<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;font-size:small"><br></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Oct 31, 2018 at 9:10 AM Udo Grabowski (IMK) <<a href="mailto:udo.grabowski@kit.edu">udo.grabowski@kit.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 30/10/2018 11:25, Peter Tribble wrote:<br>
><br>
><br>
> On Tue, Oct 30, 2018 at 10:13 AM Udo Grabowski (IMK) <<a href="mailto:udo.grabowski@kit.edu" target="_blank">udo.grabowski@kit.edu</a><br>
> <mailto:<a href="mailto:udo.grabowski@kit.edu" target="_blank">udo.grabowski@kit.edu</a>>> wrote:<br>
><br>
> This Xorg patch should be immediately merged in Hipster:<br>
><br>
><br>
> It was merged and updated packages published last Thursday, by the looks of it:<br>
><br>
> commit b694face8cd955399d90fae658d6a01fb1fa9c5b<br>
> Author: Aurelien Larcher <<a href="mailto:aurelien.larcher@gmail.com" target="_blank">aurelien.larcher@gmail.com</a><br>
> <mailto:<a href="mailto:aurelien.larcher@gmail.com" target="_blank">aurelien.larcher@gmail.com</a>>><br>
> Date: Thu Oct 25 19:31:53 2018 +0200<br>
><br>
> xorg-server: CVE-2018-14665<br>
><br>
><br>
><br>
> <<a href="https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e" rel="noreferrer" target="_blank">https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e</a>><br>
><br>
> That check had been part of older Xorgs ,e.g., on oi_151a9.<br>
><br>
> See the really nasty CVE-2018-14665:<br>
> <<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665" rel="noreferrer" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665</a>><br>
> --<br>
> ...<br>
> --<br>
> -Peter Tribble<br>
> <a href="http://www.petertribble.co.uk/" rel="noreferrer" target="_blank">http://www.petertribble.co.uk/</a> - <a href="http://ptribble.blogspot.com/" rel="noreferrer" target="_blank">http://ptribble.blogspot.com/</a><br>
<br>
Indeed, didn't find x11 because I was on the wrong branch<br>
<<a href="https://github.com/OpenIndiana/oi-userland/tree/upstream/components" rel="noreferrer" target="_blank">https://github.com/OpenIndiana/oi-userland/tree/upstream/components</a>><br>
instead of<br>
<<a href="https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components" rel="noreferrer" target="_blank">https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components</a>><br>
<br>
Security bugs like that completely destroy my approach of jumping<br>
from one 'stable' release to the next, so the only secure way is indeed<br>
a rolling release if you don't have enough manpower to maintain a<br>
cherry-picking 'stable' major-bugfix-only branch.<br></blockquote><div><br></div><div><div style="font-family:arial,helvetica,sans-serif;font-size:small" class="gmail_default">You can probably just unlock the version facet to allow update of xorg only while keeping the rest of userland-incorporation in place.</div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-- <br>
Dr.Udo Grabowski Inst.f.Meteorology & Climate Research IMK-ASF-SAT<br>
<a href="http://www.imk-asf.kit.edu/english/sat.php" rel="noreferrer" target="_blank">http://www.imk-asf.kit.edu/english/sat.php</a><br>
KIT - Karlsruhe Institute of Technology <a href="http://www.kit.edu" rel="noreferrer" target="_blank">http://www.kit.edu</a><br>
Postfach 3640,76021 Karlsruhe,Germany T:(+49)721 608-26026 F:-926026<br>
<br>
_______________________________________________<br>
oi-dev mailing list<br>
<a href="mailto:oi-dev@openindiana.org" target="_blank">oi-dev@openindiana.org</a><br>
<a href="https://openindiana.org/mailman/listinfo/oi-dev" rel="noreferrer" target="_blank">https://openindiana.org/mailman/listinfo/oi-dev</a></blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font style="font-family:courier new,monospace" size="1">---<br>Praise the Caffeine embeddings<br></font></div></div></div></div></div>