From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: beep 1.3 -- security update
Date: Fri, 06 Apr 2018 10:03:30 +0100
Message-ID: <1523005410.1009312.101.camel@ipfire.org>
In-Reply-To: <016cb11b-6d3b-8e66-3db8-21a31b9b8d0f@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============3541864149769204994=="
List-Id: <development.lists.ipfire.org>

--===============3541864149769204994==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Yes, that is what we want :)

Best,
-Michael

On Fri, 2018-04-06 at 08:58 +0200, Matthias Fischer wrote:
> Hi,
>=20
> Thanks for the link!
>=20
> Just to be sure that I got your point:
>=20
> I found two relevant links.
>=20
> https://src.fedoraproject.org/cgit/rpms/beep.git/commit/?id=3Dd37578b06ad36=
6a4b4
> 873afe027fe1c06c9782df
>=20
> and
>=20
> https://src.fedoraproject.org/cgit/rpms/beep.git/commit/?id=3Dbafa252a73556=
eaba1
> d496d69b3cb32261dec78b
>=20
> Since I wasn't quite sure right away in which order these
> patches should be applied, I oriented myself on the file numbering:
>=20
> 0001-Fixed-Makefile.patch
> 0002-Add-more-error-detection.patch
> 0004-also-catch-SIGTERM-for-stopping-the-beep.patch
> 0005-Make-build-install-more-user-and-packaging-friendly.patch
> 0006-Preserve-file-modification-time-on-install.patch
> 0007-Fix-identation-if-brace-error.patch
> 0008-Apply-CVE-2018-0492-from-Debian-package.patch
>=20
> All patches apply, building seems to be ok.
>=20
> Is this what you meant?
>=20
> Best,
> Matthias
>=20
> On 05.04.2018 18:44, Michael Tremer wrote:
> > Hi,
> >=20
> > I have heard that some people where a bit unhappy with the proposed patch=
.=20
> >=20
> > Fedora has some fixes for that patch here:
> >   https://src.fedoraproject.org/cgit/rpms/beep.git
> >=20
> > We should probably use Fedora's version.
> >=20
> > -Michael
> >=20
> > On Thu, 2018-04-05 at 18:39 +0200, Matthias Fischer wrote:
> > > Hi,
> > >=20
> > > just for the records:
> > >=20
> > > Info:
> > > https://www.debian.org/security/2018/dsa-4163
> > >=20
> > > CVE-2018-0492:
> > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3D2018-0492
> > >=20
> > > Patch:
> > > https://github.com/johnath/beep/issues/11#issuecomment-378383752
> > >=20
> > > "Devel" is running...
> > >=20
> > > Best,
> > > Matthias
>=20
>=20

--===============3541864149769204994==--