From debbugs-submit-bounces@debbugs.gnu.org Tue May 25 15:07:14 2021 Received: (at 48656) by debbugs.gnu.org; 25 May 2021 19:07:14 +0000 Received: from localhost ([127.0.0.1]:46772 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llcOY-0000vN-2k for submit@debbugs.gnu.org; Tue, 25 May 2021 15:07:14 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:44039) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1llcOX-0000v5-1V for 48656@debbugs.gnu.org; Tue, 25 May 2021 15:07:13 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 07DB95C0198; Tue, 25 May 2021 15:07:08 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 25 May 2021 15:07:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=58NHWTP0XqkA83zNdH1tnGYR pGndbHcLVuueiI5RTmk=; b=Q+laSKWNLp3mewnSNaqW+AYwgxel6/xJ8l3nmDXt Fvei6seY7i429UwppRjxL+OJXYdHwYhWsbfBfpU5Fy1O+1aIREreiIwWrfLz9FsK coHH3dELRbEHhLcGuydF063Lty7yhgqRWZkjsHKaBV9W535V1tjKzeu2VPtdzXZk Xes= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=58NHWT P0XqkA83zNdH1tnGYRpGndbHcLVuueiI5RTmk=; b=uau04qIqRN5keboL2K2RtN Uk+v/3Hwb2i7iGVe7+D2WrEhdYTz1z8dcyUpWR++S6hjOEUuHoRkE8nd4vBu9F4j oISu5x8nb6ZyJM/LdLtFHDdm7kG+hBClZA8xWtMmJY5K3UEQHcg3xSI8qBNUrDyq ZBLZIWJCjn+2w7xOkJrgqnm6vHAb2fTAxMTRzlyl/2eNOFspVs5EXNoS3z3QucYm tXnvNElNS+aY3ZTr0qwQnoqd7SVflAWqjE7JOzAzhQEUJLRA+UJAXHidYl2JJcAg /fXU6FhGWzw9B7FbUD2TlmiyuNZTyKH5yzWonztWTMdYENZspohdUpTSvRtOd0LQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdekuddgudefhecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhephefgleevhfdttdefheeitdfgheffffffledvlefhgfektdethefguefgheeg tefhnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepuddttddruddurdduie elrdduudeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhho mheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net [100.11.169.118]) by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 25 May 2021 15:07:07 -0400 (EDT) Date: Tue, 25 May 2021 15:07:05 -0400 From: Leo Famulari To: Solene Rapenne via Guix-patches via Subject: Re: [bug#48656] [PATCH] gnu: lz4: Add a patch for CVE-2021-3520. Message-ID: References: <20210525202407.383e1713@perso.pw> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210525202407.383e1713@perso.pw> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 48656 Cc: 48656@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Tue, May 25, 2021 at 08:24:07PM +0200, Solene Rapenne via Guix-patches via wrote: > This imports a patch that is not committed upstream yet > but pending for merge on github > > https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7 > > This is already widely used in many distributions distributing lz4 > > --- > gnu/packages/compression.scm | 7 +++++-- > gnu/packages/patches/lz4-CVE-2021-3520.patch | 15 +++++++++++++++ When adding a new patch file, you have to register it in 'gnu/local.mk'. Is there any discussion about this upstream? Why isn't it included in lz4 yet?