IRC Logs for #crux-devel Saturday, 2015-07-11

*** Feksclaus has quit IRC00:37
*** _mavric has quit IRC02:52
*** __mavric has joined #crux-devel02:53
*** nrxtx has quit IRC05:46
Romsterjue, libpcre has 2 CVE's CVE-2015-3210 and CVE-2015-507307:06
Romsterhttps://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/libpcre/files/libpcre-8.37-CVE-2015-3210.patch?revision=1.107:06
Romsterhttps://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/libpcre/files/libpcre-8.37-CVE-2015-5073.patch07:06
Romsteror frinnst or teK__ who ever has access to core07:06
Romsterfrinnst, you probably want to edit thunderbird and remove/add this to match up with firefox07:28
Romster-ac_add_options --enable-tree-freetype07:28
Romster+ac_add_options --enable-pic07:29
Romsteri also sorted the items07:30
Romsterhttps://gist.github.com/therealromster/31f068feec5b18448c9607:30
Romsteror maybe that tree-freetype needs to be changed in thunderbird 39?07:33
Romstermy system is a little behind on updates like freetype.07:33
juegood morning07:34
Romstermorning jue07:35
Romsterfrinnst, yeah scratch removing --enable-tree-freetype until thunderbird 39.x07:35
jueRomster: guess our patch libpcre/01-seven-... covers all security issues, or are the two patches you find additional stuff?07:38
Romsteroh i didn't see that...07:39
Romsterand i'm not sure07:39
Romsterlet me guess that was taken off master svn at the time07:41
Romsterthen i guess it is covered if that diff was made recent enough.07:43
Romsterhttps://bugs.exim.org/show_bug.cgi?id=1636 Reported: 2015-05-29 08:4507:44
Romsterhttps://bugs.exim.org/show_bug.cgi?id=1651 Reported: 2015-06-23 06:2907:45
Romster2015-06-07 Fredrik Rinnestam[notify] libpcre: Fixes several security vulnerabilities07:46
Romsterso i'll say it's probably not covered going by those dates.07:46
Romsterand if there is 7 serurity issues there were are the CVEs assigned to them?07:47
Romsters/were/where07:47
Romsterunless they got fixed before being reported.07:48
Romsterhttp://www.linuxfromscratch.org/blfs/view/svn/general/pcre.html doens't even offer any patch07:49
Romsterlooks like frinnst got the patch from here https://projects.archlinux.org/svntogit/packages.git/log/trunk/01-seven-security-patches.patch?h=packages/pcre&showmsg=107:56
Romsterhttps://bugs.archlinux.org/task/4520707:56
Romstergit-svn-id: file:///srv/repos/svn-packages/svn@240351 eb2447ed-0c53-47e4-bac8-5bc4a241df7807:56
Romsterseems CVE-2015-3210 is covered but no mention of CVE-2015-507307:58
Romsterso i should use that 01-seven-security-patches.patch place in place of CVE-2015-321008:00
jueI'd say so, will apply the other patch later08:03
Romsteri'll wait on your advice beofre i do that if it's ok to use 01-seven-security-patches.patch and libpcre-8.37-CVE-2015-5073.patch ?08:03
Romsterbefore*08:04
jueok08:04
Romsteri'd like to keep in line with core/libpcre08:05
jueso, i'm back now08:49
Romsterta jue id did the same change too.08:56
Romsterfor libpcre-3208:56
juevery good :)09:00
Romsteri was looking at other stuff and i just happened to stumble upon that.09:16
*** jue has joined #crux-devel09:45
*** Romster has quit IRC12:37
*** Romster has joined #crux-devel12:38
*** Feksclaus has joined #crux-devel12:54
*** Feksclaus has quit IRC13:21
frinnstthere were a bunch of security issues with pcre reported a while back. no fixes were available at that time15:16
*** Romster has quit IRC16:28
*** Romster has joined #crux-devel16:28
*** Romster has quit IRC18:46
*** Romster has joined #crux-devel18:47
*** crash_ has quit IRC19:44
*** frinnst has quit IRC19:59
*** frinnst has joined #crux-devel20:00
*** crash_ has joined #crux-devel21:32
*** nrxtx has joined #crux-devel21:36
*** nrxtx has quit IRC21:36
*** nrxtx has joined #crux-devel21:36
*** crash_ has quit IRC21:43
*** crash_ has joined #crux-devel22:01

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!