unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)
@ 2016-02-09 19:52 Christopher Allan Webber
  2016-02-09 20:15 ` Mark H Weaver
  0 siblings, 1 reply; 11+ messages in thread
From: Christopher Allan Webber @ 2016-02-09 19:52 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 533 bytes --]

Hello all,

New security release of libgcrypt:

> Hello!
> 
> The GNU project is pleased to announce the availability of Libgcrypt
> version 1.6.5.  This is a security fix release to mitigate a new side
> channel attack.
> 
> Noteworthy changes in version 1.6.5
> ===================================
> 
>  * Mitigate side-channel attack on ECDH with Weierstrass curves
>    [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
>    details.
> 
>  * Fix build problem on Solaris.

Here's a patch.  It seems to build fine.


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-libgcrypt-Update-to-1.6.5.patch --]
[-- Type: text/x-patch, Size: 1170 bytes --]

From f45b192c0e648fea95a98d681d8ecdff3dc15bdb Mon Sep 17 00:00:00 2001
From: Christopher Allan Webber <cwebber@dustycloud.org>
Date: Tue, 9 Feb 2016 11:49:06 -0800
Subject: [PATCH] gnu: libgcrypt: Update to 1.6.5.

* gnu/packages/gnupg.scm (libgcrypt): Update to 1.6.5.
---
 gnu/packages/gnupg.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a35e8fc..608c437 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -70,14 +70,14 @@ Daemon and possibly more in the future.")
 (define-public libgcrypt
   (package
     (name "libgcrypt")
-    (version "1.6.4")
+    (version "1.6.5")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "09k06gs27gxfha07sa9rpf4xh6mvphj9sky7n09ymx75w9zjrg69"))))
+               "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("libgpg-error-host" ,libgpg-error)))
-- 
2.6.3


^ permalink raw reply related	[flat|nested] 11+ messages in thread

* Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)
  2016-02-09 19:52 [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update) Christopher Allan Webber
@ 2016-02-09 20:15 ` Mark H Weaver
  2016-02-09 20:31   ` Christopher Allan Webber
  2016-02-10 14:46   ` Andreas Enge
  0 siblings, 2 replies; 11+ messages in thread
From: Mark H Weaver @ 2016-02-09 20:15 UTC (permalink / raw)
  To: Christopher Allan Webber; +Cc: guix-devel

Hi Chris,

Christopher Allan Webber <cwebber@dustycloud.org> writes:

> Hello all,
>
> New security release of libgcrypt:
>
>> Hello!
>> 
>> The GNU project is pleased to announce the availability of Libgcrypt
>> version 1.6.5.  This is a security fix release to mitigate a new side
>> channel attack.
>> 
>> Noteworthy changes in version 1.6.5
>> ===================================
>> 
>>  * Mitigate side-channel attack on ECDH with Weierstrass curves
>>    [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
>>    details.
>> 
>>  * Fix build problem on Solaris.
>
> Here's a patch.  It seems to build fine.
>
> From f45b192c0e648fea95a98d681d8ecdff3dc15bdb Mon Sep 17 00:00:00 2001
> From: Christopher Allan Webber <cwebber@dustycloud.org>
> Date: Tue, 9 Feb 2016 11:49:06 -0800
> Subject: [PATCH] gnu: libgcrypt: Update to 1.6.5.
>
> * gnu/packages/gnupg.scm (libgcrypt): Update to 1.6.5.

Thank you!  The summary line should include the CVE, like this:

  gnu: libgcrypt: Update to 1.6.5 [fixes CVE-2015-7511].

Alas, this will require at least 7000 rebuilds.  After the current
'security-updates' branch is merged, this should go on the next
'security-updates' branch, together with more fixes for graphite2 and
libsndfile.

       Mark

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)
  2016-02-09 20:15 ` Mark H Weaver
@ 2016-02-09 20:31   ` Christopher Allan Webber
  2016-02-10 14:46   ` Andreas Enge
  1 sibling, 0 replies; 11+ messages in thread
From: Christopher Allan Webber @ 2016-02-09 20:31 UTC (permalink / raw)
  To: Mark H Weaver; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1754 bytes --]

Mark H Weaver writes:

> Hi Chris,
>
> Christopher Allan Webber <cwebber@dustycloud.org> writes:
>
>> Hello all,
>>
>> New security release of libgcrypt:
>>
>>> Hello!
>>> 
>>> The GNU project is pleased to announce the availability of Libgcrypt
>>> version 1.6.5.  This is a security fix release to mitigate a new side
>>> channel attack.
>>> 
>>> Noteworthy changes in version 1.6.5
>>> ===================================
>>> 
>>>  * Mitigate side-channel attack on ECDH with Weierstrass curves
>>>    [CVE-2015-7511].  See http://www.cs.tau.ac.IL/~tromer/ecdh/ for
>>>    details.
>>> 
>>>  * Fix build problem on Solaris.
>>
>> Here's a patch.  It seems to build fine.
>>
>> From f45b192c0e648fea95a98d681d8ecdff3dc15bdb Mon Sep 17 00:00:00 2001
>> From: Christopher Allan Webber <cwebber@dustycloud.org>
>> Date: Tue, 9 Feb 2016 11:49:06 -0800
>> Subject: [PATCH] gnu: libgcrypt: Update to 1.6.5.
>>
>> * gnu/packages/gnupg.scm (libgcrypt): Update to 1.6.5.
>
> Thank you!  The summary line should include the CVE, like this:
>
>   gnu: libgcrypt: Update to 1.6.5 [fixes CVE-2015-7511].

Okay!  I wasn't aware of that convention.

> Alas, this will require at least 7000 rebuilds.  After the current
> 'security-updates' branch is merged, this should go on the next
> 'security-updates' branch, together with more fixes for graphite2 and
> libsndfile.

Yes it's unfortunate... it seems like security researchers are upping
their game in the post-heartbleed world (whatever that means)?  I guess
that's good... better good security researchers do this stuff than some
other unspecified groups... but kind of a headache here? :)

Anyway, new patch!  I don't know what to do about the security-updates
branch so I'll let you apply/push it.

 - Chris


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-libgcrypt-Update-to-1.6.5-fixes-CVE-2015-7511.patch --]
[-- Type: text/x-patch, Size: 1192 bytes --]

From 6fec07507956efd6f7055d37d268c97ca5771d8c Mon Sep 17 00:00:00 2001
From: Christopher Allan Webber <cwebber@dustycloud.org>
Date: Tue, 9 Feb 2016 11:49:06 -0800
Subject: [PATCH] gnu: libgcrypt: Update to 1.6.5 [fixes CVE-2015-7511].

* gnu/packages/gnupg.scm (libgcrypt): Update to 1.6.5.
---
 gnu/packages/gnupg.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index a35e8fc..608c437 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -70,14 +70,14 @@ Daemon and possibly more in the future.")
 (define-public libgcrypt
   (package
     (name "libgcrypt")
-    (version "1.6.4")
+    (version "1.6.5")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "09k06gs27gxfha07sa9rpf4xh6mvphj9sky7n09ymx75w9zjrg69"))))
+               "0959mwfzsxhallxdqlw359xg180ll2skxwyy35qawmfl89cbr7pl"))))
     (build-system gnu-build-system)
     (propagated-inputs
      `(("libgpg-error-host" ,libgpg-error)))
-- 
2.6.3


^ permalink raw reply related	[flat|nested] 11+ messages in thread

* Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)
  2016-02-09 20:15 ` Mark H Weaver
  2016-02-09 20:31   ` Christopher Allan Webber
@ 2016-02-10 14:46   ` Andreas Enge
  2016-02-10 16:53     ` wip-pulseaudio (was Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)) Efraim Flashner
  2016-02-10 20:46     ` [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update) Mark H Weaver
  1 sibling, 2 replies; 11+ messages in thread
From: Andreas Enge @ 2016-02-10 14:46 UTC (permalink / raw)
  To: Mark H Weaver; +Cc: guix-devel

Hello,

On Tue, Feb 09, 2016 at 03:15:38PM -0500, Mark H Weaver wrote:
> Alas, this will require at least 7000 rebuilds.  After the current
> 'security-updates' branch is merged, this should go on the next
> 'security-updates' branch, together with more fixes for graphite2 and
> libsndfile.

it looks like we are almost there. Do you think we could squeeze in an
evaluation and build of wip-pulseaudio after updating master and rebasing
the wip branch on master?

Andreas

^ permalink raw reply	[flat|nested] 11+ messages in thread

* wip-pulseaudio (was Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update))
  2016-02-10 14:46   ` Andreas Enge
@ 2016-02-10 16:53     ` Efraim Flashner
  2016-02-10 18:41       ` Efraim Flashner
  2016-02-10 20:46     ` [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update) Mark H Weaver
  1 sibling, 1 reply; 11+ messages in thread
From: Efraim Flashner @ 2016-02-10 16:53 UTC (permalink / raw)
  To: Andreas Enge; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 3416 bytes --]

On Wed, 10 Feb 2016 15:46:59 +0100
Andreas Enge <andreas@enge.fr> wrote:

> Hello,
> 
> On Tue, Feb 09, 2016 at 03:15:38PM -0500, Mark H Weaver wrote:
>  [...]  
> 
> it looks like we are almost there. Do you think we could squeeze in an
> evaluation and build of wip-pulseaudio after updating master and rebasing
> the wip branch on master?
> 
> Andreas
> 

I see it's been rebased on origin/master, I'll report back in a bit

efraim@debian-netbook:~/workspace/guix$ time ./pre-inst-env guix build gstreamer gst-plugins-base gst-plugins-good gst-plugins-ugly gst-libav --fallback
;;; note: source file /home/efraim/workspace/guix/gnu/packages/pulseaudio.scm
;;;       newer than compiled /home/efraim/workspace/guix/gnu/packages/pulseaudio.go
guix build: warning: failed to load '(efraim packages go-hello)':
ERROR: no code for module (guix build-system golang)
substitute: warning: failed to install locale: Invalid argument
substitute: updating list of substitutes from 'http://hydra.gnu.org'... 100.0%
The following derivations will be built:
   /gnu/store/qsg8g97ilakkj7hrvb7ywgqlapvx64bs-gst-libav-1.6.1.drv
   /gnu/store/j1z8qp0crifmgzfsrp9jg7p319xixp4m-gst-plugins-ugly-1.6.1.drv
   /gnu/store/xw15fnvzii6vwcr0dzgvhmy9b8w3cml7-gst-plugins-good-1.6.1.drv
   /gnu/store/6z864wqna3jklpwgb8haww7ycx5z60g7-openal-1.15.1.drv
   /gnu/store/gnkcv491lbw47rm491jf92d2f0496al0-ffmpeg-2.8.6.drv
The following files will be downloaded:
   /gnu/store/6y9i8v9lpmg286q63l72zz77pi1c91z2-gstreamer-1.6.1
   /gnu/store/2ka19awqsy3a0kz7x0n8826f5p4balgl-gstreamer-1.6.1-doc
   /gnu/store/sqbjqrszg8v4bb5qyxb5hivd9m34wpsg-gst-plugins-base-1.6.1
   /gnu/store/x1jx9xj6c9xfqa8hhgsk1sz6ily1snik-gst-plugins-base-1.6.1-doc
   /gnu/store/mppcj72lhdn7zaffakyrpzgjdm6fvkjj-gst-plugins-good-1.6.1.tar.xz
   /gnu/store/6rg1a6zh5h1clnf3ss8x2sy5178mbg3k-cairo-1.14.2
   /gnu/store/yv59gw65pypy6xjbb84p6aajk290rxy2-gdk-pixbuf-2.32.3
   /gnu/store/h8qmk26qppjlwwcvqk7hii6m5g03snxn-libcaca-0.99.beta19
   /gnu/store/sy9xwmlbzsbwbbcmd08nbg78n6kqm8jj-libsoup-2.52.1
   /gnu/store/yjnwwk25pif432gvwvqr33slwgb3f8gg-taglib-1.9.1
   /gnu/store/ar79y0mc7p6zrj2c0ilq8xrig1rpvnja-gst-plugins-ugly-1.6.1.tar.xz
   /gnu/store/82s25lxd0gfd4sqqsbv0p8vvxg948jmm-cmake-3.3.2
   /gnu/store/38cbna95gfyif3dyx2k8gds4h5fbv905-libquvi-0.4.1
   /gnu/store/pkbjdqk08ipjc3aabkvq15k8x77a2gs1-gnutls-3.4.7
   /gnu/store/rdi8195mysf340rm54xqjmxpl1qjq1wb-nettle-3.2
   /gnu/store/l04g809qjv9kfi3m1j42228n59jd7d0c-harfbuzz-1.0.6
   /gnu/store/7wrxicspxl4kz26vc5sbip0riqyq8hq6-libass-0.13.1
   /gnu/store/jpv3s592q5mrm596b9l8gzraclsmbi3g-graphite2-1.3.3
   /gnu/store/6m2li0x1f0ihvc36m4fwilmxa3bl3j88-soxr-0.1.1
   /gnu/store/8qwh8yk93p9nxbi2h5xahg0qjqxc9093-openldap-2.4.42
   /gnu/store/absyflwdck42kvs46196r54fjzvy9nsm-curl-7.47.0
   /gnu/store/ih5c39iibk2vqc717hbza4dqyxn1r2pa-shishi-1.0.2
   /gnu/store/mzkfj4vk1vfa3np2m7pm8h6q8z66f6ii-gss-1.0.3
   /gnu/store/vm7sx64bg8y343x83pww16fhigbngx8d-cyrus-sasl-2.1.26
   /gnu/store/1x6y9iby8krgskri5cdkdg8qk9yzkp03-libarchive-3.1.2
   /gnu/store/x3jlzwsn2xj0zwa1bfcj7lqv2b3mn70j-freeglut-3.0.0
   /gnu/store/29k39pj0cw9i2vzj59kbys8qmvhw2lby-pango-1.38.1

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: wip-pulseaudio (was Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update))
  2016-02-10 16:53     ` wip-pulseaudio (was Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)) Efraim Flashner
@ 2016-02-10 18:41       ` Efraim Flashner
  2016-02-10 18:55         ` Andreas Enge
  2016-02-10 20:43         ` Andreas Enge
  0 siblings, 2 replies; 11+ messages in thread
From: Efraim Flashner @ 2016-02-10 18:41 UTC (permalink / raw)
  To: Andreas Enge; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 3509 bytes --]

On Wed, 10 Feb 2016 18:53:50 +0200
Efraim Flashner <efraim@flashner.co.il> wrote:

> On Wed, 10 Feb 2016 15:46:59 +0100
> Andreas Enge <andreas@enge.fr> wrote:
> 
>  [...]  
> 
> I see it's been rebased on origin/master, I'll report back in a bit
> 
> efraim@debian-netbook:~/workspace/guix$ time ./pre-inst-env guix build gstreamer gst-plugins-base gst-plugins-good gst-plugins-ugly gst-libav --fallback
> ;;; note: source file /home/efraim/workspace/guix/gnu/packages/pulseaudio.scm
> ;;;       newer than compiled /home/efraim/workspace/guix/gnu/packages/pulseaudio.go
> guix build: warning: failed to load '(efraim packages go-hello)':
> ERROR: no code for module (guix build-system golang)
> substitute: warning: failed to install locale: Invalid argument
> substitute: updating list of substitutes from 'http://hydra.gnu.org'... 100.0%
> The following derivations will be built:
>    /gnu/store/qsg8g97ilakkj7hrvb7ywgqlapvx64bs-gst-libav-1.6.1.drv
>    /gnu/store/j1z8qp0crifmgzfsrp9jg7p319xixp4m-gst-plugins-ugly-1.6.1.drv
>    /gnu/store/xw15fnvzii6vwcr0dzgvhmy9b8w3cml7-gst-plugins-good-1.6.1.drv
>    /gnu/store/6z864wqna3jklpwgb8haww7ycx5z60g7-openal-1.15.1.drv
>    /gnu/store/gnkcv491lbw47rm491jf92d2f0496al0-ffmpeg-2.8.6.drv
> The following files will be downloaded:
>    /gnu/store/6y9i8v9lpmg286q63l72zz77pi1c91z2-gstreamer-1.6.1
>    /gnu/store/2ka19awqsy3a0kz7x0n8826f5p4balgl-gstreamer-1.6.1-doc
>    /gnu/store/sqbjqrszg8v4bb5qyxb5hivd9m34wpsg-gst-plugins-base-1.6.1
>    /gnu/store/x1jx9xj6c9xfqa8hhgsk1sz6ily1snik-gst-plugins-base-1.6.1-doc
>    /gnu/store/mppcj72lhdn7zaffakyrpzgjdm6fvkjj-gst-plugins-good-1.6.1.tar.xz
>    /gnu/store/6rg1a6zh5h1clnf3ss8x2sy5178mbg3k-cairo-1.14.2
>    /gnu/store/yv59gw65pypy6xjbb84p6aajk290rxy2-gdk-pixbuf-2.32.3
>    /gnu/store/h8qmk26qppjlwwcvqk7hii6m5g03snxn-libcaca-0.99.beta19
>    /gnu/store/sy9xwmlbzsbwbbcmd08nbg78n6kqm8jj-libsoup-2.52.1
>    /gnu/store/yjnwwk25pif432gvwvqr33slwgb3f8gg-taglib-1.9.1
>    /gnu/store/ar79y0mc7p6zrj2c0ilq8xrig1rpvnja-gst-plugins-ugly-1.6.1.tar.xz
>    /gnu/store/82s25lxd0gfd4sqqsbv0p8vvxg948jmm-cmake-3.3.2
>    /gnu/store/38cbna95gfyif3dyx2k8gds4h5fbv905-libquvi-0.4.1
>    /gnu/store/pkbjdqk08ipjc3aabkvq15k8x77a2gs1-gnutls-3.4.7
>    /gnu/store/rdi8195mysf340rm54xqjmxpl1qjq1wb-nettle-3.2
>    /gnu/store/l04g809qjv9kfi3m1j42228n59jd7d0c-harfbuzz-1.0.6
>    /gnu/store/7wrxicspxl4kz26vc5sbip0riqyq8hq6-libass-0.13.1
>    /gnu/store/jpv3s592q5mrm596b9l8gzraclsmbi3g-graphite2-1.3.3
>    /gnu/store/6m2li0x1f0ihvc36m4fwilmxa3bl3j88-soxr-0.1.1
>    /gnu/store/8qwh8yk93p9nxbi2h5xahg0qjqxc9093-openldap-2.4.42
>    /gnu/store/absyflwdck42kvs46196r54fjzvy9nsm-curl-7.47.0
>    /gnu/store/ih5c39iibk2vqc717hbza4dqyxn1r2pa-shishi-1.0.2
>    /gnu/store/mzkfj4vk1vfa3np2m7pm8h6q8z66f6ii-gss-1.0.3
>    /gnu/store/vm7sx64bg8y343x83pww16fhigbngx8d-cyrus-sasl-2.1.26
>    /gnu/store/1x6y9iby8krgskri5cdkdg8qk9yzkp03-libarchive-3.1.2
>    /gnu/store/x3jlzwsn2xj0zwa1bfcj7lqv2b3mn70j-freeglut-3.0.0
>    /gnu/store/29k39pj0cw9i2vzj59kbys8qmvhw2lby-pango-1.38.1
> 

gst-plugins-good failed the test suite again, with 1 failed test:
FAIL: elements/splitmux

ran it two other times and had 2 failed tests:
FAIL: elements/splitmux
FAIL: elements/rtprtx

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: wip-pulseaudio (was Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update))
  2016-02-10 18:41       ` Efraim Flashner
@ 2016-02-10 18:55         ` Andreas Enge
  2016-02-10 20:43         ` Andreas Enge
  1 sibling, 0 replies; 11+ messages in thread
From: Andreas Enge @ 2016-02-10 18:55 UTC (permalink / raw)
  To: Efraim Flashner; +Cc: guix-devel

On Wed, Feb 10, 2016 at 08:41:10PM +0200, Efraim Flashner wrote:
> gst-plugins-good failed the test suite again, with 1 failed test:
> FAIL: elements/splitmux
> ran it two other times and had 2 failed tests:
> FAIL: elements/splitmux
> FAIL: elements/rtprtx

This is strange; before that, it worked unless libvpx was also updated.
I will give it another try here.

Andreas

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: wip-pulseaudio (was Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update))
  2016-02-10 18:41       ` Efraim Flashner
  2016-02-10 18:55         ` Andreas Enge
@ 2016-02-10 20:43         ` Andreas Enge
  1 sibling, 0 replies; 11+ messages in thread
From: Andreas Enge @ 2016-02-10 20:43 UTC (permalink / raw)
  To: Efraim Flashner; +Cc: guix-devel

On Wed, Feb 10, 2016 at 08:41:10PM +0200, Efraim Flashner wrote:
> gst-plugins-good failed the test suite again, with 1 failed test:
> FAIL: elements/splitmux
> ran it two other times and had 2 failed tests:
> FAIL: elements/splitmux
> FAIL: elements/rtprtx

I tried it again, and it passes its tests. Let us wait and see what will
happen on hydra.

Andreas

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)
  2016-02-10 14:46   ` Andreas Enge
  2016-02-10 16:53     ` wip-pulseaudio (was Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)) Efraim Flashner
@ 2016-02-10 20:46     ` Mark H Weaver
  2016-02-10 20:56       ` Andreas Enge
  1 sibling, 1 reply; 11+ messages in thread
From: Mark H Weaver @ 2016-02-10 20:46 UTC (permalink / raw)
  To: Andreas Enge; +Cc: guix-devel

Andreas Enge <andreas@enge.fr> writes:

> Hello,
>
> On Tue, Feb 09, 2016 at 03:15:38PM -0500, Mark H Weaver wrote:
>> Alas, this will require at least 7000 rebuilds.  After the current
>> 'security-updates' branch is merged, this should go on the next
>> 'security-updates' branch, together with more fixes for graphite2 and
>> libsndfile.
>
> it looks like we are almost there. Do you think we could squeeze in an
> evaluation and build of wip-pulseaudio after updating master and rebasing
> the wip branch on master?

I'm reluctant to delay a critical security update like this, which
apparently allows a compromised web site to perform remote code
execution in our graphical web browsers.  I, for one, am running
text-only for now, and am impatient to return back to the modern era.

What's the nature of the pulseaudio update?  Why is it important?

What do other people think?

      Mark

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)
  2016-02-10 20:46     ` [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update) Mark H Weaver
@ 2016-02-10 20:56       ` Andreas Enge
  2016-02-11  9:52         ` Ludovic Courtès
  0 siblings, 1 reply; 11+ messages in thread
From: Andreas Enge @ 2016-02-10 20:56 UTC (permalink / raw)
  To: Mark H Weaver; +Cc: guix-devel

On Wed, Feb 10, 2016 at 03:46:03PM -0500, Mark H Weaver wrote:
> What's the nature of the pulseaudio update?  Why is it important?

It is not particularly important, I would say. I am just growing impatient,
we seem to be blocked by security-updates and core-updates more or less
since the beginning of December. This is all part of the gstreamer update
that we are postponing for about three weeks now.

Hooray for a new hydra!

Andreas

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)
  2016-02-10 20:56       ` Andreas Enge
@ 2016-02-11  9:52         ` Ludovic Courtès
  0 siblings, 0 replies; 11+ messages in thread
From: Ludovic Courtès @ 2016-02-11  9:52 UTC (permalink / raw)
  To: Andreas Enge; +Cc: guix-devel

Andreas Enge <andreas@enge.fr> skribis:

> On Wed, Feb 10, 2016 at 03:46:03PM -0500, Mark H Weaver wrote:
>> What's the nature of the pulseaudio update?  Why is it important?
>
> It is not particularly important, I would say. I am just growing impatient,

Of course having Hydra stuck building security updates is a bit
frustrating when we’d all want to have fun with the cutting edge stuff…
but I think it’s important nonetheless.  So I’m all for having the
Graphite fix take precedence over the rest.

But really, we should fix <http://bugs.gnu.org/22139>.  That would give
us some breathing room.

Ludo’.

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2016-02-11  9:52 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-09 19:52 [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update) Christopher Allan Webber
2016-02-09 20:15 ` Mark H Weaver
2016-02-09 20:31   ` Christopher Allan Webber
2016-02-10 14:46   ` Andreas Enge
2016-02-10 16:53     ` wip-pulseaudio (was Re: [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update)) Efraim Flashner
2016-02-10 18:41       ` Efraim Flashner
2016-02-10 18:55         ` Andreas Enge
2016-02-10 20:43         ` Andreas Enge
2016-02-10 20:46     ` [PATCH] gnu: libgcrypt: Update to 1.6.5. (security update) Mark H Weaver
2016-02-10 20:56       ` Andreas Enge
2016-02-11  9:52         ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).