[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#56398: (guix git) fails to check out repos with nested submodules
|
From: |
bokr |
|
Subject: |
bug#56398: (guix git) fails to check out repos with nested submodules |
|
Date: |
Fri, 25 Nov 2022 00:51:43 +0100 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
Hi,
On +2022-11-24 12:17:01 -0300, André Batista wrote:
> Hi!
>
> qui 04 ago 2022 às 13:59:20 (1659632360), ludovic.courtes@inria.fr enviou:
> > I think we should instead report it upstream. Do you feel like doing
> > it? I guess we’d need to give them the C version of the three-line
> > snippet I gave earlier.
>
> Upstream issue #6433[1]
>
> Apparently, GIT_SUBMODULE_STATUS_WD_UNINITIALIZED isn't actually set
> in this scenario, only GIT_SUBMODULE_STATUS_IN_CONFIG.
>
> 1. https://github.com/libgit2/libgit2/issues/6433
>
>
>
Wondering if this[1] is all history in gnu/guix-land:
[1] <https://nvd.nist.gov/vuln/detail/CVE-2020-5260>
Wherein it says
--8<---------------cut here---------------start------------->8---
The problem has been patched in the versions published on
April 14th, 2020, going back to v2.17.x. Anyone wishing to
backport the change further can do so by applying commit
9a6bbee (the full release includes extra checks for git
fsck, but that commit is sufficient to protect clients
against the vulnerability). The patched versions are:
2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,
2.24.2, 2.25.3, 2.26.1.
--8<---------------cut here---------------end--------------->8---
Is there an automated tool to answer the question,
"What executables (command line directly, or indirectly (including
config-directed interpretation)) does my system contain
that have known vulnerabilities?"
BTW: Newsflash: :)
RMS paranoia now dernier-cri[3] as cited in [2]
[2] <https://www.theregister.com/2022/11/23/dod_cisa_omb_cybersecurity/>
[3] <https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-ZTStrategy.pdf>
Something[3] to get (more) serious about for gnu/guix?
--
Regards,
Bengt Richter