Flyspray:: Flyspray:: CRUX: Recently opened tasks https://crux.nu/bugs/ 2018-02-18T10:45:10Z FS#1594: Shadow security fix for CVE-2018-7169 2018-02-18T01:07:28Z 2018-02-18T01:07:28Z
Details: https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0

Fixes: Apply the patch in attachment(The patch format for above commit).
Lee https://crux.nu/bugs/:1594
FS#1593: Python2 security fix for CVE-2018-1000030 2018-02-18T00:56:27Z 2018-02-18T00:56:27Z
Details: https://nvd.nist.gov/vuln/detail/CVE-2018-1000030

Fix: Apply the patch in attachment.
Lee https://crux.nu/bugs/:1593
FS#1592: Broken source path in sqlite3-32 2018-02-18T07:12:36Z 2018-02-15T23:38:31Z
When building sqlite3-32, the source fails to download:
=======> ERROR: Downloading 'https://www.sqlite.org/2017/sqlite-autoconf-3220000.tar.gz' failed.

To get the actual source file, the "2017" in the path must be replaced with a "2018".

Jan-Michael Franz https://crux.nu/bugs/:1592
FS#1591: Update contirb/libreoffice 2018-02-12T19:56:33Z 2018-02-12T19:10:32Z
Libreoffice's stable branch has been updated to 5.4.5. From my testing, the version number needs to be bumped and md5sum/signature needs to be updated. The current port is broken due to the removal of the old tarball on libreoffice's servers.

Thanks,
Manu
manu https://crux.nu/bugs/:1591
FS#1588: Security update for mpv to address CVE-2018-6360 2018-02-18T07:19:50Z 2018-02-12T00:26:15Z
Although we backported debian patch, this releases addresses the fix. 0.27.1 for ffmpeg < 3.4, 0.28.1 for ffmpeg >= 3.4. I think we should chose 0.28.1 :)
Lee https://crux.nu/bugs/:1588
FS#1587: revdep: validate rpath/runpath 2018-02-11T22:42:43Z 2018-02-11T13:21:25Z
This is related to  FS#1586 .

Besides imagemagick and some of my ports, with this patch I found:

python:/usr/lib/python2.7/lib-dynload/_bsddb.so:/usr/lib64: unexpected rpath/runpath
cyrus-sasl:/usr/sbin/pluginviewer:/usr/lib64: unexpected rpath/runpath
Fun https://crux.nu/bugs/:1587
FS#1586: imagemagick: perl binding .so files have bogus rpath 2018-02-18T10:45:10Z 2018-02-11T04:52:25Z
The perl binding .so files are being built with RPATH prefixed with the build's
work directory because the imagemagick libs aren't installed yet. The point when
the rpath is set by the build seems to be when 'perl Makefile.PL' gets called
in the PerlMagick directory. I've tried patching this in the local libtool script,
in the various Makefiles, and also by setting environment variables like LD_RUN_PATH
at configure and make execution. All to no avail.

What does work is to rebuild the perl binding with LD_RUN_PATH removed from the linker
command line. This is only possible to accomplish after all of the Makefiles are
actually created.

Also, change '--with-lcms=no --with-lcms2=yes' to '--with-lcms=yes'. Upstream changed
the lcms flags again. Seems only lcms2 is actually supported and --with-lcms is the
only current switch for that now.
John Vogel https://crux.nu/bugs/:1586
FS#1585: bzip2 security fix for CVE-2016-3189 2018-02-09T16:43:34Z 2018-02-09T02:01:49Z
Details: https://nvd.nist.gov/vuln/detail/CVE-2016-3189
Fix: apply the patch in attachment.
Lee https://crux.nu/bugs/:1585
FS#1584: [vte-gtk3] Update to 0.50.2 2018-02-10T02:01:11Z 2018-02-08T13:21:11Z
I've been using 0.50.2 for a while now, with xfce4-terminal and sakura, and
nothing seems to be broken :)
Apart from update to 0.50.2, I also added 3 cherry-picked commits from
upstream 0.50 branch, which are bug-fixes for various memory leaks
(details in the commit message)
Predrag Ivanovic https://crux.nu/bugs/:1584
FS#1583: xorg-xf86-video-qxl has wrong description 2018-02-07T23:14:38Z 2018-02-07T22:16:03Z
The Description field for the xorg-xf86-video-qxl port
should read something like:

Description: QXL virtual GPU driver for the Xorg X server

Probably just a cut-n-paste issue.
John Vogel https://crux.nu/bugs/:1583