From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 0/1] Dbus update 1.10.12 for core-updates Date: Wed, 12 Oct 2016 12:41:37 -0400 Message-ID: <20161012164137.GA32419@jasmine> References: <87wphfgbw4.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45403) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1buMbI-0000qz-0z for guix-devel@gnu.org; Wed, 12 Oct 2016 12:41:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1buMbC-0005vd-2z for guix-devel@gnu.org; Wed, 12 Oct 2016 12:41:50 -0400 Content-Disposition: inline In-Reply-To: <87wphfgbw4.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?iso-8859-1?Q?Court=E8s?= Cc: guix-devel@gnu.org On Mon, Oct 10, 2016 at 10:57:47PM +0200, Ludovic Courtès wrote: > Yeah, seems hard to exploit. Apparently even if we’re not using systemd > activations we could be vulnerable, because it’s about how specific > messages are processed, IIUC. > > > What do you think? Should we update this on core-updates? > > I think so. Okay. Just to clarify, this will trigger >1000 rebuilds. > > > Should we graft it on master? > > Unless there are possible ABI incompatibilies, it probably doesn’t hurt > to do that. According to the dbus README, the offer a stable ABI within each stable release series: https://dbus.freedesktop.org/doc/README But, I found that the regular approach to grafting does not work for our dbus package. Presumably, it's because (gnu packages glib) exports dbus before defining it.