From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: beep 1.3 -- security update
Date: Fri, 06 Apr 2018 08:58:43 +0200
Message-ID: <016cb11b-6d3b-8e66-3db8-21a31b9b8d0f@ipfire.org>
In-Reply-To: <1522946670.1009312.99.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2774057244754313455=="
List-Id: <development.lists.ipfire.org>

--===============2774057244754313455==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

Thanks for the link!

Just to be sure that I got your point:

I found two relevant links.

https://src.fedoraproject.org/cgit/rpms/beep.git/commit/?id=3Dd37578b06ad366a=
4b4873afe027fe1c06c9782df

and

https://src.fedoraproject.org/cgit/rpms/beep.git/commit/?id=3Dbafa252a73556ea=
ba1d496d69b3cb32261dec78b

Since I wasn't quite sure right away in which order these
patches should be applied, I oriented myself on the file numbering:

0001-Fixed-Makefile.patch
0002-Add-more-error-detection.patch
0004-also-catch-SIGTERM-for-stopping-the-beep.patch
0005-Make-build-install-more-user-and-packaging-friendly.patch
0006-Preserve-file-modification-time-on-install.patch
0007-Fix-identation-if-brace-error.patch
0008-Apply-CVE-2018-0492-from-Debian-package.patch

All patches apply, building seems to be ok.

Is this what you meant?

Best,
Matthias

On 05.04.2018 18:44, Michael Tremer wrote:
> Hi,
>=20
> I have heard that some people where a bit unhappy with the proposed patch. =

>=20
> Fedora has some fixes for that patch here:
>   https://src.fedoraproject.org/cgit/rpms/beep.git
>=20
> We should probably use Fedora's version.
>=20
> -Michael
>=20
> On Thu, 2018-04-05 at 18:39 +0200, Matthias Fischer wrote:
>> Hi,
>>=20
>> just for the records:
>>=20
>> Info:
>> https://www.debian.org/security/2018/dsa-4163
>>=20
>> CVE-2018-0492:
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2018-0492
>>=20
>> Patch:
>> https://github.com/johnath/beep/issues/11#issuecomment-378383752
>>=20
>> "Devel" is running...
>>=20
>> Best,
>> Matthias
>=20


--===============2774057244754313455==--