GNU bug report logs -
#28972
[PATCH] gnu: Remove unrar.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Tue, 24 Oct 2017 18:53:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Sun, 12 Nov 2017 16:20:35 -0500
with message-id <20171112212035.GF10629 <at> jasmine.lan>
and subject line Re: [bug#28972] [PATCH] gnu: Remove unrar.
has caused the debbugs.gnu.org bug report #28972,
regarding [PATCH] gnu: Remove unrar.
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
28972: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=28972
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
This package is abandoned upstream and contains serious bugs:
http://seclists.org/oss-sec/2017/q3/329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14122
* gnu/packages/compression.scm (unrar): Remove variable.
---
gnu/packages/compression.scm | 18 ------------------
1 file changed, 18 deletions(-)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index a2bf3a186..c06c3c52e 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1285,24 +1285,6 @@ or junctions, and always follows hard links.")
archives from InstallShield installers.")
(license license:expat)))
-(define-public unrar
- (package
- (name "unrar")
- (version "0.0.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "http://download.gna.org/unrar/unrar-" version ".tar.gz"))
- (sha256
- (base32
- "1fgmjaxffj3shyxgy765jhxwz1cq88hk0fih1bsdzyvymyyz6mz7"))))
- (build-system gnu-build-system)
- (home-page "http://download.gna.org/unrar")
- (synopsis "RAR archive extraction tool")
- (description "Unrar is a simple command-line program to list and extract
-RAR archives.")
- (license license:gpl2+)))
-
(define-public zstd
(package
(name "zstd")
--
2.14.3
[Message part 3 (message/rfc822, inline)]
[Message part 4 (text/plain, inline)]
On Wed, Oct 25, 2017 at 04:30:43PM +0200, Ricardo Wurmus wrote:
>
> Adonay Felipe Nogueira <adfeno <at> hyperbola.info> writes:
>
> > Perhaps The Unarchiver (unar, no R in the middle)?
> >
> > See <https://directory.fsf.org/wiki/Unar>
>
> I tried packaging this once, but it is quite difficult as it depends on
> an Objective C compiler (which is currently broken in Guix due to the
> fact that GCC doesn’t find it) and GNUstep (which is not fully packaged
> yet).
>
> I agree with Leo to remove the outdated unrar package. Waiting for the
> alternative to be packaged would not be reasonable, given the size of
> the task.
Removed with commit 2560aa7adbfcb46306e8b19180bd48d39c2da6dc.
If anyone is interested in maintaining a package outside of Guix, Debian
has written some patches for the recently discovered bugs, distributed
in their package version 1:0.0.1+cvs20140707-4:
https://packages.debian.org/sid/unrar-free
http://http.debian.net/debian/pool/main/u/unrar-free/unrar-free_0.0.1+cvs20140707-4.debian.tar.xz
I thought about taking these patches, but the bug reporter said it took
them only "a few minutes" to find these bugs, so I'm not optimistic
about the state of this program, at least if it is not maintained
upstream.
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 249 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.