#47614 - [security] Chunked store references in .zo files in Racket 8

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #33 received at 47614-done@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47614-done) by debbugs.gnu.org; 17 Apr 2021 09:27:45 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 17 05:27:45 2021
Received: from localhost ([127.0.0.1]:42290 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lXhEv-0008E8-B2
	for submit@debbugs.gnu.org; Sat, 17 Apr 2021 05:27:45 -0400
Received: from world.peace.net ([64.112.178.59]:44758)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mhw@netris.org>) id 1lXhEr-0008Du-71
 for 47614-done@debbugs.gnu.org; Sat, 17 Apr 2021 05:27:43 -0400
Received: from mhw by world.peace.net with esmtpsa
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mhw@netris.org>)
 id 1lXhEl-0000Td-Ch; Sat, 17 Apr 2021 05:27:35 -0400
From: Mark H Weaver <mhw@netris.org>
To: Ludovic Courtès <ludo@gnu.org>, Philip McGrath
 <philip@philipmcgrath.com>
Subject: Re: bug#47614: [security] Chunked store references in .zo files in
 Racket 8
In-Reply-To: <87blae44gx.fsf_-_@gnu.org>
References: <7eaf8b95-5550-66e1-fda2-d691255b49d7@philipmcgrath.com>
 <2abc59d0-905e-ab0c-ae25-bf572f34fcd5@philipmcgrath.com>
 <87blae44gx.fsf_-_@gnu.org>
Date: Sat, 17 Apr 2021 05:25:47 -0400
Message-ID: <87h7k58dop.fsf@netris.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47614-done
Cc: 47614-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Ludovic Courtès <ludo@gnu.org> writes:
> IIUC, now that <https://issues.guix.gnu.org/47180> has been closed,
> this bug is fixed.  Am I right?

Yes, I believe so.  All store items referenced by Racket now seem to be
properly grafted, so I'm closing this bug now.

The more general issue with the grafting code--namely that since commit
57bdd79e48, it no longer has the desirable property of checking every
byte against an expected value before rewriting it, which can lead to
silent corruption of files such as Racket .zo files if any store items
references sneak in--can be addressed in another bug report.

     Thanks,
       Mark

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:38:25 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#47614 [security] Chunked store references in .zo files in Racket 8