From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56231) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ee59v-0003Kv-U7 for guix-patches@gnu.org; Tue, 23 Jan 2018 15:27:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ee59q-00073J-Sf for guix-patches@gnu.org; Tue, 23 Jan 2018 15:27:07 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:60352) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ee59q-00072y-O5 for guix-patches@gnu.org; Tue, 23 Jan 2018 15:27:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ee59q-0007xz-IA for guix-patches@gnu.org; Tue, 23 Jan 2018 15:27:02 -0500 Subject: bug#30180: [PATCH] gnu: libsndfile: Fix CVE-2017-12562. Resent-To: guix-patches@gnu.org Resent-Message-ID: Date: Tue, 23 Jan 2018 15:25:52 -0500 From: Leo Famulari Message-ID: <20180123202552.GC6750@jasmine.lan> References: <4ce9653c4e8ec4b70e53d2608a2551bb0831c1d0.1516414012.git.leo@famulari.name> <87372x7wyt.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XMCwj5IQnwKtuyBG" Content-Disposition: inline In-Reply-To: <87372x7wyt.fsf@gnu.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 30180-done@debbugs.gnu.org --XMCwj5IQnwKtuyBG Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 23, 2018 at 10:20:26AM +0100, Ludovic Court=C3=A8s wrote: > Leo Famulari skribis: >=20 > > I'd like to ungraft this on core-updates, even though it's late in the > > core-updates cycle. Changing libsndfile requires only ~600 rebuilds per > > architecture. > > > > * gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Add it. > > * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field. > > (libsndfile/fixed): New variable. >=20 > The patch LGTM! Okay, pushed! > As for ungrafting, I=E2=80=99ll let you judge. I would really like to me= rge > that branch soon, but I haven=E2=80=99t checked in status over the last c= ouple > of days. The branch is very close to done if you just look at the numbers, but there are still some important package failures. But there will be more grafts soon enough, so I guess we might as well leave it grafted. --XMCwj5IQnwKtuyBG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlpnmlAACgkQJkb6MLrK fwhGThAAs4GfByf5n2xAqE7edOSTAb27+YBFRcuPA3gTqTcp2ro1R24ugCZAeKlL sr7eJ2HQn1LA29sxQazKis8HwwOA9pjFsJEtHJZa/mODC9Yxg09tF6EV6aQiP/IJ lRiLr3Ehnb1a5SeX7hr9qc7K8otNJ1yiGzrZZVcEKebEjvfQWzEKm9TrQfxBZbwc D0VrNRk3OkTuCkO1iakr7sO0u1wW9LDdvk61ds5BZkhEHuVCUC1emveJJmqLs+tD nkNRQKy7lFQ3yYh4gV2S6UompZijVPYMOeSfcnjByYsDxFL/Vpop2Mu0f7nLwPTP 2tuYekQh2KnfpsZo20TKWG8ac53FW+iqJAIjtWor+EFY5Qdbv/QHgxLuuOIfn/Zi eHw0RgWKZNL//Q7lBNSsqZyIhqqOSNgoubF9V1NYZtMhKkT/e4SaUQoqMVwwmDr5 x4bHX7MVFzpCMl2CmiJAj8bZhcjFEwNwK/O0P+l18bChco/n1MHE9QjqTXM4WuCc NMEbPJHPXpklUbFcJyvDycKN0qWgbZSbqzBuWyu+M8WiknN0uv7gBCMntEewWVT0 +1PUs7m4GhXDeB/ZGS/kw7Q8v917I0+ZgBSKZlfRBSvcVq0SVWkrN5+kKehTIrcC n8/uETs22sAEN2ZF0D6ivKapel4/5FMCLwoa+YaxNIKbusCVYac= =rdo2 -----END PGP SIGNATURE----- --XMCwj5IQnwKtuyBG--