From: Guillaume Le Vaillant <glv@posteo.net>
To: Tobias Geerinckx-Rice <me@tobias.gr>
Cc: Ryan Prior <rprior@protonmail.com>, 46183@debbugs.gnu.org
Subject: [bug#46183] [PATCH 1/1] gnu: libgcrypt: Update to 1.9.1.
Date: Sat, 30 Jan 2021 09:39:16 +0100 [thread overview]
Message-ID: <878s8astsb.fsf@yamatai> (raw)
In-Reply-To: <87h7myc0e8.fsf@nckx>
[-- Attachment #1: Type: text/plain, Size: 1303 bytes --]
guix-patches--- via <guix-patches@gnu.org> skribis:
> Ryan,
>
> guix-patches--- via 写道:
>> * gnu/packages/gnupg.scm (libcrypt): Update to 1.9.1.
>
> Thanks.
>
>> - (version "1.8.5")
>> + (version "1.9.1")
>
> libgcrypt has 12119(!) dependent packages. Can we use a graft here? This
> nongrafted version can then go to core-updates.
>
> Grafting means we keep these packages built against 1.8.5 and force-feed them
> 1.9.1 instead, which might not work reliably across minor versions but needs to
> be tried before rebuilding the world.
>
> Kind regards,
>
> T G-R
According to the news at https://gnupg.org:
--8<---------------cut here---------------start------------->8---
Libgcrypt 1.9.1 released (2021-01-29) important
Unfortunately we introduced a severe bug in Libgcrypt 1.9.0 released 10 days ago.
If you already started to use version 1.9.0 please update immediately to 1.9.1.
--8<---------------cut here---------------end--------------->8---
Currently the master and staging branch are using libgcrypt 1.8.5 and
core-updates is using 1.8.7. These versions don't have the critical bug
as it was introduced in version 1.9.0. So I think updating libgcrypt on
master is not an emergency, we just have to remember to never use
version 1.9.0.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
next prev parent reply other threads:[~2021-01-30 8:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-30 4:20 [bug#46183] [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE] guix-patches--- via
2021-01-30 4:24 ` [bug#46183] [PATCH 1/1] gnu: libgcrypt: Update to 1.9.1 guix-patches--- via
2021-01-30 8:08 ` guix-patches--- via
2021-01-30 8:39 ` Guillaume Le Vaillant [this message]
2021-02-01 11:50 ` bug#46183: [PATCH 0/1] Update gcrypt [URGENT SECURITY ISSUE] Ludovic Courtès
2021-01-30 7:56 ` [bug#46183] " lordyuuma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878s8astsb.fsf@yamatai \
--to=glv@posteo.net \
--cc=46183@debbugs.gnu.org \
--cc=me@tobias.gr \
--cc=rprior@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).