From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 0/6] Libreoffice CVE and update Date: Mon, 7 Mar 2016 22:56:33 -0500 Message-ID: <20160308035633.GA1715@jasmine> References: <1457347327-13748-1-git-send-email-efraim@flashner.co.il> <20160307220317.22cc1c34@debian-netbook> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50868) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ad8lA-0007UL-4Q for guix-devel@gnu.org; Mon, 07 Mar 2016 22:56:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ad8l6-0000xx-UY for guix-devel@gnu.org; Mon, 07 Mar 2016 22:56:36 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:39690) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ad8l6-0000xt-Pp for guix-devel@gnu.org; Mon, 07 Mar 2016 22:56:32 -0500 Content-Disposition: inline In-Reply-To: <20160307220317.22cc1c34@debian-netbook> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Efraim Flashner Cc: guix-devel@gnu.org On Mon, Mar 07, 2016 at 10:03:17PM +0200, Efraim Flashner wrote: > On Mon, 7 Mar 2016 12:42:01 +0200 > Efraim Flashner wrote: > > > Now that vigra is building again, I've put together a patch to update > > libreoffice to address CVE-2016-0794 and CVE-2016-0795. Currently its > > building on my machine, but hydra says the last successful build took > > 7 hours and I'm currently ~5.5 into my build, but I'm expecting close > > to 20 hours for a complete build. So in addition to checking over the > > patches (notably liblangtag which is new, mdds which has a second version > > and libreoffice with several changes), if someone with a fast computer > > wants to see if they can finish building before me that'd be great. > > > > Efraim Flashner (6): > > gnu: Add liblangtag. > > gnu: mdds: Update to 1.1.0. > > gnu: orcus: Update to 0.11.0. > > gnu: ixion: Update to 0.11.0. > > gnu: libetonyek: Update to 0.1.6. > > gnu: libreoffice: Update to 5.1.1.3. [Fixes CVE-2016-{0794, 0795}]. > > > > gnu/packages/boost.scm | 26 +++++++++++++---- > > gnu/packages/libreoffice.scm | 67 ++++++++++++++++++++++++++++++++++---------- > > 2 files changed, 73 insertions(+), 20 deletions(-) > > > > It turns out libreoffice fails to build with this patch set. After discussing > it with Andreas and Leo on irc we've decided on trying 5.0.5.2 as per > https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/ and > we'll work on the rest later. Updated to 5.0.5.2 with commit 165e0382b. > > If anyone wants to work on the update now, mdds stays at 0.12.2, orcus to > 0.9.2, ixion to 0.9.1, and that's a good starting point. > > -- > Efraim Flashner אפרים פלשנר > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > Confidentiality cannot be guaranteed on emails sent or received unencrypted