From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: IMPORTANT: glibc security update Date: Sat, 20 Feb 2016 00:20:36 -0500 Message-ID: <20160220052036.GA2887@jasmine> References: <87povsn7u4.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54345) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aWzyG-0004tR-VP for guix-devel@gnu.org; Sat, 20 Feb 2016 00:20:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aWzyB-0003Ey-VX for guix-devel@gnu.org; Sat, 20 Feb 2016 00:20:44 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:45511) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aWzyB-0003Eu-Po for guix-devel@gnu.org; Sat, 20 Feb 2016 00:20:39 -0500 Content-Disposition: inline In-Reply-To: <87povsn7u4.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Mark H Weaver Cc: guix-devel@gnu.org On Fri, Feb 19, 2016 at 08:33:07AM -0500, Mark H Weaver wrote: > Hello Guix! > > I've pushed a fix for CVE-2015-7547 to the master branch, although Hydra > has not fully rebuilt it. I directed Hydra to build the most popular > packages first, and with greater effort devoted to x86_64, so my hope is > that most of what typical desktop users need is already built on x86_64. > Still, it is likely that you'll need to compile some things locally. At least two users on #guix (including me) have found that `guix pull` is not fetching the latest snapshot. That is, the downloaded snapshot is of some commit before the CVE-2015-7547 patch was applied. Can you take a look? > > i686 is not as fully built, so users will probably need to do some more > compiling, but hopefully it is manageable. I was able to fully update > my Xfce desktop system on i686 anyway. > > As I write this, the rebuilds of armhf and mips64el are considerably > less advanced, so be prepared for a significant amount of local > recompilation. > > We'll prioritize getting grafts working properly soon, so that we can > deploy security updates to core libraries much more quickly in the > future. > > Thanks, > Mark >