[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47144: security patching of 'patch' package
From: |
Maxim Cournoyer |
Subject: |
bug#47144: security patching of 'patch' package |
Date: |
Tue, 22 Mar 2022 23:03:47 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Ludovic Courtès <ludo@gnu.org> writes:
> Hi,
>
> Léo Le Bouter via Bug reports for GNU Guix <bug-guix@gnu.org> skribis:
>
>> * gnu/packages/base.scm (patch/fixed): New variable.
>> (patch)[replacement]: Graft.
>
> It’s (almost) useless to provide a graft of ‘patch’ because patch is
> usually a build-time only dependency. (Maybe we can tell it’s not
> vulnerable to the issues at hand because in that context it’s always
> given controlled input: the package patches.)
>
> What could be useful is to provide a second version of patch so that
> people running ‘guix install patch’ or similar get the newer version.
The latest release of patch is the one we have, v2.7.6, made 4 years
ago.
Thanks,
Maxim
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#47144: security patching of 'patch' package,
Maxim Cournoyer <=