq-0000sx-Qt for 27943@debbugs.gnu.org; Sat, 02 Dec 2017 04:55:13 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 267E1F096; Sat, 2 Dec 2017 10:55:12 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIoTjxlvxRph; Sat, 2 Dec 2017 10:55:09 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 73F75EEA6; Sat, 2 Dec 2017 10:55:09 +0100 (CET) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Efraim Flashner Subject: Re: bug#27943: tar complains about too-long names (guix release) References: <20170804092212.77f65fef@scratchpost.org> <87shcyzdhg.fsf@gnu.org> <20171130130510.GT991@macbook41> <877eu750rb.fsf@gnu.org> <20171130214901.GA19582@macbook41> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 12 Frimaire an 226 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sat, 02 Dec 2017 10:55:05 +0100 In-Reply-To: <20171130214901.GA19582@macbook41> (Efraim Flashner's message of "Thu, 30 Nov 2017 23:49:01 +0200") Message-ID: <87po7x3152.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 2.2 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Efraim Flashner skribis: > From ad48d84c8659985d706cfe2f8e07314d6017611a Mon Sep 17 00:00:00 2001 > From: Efraim Flashner > Date: Thu, 30 Nov 2017 23:41:29 +0200 > Subject: [PATCH 1/2] lint: 'check-vulnerabilities' also checks package > properties. > > * guix/scripts/lint.scm (check-vulnerabilities): Also check for CVEs > listed as mitigated in the package properties. > --- > guix/scripts/lint.scm | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm > index 1b43b0a63..8112595c8 100644 > --- a/guix/scripts/lint.scm > +++ b/guix/scripts/lint.scm > @@ -7,6 +7,7 @@ > ;;; Copyright © 2016 Hartmut Goebel > ;;; Copyright © 2017 Alex Kost > ;;; Copyright © 2017 Tobias Geerinckx-Rice > +;;; Copyright © 2017 Efraim Flashner > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -881,10 +882,11 @@ the NIST server non-fatal." > (or (and=> (package-source package) > origin-patches) > '()))) > + (known-safe (assq-ref (package-properties package) 'fixed-vulnerabilities)) [...] Content analysis details: (2.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=helo;id=hera.aquilenet.fr;ip=141.255.128.1;r=debbugs.gnu.org] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Debbugs-Envelope-To: 27943 Cc: Danny Milosavljevic , 27943@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.2 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Efraim Flashner skribis: > From ad48d84c8659985d706cfe2f8e07314d6017611a Mon Sep 17 00:00:00 2001 > From: Efraim Flashner > Date: Thu, 30 Nov 2017 23:41:29 +0200 > Subject: [PATCH 1/2] lint: 'check-vulnerabilities' also checks package > properties. > > * guix/scripts/lint.scm (check-vulnerabilities): Also check for CVEs > listed as mitigated in the package properties. > --- > guix/scripts/lint.scm | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm > index 1b43b0a63..8112595c8 100644 > --- a/guix/scripts/lint.scm > +++ b/guix/scripts/lint.scm > @@ -7,6 +7,7 @@ > ;;; Copyright © 2016 Hartmut Goebel > ;;; Copyright © 2017 Alex Kost > ;;; Copyright © 2017 Tobias Geerinckx-Rice > +;;; Copyright © 2017 Efraim Flashner > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -881,10 +882,11 @@ the NIST server non-fatal." > (or (and=> (package-source package) > origin-patches) > '()))) > + (known-safe (assq-ref (package-properties package) 'fixed-vulnerabilities)) [...] Content analysis details: (2.2 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=helo;id=hera.aquilenet.fr;ip=141.255.128.1;r=debbugs.gnu.org] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS Efraim Flashner skribis: > From ad48d84c8659985d706cfe2f8e07314d6017611a Mon Sep 17 00:00:00 2001 > From: Efraim Flashner > Date: Thu, 30 Nov 2017 23:41:29 +0200 > Subject: [PATCH 1/2] lint: 'check-vulnerabilities' also checks package > properties. > > * guix/scripts/lint.scm (check-vulnerabilities): Also check for CVEs > listed as mitigated in the package properties. > --- > guix/scripts/lint.scm | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm > index 1b43b0a63..8112595c8 100644 > --- a/guix/scripts/lint.scm > +++ b/guix/scripts/lint.scm > @@ -7,6 +7,7 @@ > ;;; Copyright =C2=A9 2016 Hartmut Goebel > ;;; Copyright =C2=A9 2017 Alex Kost > ;;; Copyright =C2=A9 2017 Tobias Geerinckx-Rice > +;;; Copyright =C2=A9 2017 Efraim Flashner > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -881,10 +882,11 @@ the NIST server non-fatal." > (or (and=3D> (package-source packag= e) > origin-patches) > '()))) > + (known-safe (assq-ref (package-properties package) 'fixed-= vulnerabilities)) Can you change that to =E2=80=98lint-hidden-cve=E2=80=99 as Leo suggested? > (unpatched (remove (lambda (vuln) > (find (cute string-contains > <> (vulnerability-id vuln)) > - patches)) > + (append patches known-safe))) > vulnerabilities))) To be accurate, we=E2=80=99d rather do: (remove (lambda (vuln) (let ((id (vulnerability-id vuln))) (or (find =E2=80=A6 patches) (member id known-safe)))) =E2=80=A6) Also could you add a simple test in tests/lint.scm? You can start from one of the existing CVE tests in there and just add a =E2=80=98properties= =E2=80=99 field to the test package. Thank you! Ludo=E2=80=99.