bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]

2017-06-29 Thread Ludovic Courtès
Leo Famulari skribis: > On Thu, Jun 29, 2017 at 10:06:08PM +0200, Ludovic Courtès wrote: >> Leo, let me know when you feel that we should start a new evaluation. > > First I want to ungraft today's libgcrypt and poppler replacements. > > I also want to apply the attached

bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)]

2017-06-29 Thread Leo Famulari
On Thu, Jun 29, 2017 at 10:06:08PM +0200, Ludovic Courtès wrote: > Leo, let me know when you feel that we should start a new evaluation. First I want to ungraft today's libgcrypt and poppler replacements. I also want to apply the attached patch so we can stop using libgcrypt-1.5 with Shishi, and

bug#27429: Stack clash (CVE-2017-1000366 etc)

2017-06-29 Thread Ludovic Courtès
Mark H Weaver skribis: > l...@gnu.org (Ludovic Courtès) writes: > >> As discussed yesterday on IRC, here’s a patch that applies the glibc >> patches for CVE-2017-1000366 in ‘core-updates’. >> >> That’s a rebuild-the-world change but we still have work to do in >> ‘core-updates’

bug#27042: test-package.sh fails on aarch64

2017-06-29 Thread Efraim Flashner
On Thu, Jun 29, 2017 at 09:22:59PM +0200, Ludovic Courtès wrote: > Efraim Flashner skribis: > > > On Thu, Jun 22, 2017 at 11:06:45PM +0200, Ludovic Courtès wrote: > >> Efraim Flashner skribis: > >> > >> > On aarch64 the test 'test-package.sh' fails

bug#27042: test-package.sh fails on aarch64

2017-06-29 Thread Ludovic Courtès
Efraim Flashner skribis: > On Thu, Jun 22, 2017 at 11:06:45PM +0200, Ludovic Courtès wrote: >> Efraim Flashner skribis: >> >> > On aarch64 the test 'test-package.sh' fails due to 'offload: command not >> > found' >> >> I think you mentioned on IRC

bug#27463: OCaml CVE-2017-9772

2017-06-29 Thread Efraim Flashner
On Fri, Jun 23, 2017 at 12:41:50PM -0400, Leo Famulari wrote: > Our packages of OCaml 4.02.3 and 4.01.0 are vulnerable to CVE-2017-9772: > > http://seclists.org/oss-sec/2017/q2/575 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9772 According to Debian¹ only Ocaml-4.04.[01] is

bug#27042: test-package.sh fails on aarch64

2017-06-29 Thread Efraim Flashner
On Thu, Jun 22, 2017 at 11:06:45PM +0200, Ludovic Courtès wrote: > Efraim Flashner skribis: > > > On aarch64 the test 'test-package.sh' fails due to 'offload: command not > > found' > > I think you mentioned on IRC that the problem vanished, right? > > Ludo’. The test

bug#27467: Xfce broken, because it propagates two different versions of gtk+

2017-06-29 Thread Mark H Weaver
Ricardo Wurmus writes: > Ludovic Courtès writes: > >> Another option (perhaps slightly less intrusive) would be to implement >> the ‘xfce’ meta-package using ‘union-build’ instead of >> ‘propagated-inputs’. > > Yes, that’s better. I pushed two commits: > >

bug#27467: Xfce broken, because it propagates two different versions of gtk+

2017-06-29 Thread Ricardo Wurmus
Hi, Ludovic Courtès writes: > Ricardo Wurmus skribis: > >> What do you think of the attached patches? The first makes libxfce4ui >> only propagate the latest gtk+, so I added gtk+-2 where needed. The >> second removes “exo” from the “xfce” meta-package,

bug#27386: offloading documentation and env

2017-06-29 Thread Ludovic Courtès
ng0 skribis: > Ludovic Courtès transcribed 2.2K bytes: [...] >> > GUILE_LOAD_COMPILED_PATH="${GUILE_LOAD_COMPILED_PATH}:/run/current-system/profile/lib/guile/2.2/site-ccache:/run/current-system/profile/share/guile/site/2.2" >> >