* beep 1.3 -- security update
@ 2018-04-05 16:39 Matthias Fischer
2018-04-05 16:44 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Matthias Fischer @ 2018-04-05 16:39 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 265 bytes --]
Hi,
just for the records:
Info:
https://www.debian.org/security/2018/dsa-4163
CVE-2018-0492:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0492
Patch:
https://github.com/johnath/beep/issues/11#issuecomment-378383752
"Devel" is running...
Best,
Matthias
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: beep 1.3 -- security update
2018-04-05 16:39 beep 1.3 -- security update Matthias Fischer
@ 2018-04-05 16:44 ` Michael Tremer
2018-04-06 6:58 ` Matthias Fischer
0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2018-04-05 16:44 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 587 bytes --]
Hi,
I have heard that some people where a bit unhappy with the proposed patch.
Fedora has some fixes for that patch here:
https://src.fedoraproject.org/cgit/rpms/beep.git
We should probably use Fedora's version.
-Michael
On Thu, 2018-04-05 at 18:39 +0200, Matthias Fischer wrote:
> Hi,
>
> just for the records:
>
> Info:
> https://www.debian.org/security/2018/dsa-4163
>
> CVE-2018-0492:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0492
>
> Patch:
> https://github.com/johnath/beep/issues/11#issuecomment-378383752
>
> "Devel" is running...
>
> Best,
> Matthias
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: beep 1.3 -- security update
2018-04-05 16:44 ` Michael Tremer
@ 2018-04-06 6:58 ` Matthias Fischer
2018-04-06 9:03 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Matthias Fischer @ 2018-04-06 6:58 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1581 bytes --]
Hi,
Thanks for the link!
Just to be sure that I got your point:
I found two relevant links.
https://src.fedoraproject.org/cgit/rpms/beep.git/commit/?id=d37578b06ad366a4b4873afe027fe1c06c9782df
and
https://src.fedoraproject.org/cgit/rpms/beep.git/commit/?id=bafa252a73556eaba1d496d69b3cb32261dec78b
Since I wasn't quite sure right away in which order these
patches should be applied, I oriented myself on the file numbering:
0001-Fixed-Makefile.patch
0002-Add-more-error-detection.patch
0004-also-catch-SIGTERM-for-stopping-the-beep.patch
0005-Make-build-install-more-user-and-packaging-friendly.patch
0006-Preserve-file-modification-time-on-install.patch
0007-Fix-identation-if-brace-error.patch
0008-Apply-CVE-2018-0492-from-Debian-package.patch
All patches apply, building seems to be ok.
Is this what you meant?
Best,
Matthias
On 05.04.2018 18:44, Michael Tremer wrote:
> Hi,
>
> I have heard that some people where a bit unhappy with the proposed patch.
>
> Fedora has some fixes for that patch here:
> https://src.fedoraproject.org/cgit/rpms/beep.git
>
> We should probably use Fedora's version.
>
> -Michael
>
> On Thu, 2018-04-05 at 18:39 +0200, Matthias Fischer wrote:
>> Hi,
>>
>> just for the records:
>>
>> Info:
>> https://www.debian.org/security/2018/dsa-4163
>>
>> CVE-2018-0492:
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0492
>>
>> Patch:
>> https://github.com/johnath/beep/issues/11#issuecomment-378383752
>>
>> "Devel" is running...
>>
>> Best,
>> Matthias
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: beep 1.3 -- security update
2018-04-06 6:58 ` Matthias Fischer
@ 2018-04-06 9:03 ` Michael Tremer
0 siblings, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2018-04-06 9:03 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1843 bytes --]
Yes, that is what we want :)
Best,
-Michael
On Fri, 2018-04-06 at 08:58 +0200, Matthias Fischer wrote:
> Hi,
>
> Thanks for the link!
>
> Just to be sure that I got your point:
>
> I found two relevant links.
>
> https://src.fedoraproject.org/cgit/rpms/beep.git/commit/?id=d37578b06ad366a4b4
> 873afe027fe1c06c9782df
>
> and
>
> https://src.fedoraproject.org/cgit/rpms/beep.git/commit/?id=bafa252a73556eaba1
> d496d69b3cb32261dec78b
>
> Since I wasn't quite sure right away in which order these
> patches should be applied, I oriented myself on the file numbering:
>
> 0001-Fixed-Makefile.patch
> 0002-Add-more-error-detection.patch
> 0004-also-catch-SIGTERM-for-stopping-the-beep.patch
> 0005-Make-build-install-more-user-and-packaging-friendly.patch
> 0006-Preserve-file-modification-time-on-install.patch
> 0007-Fix-identation-if-brace-error.patch
> 0008-Apply-CVE-2018-0492-from-Debian-package.patch
>
> All patches apply, building seems to be ok.
>
> Is this what you meant?
>
> Best,
> Matthias
>
> On 05.04.2018 18:44, Michael Tremer wrote:
> > Hi,
> >
> > I have heard that some people where a bit unhappy with the proposed patch.
> >
> > Fedora has some fixes for that patch here:
> > https://src.fedoraproject.org/cgit/rpms/beep.git
> >
> > We should probably use Fedora's version.
> >
> > -Michael
> >
> > On Thu, 2018-04-05 at 18:39 +0200, Matthias Fischer wrote:
> > > Hi,
> > >
> > > just for the records:
> > >
> > > Info:
> > > https://www.debian.org/security/2018/dsa-4163
> > >
> > > CVE-2018-0492:
> > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0492
> > >
> > > Patch:
> > > https://github.com/johnath/beep/issues/11#issuecomment-378383752
> > >
> > > "Devel" is running...
> > >
> > > Best,
> > > Matthias
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-04-06 9:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-05 16:39 beep 1.3 -- security update Matthias Fischer
2018-04-05 16:44 ` Michael Tremer
2018-04-06 6:58 ` Matthias Fischer
2018-04-06 9:03 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox