Re: [blfs-dev] What's left for the 9.0 release?

Fri, 30 Aug 2019 10:13:15 -0700 

On 2019-08-30 11:10, Bruce Dubbs via blfs-dev wrote:

On 8/30/19 10:24 AM, Douglas R. Reno via blfs-dev wrote:

On 2019-08-30 10:22, Xi Ruoyao via blfs-dev wrote:

On 2019-08-30 09:20 -0500, Bruce Dubbs via blfs-dev wrote:

All packages have now been tagged and all tickets closed for the 9.0
release.  What other things are remaining that we need to address before 
the Sunday release?



It seems #12448 and #12459 contain various security fixes.  Should we 
backport them to 9.0?



#12456 (Ruby) has a fix for two vulnerabilities - one from 2012 and 
one from 2015. The problem with backporting updates is that I believe 
that everything that links to them has to be retested. That being said 
though, I'd give a +1 to backporting them.


Webkit has

gnome/applications/evolution.xml
gnome/platform/yelp.xml
gnome/platform/gnome-online-accounts.xml
gnome/platform/zenity.xml
xsoft/graphweb/epiphany.xml
xsoft/other/balsa.xml

Ruby has:

server/databases/mariadb.xml
x/lib/webkitgtk.xml
postlfs/editors/vim.xml
xincludes/texruntime.xml
general/graphlib/gegl.xml
general/prog/subversion.xml
general/genutils/graphviz.xml
pst/xml/docbook-xsl.xml

libgcrypt has:

networking/netprogs/samba.xml
networking/netutils/wireshark.xml
x/lib/gtk-vnc.xml
x/installing/mesa.xml
x/installing/xorg-server.xml
x/dm/lightdm.xml
postlfs/virtualization/qemu.xml
postlfs/security/cryptsetup.xml
postlfs/security/gnupg2.xml
multimedia/libdriv/gst10-plugins-bad.xml
multimedia/videoutils/vlc.xml
kde/kf5/kf5-frameworks.xml
gnome/applications/vino.xml
gnome/platform/gcr.xml
gnome/platform/totem-pl-parser.xml
gnome/platform/gvfs.xml
gnome/platform/libsecret.xml
general/sysutils/accountsservice.xml
general/sysutils/systemd.xml
general/sysutils/rasqal.xml
general/genlib/libxslt.xml
general/genlib/qca.xml
general/genlib/libssh2.xml
xsoft/office/abiword.xml
xsoft/other/tigervnc.xml
xsoft/other/pidgin.xml

Do we have any volunteers?

The alternative is to update after release and publish notification in
the errata.  I'll note that we get these types of security updates
continuously thoughout the year. webkit and firefox seem to get them
quite often.

  -- Bruce



I was going to take the day off, but I can handle it. I have all of 
those built anyway. I'll have 'em in by later tonight or tomorrow 
morning. I'll start in around an hour and fetch the three tickets.



I'm going to do ruby first, then WebKitGTK+, and then libgcrypt. Going 
for libgcrypt last because it has the most to reverify.

--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page






















					Reply via email to