On Mon, Nov 28, 2016 at 09:30:53PM +0200, Efraim Flashner wrote: > The previous patch somehow stopped working for me, and I was getting > complaints about unbound variable cairo/fixed, so I rewrote the patch to > have every cairo use the patch separately.
Thanks for taking on this tricky bug fix! > diff --git a/gnu/packages/patches/cairo-CVE-2016-9082.patch > b/gnu/packages/patches/cairo-CVE-2016-9082.patch Please add a link to the patch source in the patch file. I know it can be found in the linked bug report, but it does help readers to be explicit, in my opinion. Otherwise LGTM. The patch is not in the cairo repo yet, AFAICT: https://cgit.freedesktop.org/cairo/ But, Debian did use it: https://anonscm.debian.org/cgit/collab-maint/cairo.git/tree/debian/patches/07_CVE-2016-9082.patch Can you follow the upstream resolution of the bug in case they decide to use a different patch?
signature.asc
Description: PGP signature
