GNU bug report logs -
#26836
[PATCH] gnu: libarchive: Update to 3.3.1.
Previous Next
Reported by: Kei Kebreau <kei <at> openmailbox.org>
Date: Mon, 8 May 2017 19:08:01 UTC
Severity: normal
Tags: patch
Done: Kei Kebreau <kei <at> openmailbox.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 26836 in the body.
You can then email your comments to 26836 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#26836; Package
guix-patches.
(Mon, 08 May 2017 19:08:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Kei Kebreau <kei <at> openmailbox.org>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 08 May 2017 19:08:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
* gnu/packages/backup.scm (libarchive): Update to 3.3.1.
---
gnu/packages/backup.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index f9c0a22a0..569d5d64b 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -186,7 +186,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
- (version "3.2.2")
+ (version "3.3.1")
(source
(origin
(method url-fetch)
@@ -194,7 +194,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
version ".tar.gz"))
(sha256
(base32
- "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739"))))
+ "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))
(build-system gnu-build-system)
;; TODO: Add -L/path/to/nettle in libarchive.pc.
(inputs
--
2.12.2
Information forwarded
to
guix-patches <at> gnu.org:
bug#26836; Package
guix-patches.
(Mon, 08 May 2017 19:26:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 26836 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>
> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
Thanks!
Can you use a graft instead? Then, the commit message can be like this:
gnu: libarchive: Replace with 3.3.1 [security fixes].
Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
* gnu/packages/backup.scm (libarchive)[replacement]: New field.
(libarchive-3.3.1): New variable.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#26836; Package
guix-patches.
(Mon, 08 May 2017 21:11:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 26836 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
>> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>>
>> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
>
> Thanks!
>
> Can you use a graft instead? Then, the commit message can be like this:
>
> gnu: libarchive: Replace with 3.3.1 [security fixes].
>
> Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
>
> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
> (libarchive-3.3.1): New variable.
Like the patch I've attached?
[0001-gnu-libarchive-Replace-with-3.3.1-security-fixes.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#26836; Package
guix-patches.
(Mon, 08 May 2017 21:57:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 26836 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, May 08, 2017 at 05:10:28PM -0400, Kei Kebreau wrote:
> Leo Famulari <leo <at> famulari.name> writes:
>
> > On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
> >> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
> >>
> >> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
> >
> > Thanks!
> >
> > Can you use a graft instead? Then, the commit message can be like this:
> >
> > gnu: libarchive: Replace with 3.3.1 [security fixes].
> >
> > Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
> >
> > * gnu/packages/backup.scm (libarchive)[replacement]: New field.
> > (libarchive-3.3.1): New variable.
>
> Like the patch I've attached?
> From 45d3157bb61bb8b5f26ff13feb672759b6043e6f Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <kei <at> openmailbox.org>
> Date: Mon, 8 May 2017 14:58:07 -0400
> Subject: [PATCH] gnu: libarchive: Replace with 3.3.1 [security fixes].
> To: 26836 <at> debbugs.gnu.org
>
> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>
> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
> (libarchive-3.3.1): New variable.
Thanks, LGTM!
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Kei Kebreau <kei <at> openmailbox.org>:
You have taken responsibility.
(Tue, 09 May 2017 00:27:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Kei Kebreau <kei <at> openmailbox.org>:
bug acknowledged by developer.
(Tue, 09 May 2017 00:27:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 26836-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> On Mon, May 08, 2017 at 05:10:28PM -0400, Kei Kebreau wrote:
>> Leo Famulari <leo <at> famulari.name> writes:
>>
>> > On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
>> >> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> >>
>> >> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
>> >
>> > Thanks!
>> >
>> > Can you use a graft instead? Then, the commit message can be like this:
>> >
>> > gnu: libarchive: Replace with 3.3.1 [security fixes].
>> >
>> > Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
>> >
>> > * gnu/packages/backup.scm (libarchive)[replacement]: New field.
>> > (libarchive-3.3.1): New variable.
>>
>> Like the patch I've attached?
>
>> From 45d3157bb61bb8b5f26ff13feb672759b6043e6f Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <kei <at> openmailbox.org>
>> Date: Mon, 8 May 2017 14:58:07 -0400
>> Subject: [PATCH] gnu: libarchive: Replace with 3.3.1 [security fixes].
>> To: 26836 <at> debbugs.gnu.org
>>
>> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>>
>> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
>> (libarchive-3.3.1): New variable.
>
> Thanks, LGTM!
Great! Pushed to master.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 06 Jun 2017 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 8 years and 19 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.