From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: IMPORTANT: glibc security update
Date: Sat, 20 Feb 2016 00:20:36 -0500
Message-ID: <20160220052036.GA2887@jasmine>
References: <87povsn7u4.fsf@netris.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54345)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aWzyG-0004tR-VP
	for guix-devel@gnu.org; Sat, 20 Feb 2016 00:20:45 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aWzyB-0003Ey-VX
	for guix-devel@gnu.org; Sat, 20 Feb 2016 00:20:44 -0500
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:45511)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aWzyB-0003Eu-Po
	for guix-devel@gnu.org; Sat, 20 Feb 2016 00:20:39 -0500
Content-Disposition: inline
In-Reply-To: <87povsn7u4.fsf@netris.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org

On Fri, Feb 19, 2016 at 08:33:07AM -0500, Mark H Weaver wrote:
> Hello Guix!
> 
> I've pushed a fix for CVE-2015-7547 to the master branch, although Hydra
> has not fully rebuilt it.  I directed Hydra to build the most popular
> packages first, and with greater effort devoted to x86_64, so my hope is
> that most of what typical desktop users need is already built on x86_64.
> Still, it is likely that you'll need to compile some things locally.

At least two users on #guix (including me) have found that `guix pull`
is not fetching the latest snapshot. That is, the downloaded snapshot
is of some commit before the CVE-2015-7547 patch was applied.

Can you take a look?

> 
> i686 is not as fully built, so users will probably need to do some more
> compiling, but hopefully it is manageable.  I was able to fully update
> my Xfce desktop system on i686 anyway.
> 
> As I write this, the rebuilds of armhf and mips64el are considerably
> less advanced, so be prepared for a significant amount of local
> recompilation.
> 
> We'll prioritize getting grafts working properly soon, so that we can
> deploy security updates to core libraries much more quickly in the
> future.
> 
>      Thanks,
>        Mark
>