gnu: bash: Use the bootstrap Guile in 'url-fetch/reset-patch-level'.
Fixes <http://bugs.gnu.org/25775>.
Reported by Sirgazil, Ricardo Wurmus, Andy Wingo, and others.
* guix/download.scm (in-band-download): Always use GUILE. This reverts
9f05908fb1
.
* gnu/packages/bash.scm (url-fetch/reset-patch-level): Remove #:guile.
Pass %BOOTSTRAP-GUILE as #:guile to 'url-fetch'. Remove #:guile-for-build
argument in 'gexp->derivation' call.
master
parent
faa65e2735
commit
6c5b56f9fa
|
@ -21,6 +21,7 @@
|
|||
(define-module (gnu packages bash)
|
||||
#:use-module (guix licenses)
|
||||
#:use-module (gnu packages)
|
||||
#:use-module (gnu packages bootstrap)
|
||||
#:use-module (gnu packages ncurses)
|
||||
#:use-module (gnu packages readline)
|
||||
#:use-module (gnu packages bison)
|
||||
|
@ -243,14 +244,17 @@ without modification.")
|
|||
|
||||
(define* (url-fetch/reset-patch-level url hash-algo hash
|
||||
#:optional name
|
||||
#:key (system (%current-system)) guile)
|
||||
#:key (system (%current-system)))
|
||||
"Fetch the Bash patch from URL and reset its 'PATCHLEVEL' definition so it
|
||||
can apply to a patch-level 0 Bash."
|
||||
;; Note: Forcefully use %BOOTSTRAP-GUILE here to work around bootstrapping
|
||||
;; issues when using a daemon that lacks the "download" built-in. See
|
||||
;; <https://bugs.gnu.org/25775>.
|
||||
(mlet* %store-monad ((name -> (or name (basename url)))
|
||||
(patch (url-fetch url hash-algo hash
|
||||
(string-append name ".orig")
|
||||
#:system system
|
||||
#:guile guile)))
|
||||
#:guile %bootstrap-guile)))
|
||||
(gexp->derivation name
|
||||
(with-imported-modules '((guix build utils))
|
||||
#~(begin
|
||||
|
@ -259,7 +263,6 @@ can apply to a patch-level 0 Bash."
|
|||
(substitute* #$output
|
||||
(("PATCHLEVEL [0-6]+")
|
||||
"PATCHLEVEL 0"))))
|
||||
#:guile-for-build guile
|
||||
#:system system)))
|
||||
|
||||
(define bash/fixed ;CVE-2017-5932 (RCE with completion)
|
||||
|
|
|
@ -418,10 +418,7 @@ GnuTLS itself and its dependencies. See <http://bugs.gnu.org/22774>."
|
|||
;; hash of the expected result.
|
||||
#:verify-certificate? #f)))))
|
||||
|
||||
(mlet %store-monad ((guile (package->derivation
|
||||
(or guile
|
||||
(@@ (gnu packages bootstrap) %bootstrap-guile))
|
||||
system)))
|
||||
(mlet %store-monad ((guile (package->derivation guile system)))
|
||||
(gexp->derivation file-name builder
|
||||
#:guile-for-build guile
|
||||
#:system system
|
||||
|
|
Reference in New Issue