bug#27976: install 32b xfce no gnome: collision hicolor/icon-theme.cache

2017-08-06 Thread Paul Dufresne 
I installed with 64b.

The collision happened in 64b, but did not stop installation.

bug#27993: Oniguruma (PHP and Ruby) security issues

2017-08-06 Thread Leo Famulari 
Recently several serious bugs were fixed in Oniguruma,
CVE-2017-{9224,9225,9226,9227,9228,9229}:

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=oniguruma
https://github.com/kkos/oniguruma#fixed-security-issues

I'm not sure exactly which Oniguruma release fixed the bugs.

Ruby includes vulnerable code from Oniguruma. I didn't see any fixes in
the Ruby Git repo.

I tried building PHP with Oniguruma 6.4.0 or 6.5.0 but the PHP test
suite fails like this:

=
FAILED TEST SUMMARY
-
Bug #72994 (mbc_to_code() out of bounds read) [ext/mbstring/tests/bug72994.phpt]
Test mb_ereg_replace() function : usage variations  -  [ext/mbstring/tests/mb_ereg_replace_variation1.phpt]
Test mb_ereg() function : usage variations - pass different character classes 
to see they match correctly [ext/mbstring/tests/mb_ereg_variation3.phpt]
=

I tried using the bundled Oniguruma, which includes the fixes, and it
fails like this:

=
FAILED TEST SUMMARY
-
Bug #60120 proc_open hangs with stdin/out with 2048+ bytes 
[ext/standard/tests/streams/proc_open_bug60120.phpt]
=


signature.asc
Description: PGP signature

bug#27990: Offloading repeatedly prints a message of the form "process ... acquired build slot '/var/guix/offload/.../0"

2017-08-06 Thread Christopher Baines 
Hey,

I gave setting up offloading another go, I'm testing with 3 machines,
two running GuixSD, and one Debian. I've tried setting up offloading
from both GuixSD machines to the Debian machine, and from one GuixSD
machine to the other.

Running `guix offload test` works, and reports success. However, when
it actually comes to building something, guix repeatedly prints a
message like:

  "process ... acquired build slot '/var/guix/offload/.../0"

I've left it for a while, and nothing happened.

My usual approach at sticking more logging in to the code doesn't
really work, as it appears that it's not the offload script from the
Guix git repository that I have locally that is being used.

I'm happy to do some more investigation, but I haven't worked out how
to yet.


pgpCuDEeSW_Ie.pgp
Description: OpenPGP digital signature