On Fri, Feb 19, 2016 at 08:33:07AM -0500, Mark H Weaver wrote: > Hello Guix! > > I've pushed a fix for CVE-2015-7547 to the master branch, although Hydra > has not fully rebuilt it. I directed Hydra to build the most popular > packages first, and with greater effort devoted to x86_64, so my hope is > that most of what typical desktop users need is already built on x86_64. > Still, it is likely that you'll need to compile some things locally.
At least two users on #guix (including me) have found that `guix pull` is not fetching the latest snapshot. That is, the downloaded snapshot is of some commit before the CVE-2015-7547 patch was applied. Can you take a look? > > i686 is not as fully built, so users will probably need to do some more > compiling, but hopefully it is manageable. I was able to fully update > my Xfce desktop system on i686 anyway. > > As I write this, the rebuilds of armhf and mips64el are considerably > less advanced, so be prepared for a significant amount of local > recompilation. > > We'll prioritize getting grafts working properly soon, so that we can > deploy security updates to core libraries much more quickly in the > future. > > Thanks, > Mark >
