On Mon, Mar 07, 2016 at 10:03:17PM +0200, Efraim Flashner wrote:
> On Mon, 7 Mar 2016 12:42:01 +0200
> Efraim Flashner <efr...@flashner.co.il> wrote:
>
> > Now that vigra is building again, I've put together a patch to update
> > libreoffice to address CVE-2016-0794 and CVE-2016-0795. Currently its
> > building on my machine, but hydra says the last successful build took
> > 7 hours and I'm currently ~5.5 into my build, but I'm expecting close
> > to 20 hours for a complete build. So in addition to checking over the
> > patches (notably liblangtag which is new, mdds which has a second version
> > and libreoffice with several changes), if someone with a fast computer
> > wants to see if they can finish building before me that'd be great.
> >
> > Efraim Flashner (6):
> > gnu: Add liblangtag.
> > gnu: mdds: Update to 1.1.0.
> > gnu: orcus: Update to 0.11.0.
> > gnu: ixion: Update to 0.11.0.
> > gnu: libetonyek: Update to 0.1.6.
> > gnu: libreoffice: Update to 5.1.1.3. [Fixes CVE-2016-{0794, 0795}].
> >
> > gnu/packages/boost.scm | 26 +++++++++++++----
> > gnu/packages/libreoffice.scm | 67
> > ++++++++++++++++++++++++++++++++++----------
> > 2 files changed, 73 insertions(+), 20 deletions(-)
> >
>
> It turns out libreoffice fails to build with this patch set. After discussing
> it with Andreas and Leo on irc we've decided on trying 5.0.5.2 as per
> https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/ and
> we'll work on the rest later.
Updated to 5.0.5.2 with commit 165e0382b.
>
> If anyone wants to work on the update now, mdds stays at 0.12.2, orcus to
> 0.9.2, ixion to 0.9.1, and that's a good starting point.
>
> --
> Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר
> GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
> Confidentiality cannot be guaranteed on emails sent or received unencrypted
