[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IMPORTANT: glibc security update
|
From: |
Mark H Weaver |
|
Subject: |
Re: IMPORTANT: glibc security update |
|
Date: |
Sat, 20 Feb 2016 20:40:51 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.91 (gnu/linux) |
Leo Famulari <address@hidden> writes:
> On Fri, Feb 19, 2016 at 08:33:07AM -0500, Mark H Weaver wrote:
>> Hello Guix!
>>
>> I've pushed a fix for CVE-2015-7547 to the master branch, although Hydra
>> has not fully rebuilt it. I directed Hydra to build the most popular
>> packages first, and with greater effort devoted to x86_64, so my hope is
>> that most of what typical desktop users need is already built on x86_64.
>> Still, it is likely that you'll need to compile some things locally.
>
> At least two users on #guix (including me) have found that `guix pull`
> is not fetching the latest snapshot. That is, the downloaded snapshot
> is of some commit before the CVE-2015-7547 patch was applied.
>
> Can you take a look?
Indeed, you are right. The problem is that, by default, "guix pull"
downloads the latest source from:
http://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz
and unfortunately, something is currently broken on Savannah, and that
snapshot is stuck on the commit before the glibc security update :-(
Until that's fixed, here's a workaround:
--8<---------------cut here---------------start------------->8---
$ git clone --depth 1 git://git.sv.gnu.org/guix.git master
Cloning into 'master'...
[...]
$ rm -rf master/.git
$ tar czf master.tar.gz master --sort=name address@hidden --{owner,group}=root:0
$ guix pull --url=master.tar.gz
--8<---------------cut here---------------end--------------->8---
Mark