On Mon, 7 Mar 2016 12:42:01 +0200 Efraim Flashner <efr...@flashner.co.il> wrote:
> Now that vigra is building again, I've put together a patch to update
> libreoffice to address CVE-2016-0794 and CVE-2016-0795. Currently its
> building on my machine, but hydra says the last successful build took
> 7 hours and I'm currently ~5.5 into my build, but I'm expecting close
> to 20 hours for a complete build. So in addition to checking over the
> patches (notably liblangtag which is new, mdds which has a second version
> and libreoffice with several changes), if someone with a fast computer
> wants to see if they can finish building before me that'd be great.
>
> Efraim Flashner (6):
> gnu: Add liblangtag.
> gnu: mdds: Update to 1.1.0.
> gnu: orcus: Update to 0.11.0.
> gnu: ixion: Update to 0.11.0.
> gnu: libetonyek: Update to 0.1.6.
> gnu: libreoffice: Update to 5.1.1.3. [Fixes CVE-2016-{0794, 0795}].
>
> gnu/packages/boost.scm | 26 +++++++++++++----
> gnu/packages/libreoffice.scm | 67
> ++++++++++++++++++++++++++++++++++----------
> 2 files changed, 73 insertions(+), 20 deletions(-)
>
It turns out libreoffice fails to build with this patch set. After discussing
it with Andreas and Leo on irc we've decided on trying 5.0.5.2 as per
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/ and
we'll work on the rest later.
If anyone wants to work on the update now, mdds stays at 0.12.2, orcus to
0.9.2, ixion to 0.9.1, and that's a good starting point.
--
Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
pgpIDt9gir8Yq.pgp
Description: OpenPGP digital signature
