From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52948) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d6jhu-0007zz-LR for guix-patches@gnu.org; Fri, 05 May 2017 16:20:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d6jhq-0005O2-Gq for guix-patches@gnu.org; Fri, 05 May 2017 16:20:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:58623) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d6jhq-0005Na-1y for guix-patches@gnu.org; Fri, 05 May 2017 16:20:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1d6jhp-0008Aa-Si for guix-patches@gnu.org; Fri, 05 May 2017 16:20:01 -0400 Subject: bug#26758: [PATCH] gnu: gnome-shell: Patch CVE-2017-8288. Resent-Message-ID: Date: Fri, 5 May 2017 16:19:09 -0400 From: Leo Famulari Message-ID: <20170505201909.GA18285@jasmine> References: <20170503223147.GA12175@jasmine> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl" Content-Disposition: inline In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: rennes Cc: 26758@debbugs.gnu.org --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 04, 2017 at 08:12:01AM -0500, rennes wrote: > Hello Leo, >=20 > > Thanks! Do we need to graft it, or can we apply the patch directly to > > gnome-shell? What would need to be rebuilt if we applied the patch > > directly? I applied it directly as cc3bc027ebbc924cc60fdcd8e7c8572bd0adf90c. If that was a mistake, we can graft it in a followup commit. > I did both tests: the first apply the patch directly, lasted more than > twelve hours; the second to create the procedure gnome-shell/fixed and it > did not take more than 10 minutes. I guess that the first time, you built the fixed gnome-shell. That took a long time (!!!) for some reason; maybe you had to build its entire dependency graph from source, or maybe the machine was not powerful. The next time, when you tried the graft, everything was already built, so you saw a big speed-up. > I read about the subject, > https://www.gnu.org/software/guix/manual/html_node/Security-Updates.html >=20 > but I still do not understand the way to determine how much needs to be > rebuilt! As Ludo points out, you can use `guix refresh -l` for this. It's not 100% accurate, but it's pretty good in most cases. --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlkM3j0ACgkQJkb6MLrK fwgBbA//f2yECJ3Q2MZnOo1l68A49+bygSv9Cx1hoUmcbdLIlC9S1LP1/+hjhJdD kNzR1O0auwT0qGdsHCu4IC02rFdF5XyUeiGCMY3+AyMy6uuBOf8OJV+ZGWiVW4C1 yWYobMg3C+Xw2j6wWJY7O2qqZ1Lgv7m/85koz2CZTBqPLj4nQTipte5b8JEEWisF hMMmok7ofn75roB+CwE3PSR4cU8BhQ6MLrkHW1gVmNHNVg+2EGNK4IvKuPv+nG6n pQ/+JIkOaqearTwtScjHnyBupFdsASPPm643DJpebSdtW3nPMt9qdwViZKEmiybP RBRB+q6qaZ6uVFg0JoGGmcaBBo35Y9n1XEns7LeO4V7oLRFe4wnCPAX72i9He14F 7aBJqUJxpT6RuFwrQHvkrNXKSgvypAAw5nJpXYAa2bzKbSjiePahaxo8kZVoPT3z dizjycXhMJ2YkjtMwUi2PUXR6PBO95pU7GLKE1XNo1ec9JV/S7ezs5QnQR3hPC6d tIce2xzjFGXF6MtBDlAMwkTzvvK9rNpfEf+irrObAwMcYvEXQoHvK+pjU1y/Oz0G c9BM8prUuAskbbXug7xqYZRvzj/lBq6cqjKCb6YBxj3lWZ59P4A4UGKclxv3JuMs qdHXHunSn+C9V7wxc74oC5oz8nTvJdatVi3zFm0vzNcqMOR0LJI= =hWjC -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl--