GNU bug report logs -
#47941
guix lint -c cve stacktrace
Previous Next
Reported by: Jack Hill <jackhill <at> jackhill.us>
Date: Wed, 21 Apr 2021 20:31:01 UTC
Severity: normal
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 47941 in the body.
You can then email your comments to 47941 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#47941
; Package
guix
.
(Wed, 21 Apr 2021 20:31:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jack Hill <jackhill <at> jackhill.us>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Wed, 21 Apr 2021 20:31:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Guix,
Using guix ae5128e21eb7afa66bd7cfd7fd1bc5764d00663e, the cve lint check
fails when fetching the CVE database as follows:
$ guix lint -c cve hello
fetching CVE database for 2021...
Backtrace:
15 (primitive-load "/home/jackhill/.config/guix/current/bi…")
In guix/ui.scm:
2164:12 14 (run-guix-command _ . _)
In ice-9/boot-9.scm:
1736:10 13 (with-exception-handler _ _ #:unwind? _ # _)
1731:15 12 (with-exception-handler #<procedure 7f895ab7d000 at ic…> …)
In srfi/srfi-1.scm:
634:9 11 (for-each #<procedure 7f895ab84d80 at guix/scripts/lin…> …)
In guix/scripts/lint.scm:
65:4 10 (run-checkers _ _ #:store _)
In srfi/srfi-1.scm:
634:9 9 (for-each #<procedure 7f895420bc00 at guix/scripts/lin…> …)
In guix/scripts/lint.scm:
74:21 8 (_ _)
In guix/lint.scm:
1178:4 7 (check-vulnerabilities _ _)
1170:9 6 (_ _)
In unknown file:
5 (force #<promise #<procedure 7f895af13a88 at guix/lint.…>)
In guix/lint.scm:
1153:2 4 (_)
1112:2 3 (call-with-networking-fail-safe _ _ _)
In ice-9/boot-9.scm:
1736:10 2 (with-exception-handler _ _ #:unwind? _ # _)
1669:16 1 (raise-exception _ #:continuable? _)
1667:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1667:16: In procedure raise-exception:
Wrong type (expecting array): #f
Best,
Jack
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
You have taken responsibility.
(Wed, 21 Apr 2021 22:05:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Jack Hill <jackhill <at> jackhill.us>
:
bug acknowledged by developer.
(Wed, 21 Apr 2021 22:05:01 GMT)
Full text and
rfc822 format available.
Message #10 received at 47941-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Jack Hill <jackhill <at> jackhill.us> skribis:
> Using guix ae5128e21eb7afa66bd7cfd7fd1bc5764d00663e, the cve lint
> check fails when fetching the CVE database as follows:
>
> $ guix lint -c cve hello
> fetching CVE database for 2021...
> Backtrace:
> 15 (primitive-load "/home/jackhill/.config/guix/current/bi…")
> In guix/ui.scm:
> 2164:12 14 (run-guix-command _ . _)
> In ice-9/boot-9.scm:
> 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _)
> 1731:15 12 (with-exception-handler #<procedure 7f895ab7d000 at ic…> …)
> In srfi/srfi-1.scm:
> 634:9 11 (for-each #<procedure 7f895ab84d80 at guix/scripts/lin…> …)
> In guix/scripts/lint.scm:
> 65:4 10 (run-checkers _ _ #:store _)
> In srfi/srfi-1.scm:
> 634:9 9 (for-each #<procedure 7f895420bc00 at guix/scripts/lin…> …)
> In guix/scripts/lint.scm:
> 74:21 8 (_ _)
> In guix/lint.scm:
> 1178:4 7 (check-vulnerabilities _ _)
> 1170:9 6 (_ _)
> In unknown file:
> 5 (force #<promise #<procedure 7f895af13a88 at guix/lint.…>)
> In guix/lint.scm:
> 1153:2 4 (_)
> 1112:2 3 (call-with-networking-fail-safe _ _ _)
> In ice-9/boot-9.scm:
> 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _)
> 1669:16 1 (raise-exception _ #:continuable? _)
> 1667:16 0 (raise-exception _ #:continuable? _)
>
> ice-9/boot-9.scm:1667:16: In procedure raise-exception:
> Wrong type (expecting array): #f
Fixed:
https://git.savannah.gnu.org/cgit/guix.git/commit/?id=7dbc2fcb45fac4a0b64fef8efa8c858a047d0498
It looks like a couple of bogus CVE entries crept in. It’s surprising
because we never encountered such issues before, so I wonder if MITRE
changed something on their side.
Thanks,
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Thu, 20 May 2021 11:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 2 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.