[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 02/03: gnu: nghttp2: Update to 1.31.1 [fixes CVE-2018-1000168].
From: |
Mark H Weaver |
Subject: |
Re: 02/03: gnu: nghttp2: Update to 1.31.1 [fixes CVE-2018-1000168]. |
Date: |
Thu, 12 Apr 2018 15:29:54 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Marius Bakke <address@hidden> writes:
> Mark H Weaver <address@hidden> writes:
>
>> Hi Marius,
>>
>> address@hidden (Marius Bakke) writes:
>>
>>> mbakke pushed a commit to branch master
>>> in repository guix.
>>>
>>> commit 65bfe30d8a4e930599603f6d835023bbd0dbcb9a
>>> Author: Marius Bakke <address@hidden>
>>> Date: Thu Apr 12 19:43:31 2018 +0200
>>>
>>> gnu: nghttp2: Update to 1.31.1 [fixes CVE-2018-1000168].
>>>
>>> * gnu/packages/web.scm (nghttp2): Update to 1.31.1.
>>
>> Thank you for this, but it would entail far too many builds to update on
>> the 'master' branch. 'curl' depends on 'nghttp2'. According to 'guix
>> refresh -l', it would require 2839 rebuilds on x86_64.
>
> On 'master', nghttp2 only has 1 dependent, the reverse curl dependency
> was added in this 'core-updates'.
Ah, sorry for the mistake. I just reverted my revert.
> Since we haven't started the "full" core-updates on Hydra yet, I figured
> it was okay. What do you think?
Okay. I just merged master into core-updates, so that those of us
tracking core-updates can start rebuilding it again.
Thanks,
Mark