Leo Famulari <l...@famulari.name> skribis:
> On Mon, Mar 07, 2016 at 10:03:17PM +0200, Efraim Flashner wrote:
>> On Mon, 7 Mar 2016 12:42:01 +0200
>> Efraim Flashner <efr...@flashner.co.il> wrote:
>>
>> > Now that vigra is building again, I've put together a patch to update
>> > libreoffice to address CVE-2016-0794 and CVE-2016-0795. Currently its
>> > building on my machine, but hydra says the last successful build took
>> > 7 hours and I'm currently ~5.5 into my build, but I'm expecting close
>> > to 20 hours for a complete build. So in addition to checking over the
>> > patches (notably liblangtag which is new, mdds which has a second version
>> > and libreoffice with several changes), if someone with a fast computer
>> > wants to see if they can finish building before me that'd be great.
>> >
>> > Efraim Flashner (6):
>> > gnu: Add liblangtag.
>> > gnu: mdds: Update to 1.1.0.
>> > gnu: orcus: Update to 0.11.0.
>> > gnu: ixion: Update to 0.11.0.
>> > gnu: libetonyek: Update to 0.1.6.
>> > gnu: libreoffice: Update to 5.1.1.3. [Fixes CVE-2016-{0794, 0795}].
>> >
>> > gnu/packages/boost.scm | 26 +++++++++++++----
>> > gnu/packages/libreoffice.scm | 67
>> > ++++++++++++++++++++++++++++++++++----------
>> > 2 files changed, 73 insertions(+), 20 deletions(-)
>> >
>>
>> It turns out libreoffice fails to build with this patch set. After discussing
>> it with Andreas and Leo on irc we've decided on trying 5.0.5.2 as per
>> https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/ and
>> we'll work on the rest later.
>
> Updated to 5.0.5.2 with commit 165e0382b.
Good, thanks for taking care of this!
Ludo’.
