GNU bug report logs - #26836
[PATCH] gnu: libarchive: Update to 3.3.1.

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Kei Kebreau <kei <at> openmailbox.org>
Subject: bug#26836: closed (Re: bug#26836: [PATCH] gnu: libarchive: Update
 to 3.3.1.)
Date: Tue, 09 May 2017 00:27:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#26836: [PATCH] gnu: libarchive: Update to 3.3.1.

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 26836 <at> debbugs.gnu.org.

-- 
26836: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=26836
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Kei Kebreau <kei <at> openmailbox.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 26836-done <at> debbugs.gnu.org
Subject: Re: bug#26836: [PATCH] gnu: libarchive: Update to 3.3.1.
Date: Mon, 08 May 2017 20:26:22 -0400

[Message part 3 (text/plain, inline)]

Leo Famulari <leo <at> famulari.name> writes:

> On Mon, May 08, 2017 at 05:10:28PM -0400, Kei Kebreau wrote:
>> Leo Famulari <leo <at> famulari.name> writes:
>> 
>> > On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
>> >> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> >> 
>> >> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
>> >
>> > Thanks!
>> >
>> > Can you use a graft instead? Then, the commit message can be like this:
>> >
>> > gnu: libarchive: Replace with 3.3.1 [security fixes].
>> >
>> > Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
>> >
>> > * gnu/packages/backup.scm (libarchive)[replacement]: New field.
>> > (libarchive-3.3.1): New variable.
>> 
>> Like the patch I've attached?
>
>> From 45d3157bb61bb8b5f26ff13feb672759b6043e6f Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <kei <at> openmailbox.org>
>> Date: Mon, 8 May 2017 14:58:07 -0400
>> Subject: [PATCH] gnu: libarchive: Replace with 3.3.1 [security fixes].
>> To: 26836 <at> debbugs.gnu.org
>> 
>> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> 
>> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
>> (libarchive-3.3.1): New variable.
>
> Thanks, LGTM!

Great! Pushed to master.

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Kei Kebreau <kei <at> openmailbox.org>
To: guix-patches <at> gnu.org
Cc: Kei Kebreau <kei <at> openmailbox.org>
Subject: [PATCH] gnu: libarchive: Update to 3.3.1.
Date: Mon,  8 May 2017 15:07:14 -0400

Fixes CVE-2016-{10209,10350} and CVE-2017-5601.

* gnu/packages/backup.scm (libarchive): Update to 3.3.1.
---
 gnu/packages/backup.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index f9c0a22a0..569d5d64b 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -186,7 +186,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
-    (version "3.2.2")
+    (version "3.3.1")
     (source
      (origin
        (method url-fetch)
@@ -194,7 +194,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739"))))
+         "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))
     (build-system gnu-build-system)
     ;; TODO: Add -L/path/to/nettle in libarchive.pc.
     (inputs
-- 
2.12.2

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.