From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: [PATCH 0/6] Libreoffice CVE and update
Date: Tue, 08 Mar 2016 10:05:03 +0100
Message-ID: <87bn6ppcg0.fsf@gnu.org>
References: <1457347327-13748-1-git-send-email-efraim@flashner.co.il>
	<20160307220317.22cc1c34@debian-netbook>
	<20160308035633.GA1715@jasmine>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48368)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1adDZm-0007jt-K5
	for guix-devel@gnu.org; Tue, 08 Mar 2016 04:05:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1adDZi-0000S8-Ey
	for guix-devel@gnu.org; Tue, 08 Mar 2016 04:05:10 -0500
In-Reply-To: <20160308035633.GA1715@jasmine> (Leo Famulari's message of "Mon,
	7 Mar 2016 22:56:33 -0500")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org

Leo Famulari <leo@famulari.name> skribis:

> On Mon, Mar 07, 2016 at 10:03:17PM +0200, Efraim Flashner wrote:
>> On Mon,  7 Mar 2016 12:42:01 +0200
>> Efraim Flashner <efraim@flashner.co.il> wrote:
>>=20
>> > Now that vigra is building again, I've put together a patch to update
>> > libreoffice to address CVE-2016-0794 and CVE-2016-0795. Currently its
>> > building on my machine, but hydra says the last successful build took
>> > 7 hours and I'm currently ~5.5 into my build, but I'm expecting close
>> > to 20 hours for a complete build. So in addition to checking over the
>> > patches (notably liblangtag which is new, mdds which has a second vers=
ion
>> > and libreoffice with several changes), if someone with a fast computer
>> > wants to see if they can finish building before me that'd be great.
>> >=20
>> > Efraim Flashner (6):
>> >   gnu: Add liblangtag.
>> >   gnu: mdds: Update to 1.1.0.
>> >   gnu: orcus: Update to 0.11.0.
>> >   gnu: ixion: Update to 0.11.0.
>> >   gnu: libetonyek: Update to 0.1.6.
>> >   gnu: libreoffice: Update to 5.1.1.3. [Fixes CVE-2016-{0794, 0795}].
>> >=20
>> >  gnu/packages/boost.scm       | 26 +++++++++++++----
>> >  gnu/packages/libreoffice.scm | 67 ++++++++++++++++++++++++++++++++++-=
---------
>> >  2 files changed, 73 insertions(+), 20 deletions(-)
>> >=20
>>=20
>> It turns out libreoffice fails to build with this patch set. After discu=
ssing
>> it with Andreas and Leo on irc we've decided on trying 5.0.5.2 as per
>> https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/ =
and
>> we'll work on the rest later.
>
> Updated to 5.0.5.2 with commit 165e0382b.

Good, thanks for taking care of this!

Ludo=E2=80=99.