GNU bug report logs -
#28972
[PATCH] gnu: Remove unrar.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Tue, 24 Oct 2017 18:53:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#28972: [PATCH] gnu: Remove unrar.
which was filed against the guix-patches package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 28972 <at> debbugs.gnu.org.
--
28972: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=28972
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
On Wed, Oct 25, 2017 at 04:30:43PM +0200, Ricardo Wurmus wrote:
>
> Adonay Felipe Nogueira <adfeno <at> hyperbola.info> writes:
>
> > Perhaps The Unarchiver (unar, no R in the middle)?
> >
> > See <https://directory.fsf.org/wiki/Unar>
>
> I tried packaging this once, but it is quite difficult as it depends on
> an Objective C compiler (which is currently broken in Guix due to the
> fact that GCC doesn’t find it) and GNUstep (which is not fully packaged
> yet).
>
> I agree with Leo to remove the outdated unrar package. Waiting for the
> alternative to be packaged would not be reasonable, given the size of
> the task.
Removed with commit 2560aa7adbfcb46306e8b19180bd48d39c2da6dc.
If anyone is interested in maintaining a package outside of Guix, Debian
has written some patches for the recently discovered bugs, distributed
in their package version 1:0.0.1+cvs20140707-4:
https://packages.debian.org/sid/unrar-free
http://http.debian.net/debian/pool/main/u/unrar-free/unrar-free_0.0.1+cvs20140707-4.debian.tar.xz
I thought about taking these patches, but the bug reporter said it took
them only "a few minutes" to find these bugs, so I'm not optimistic
about the state of this program, at least if it is not maintained
upstream.
[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
This package is abandoned upstream and contains serious bugs:
http://seclists.org/oss-sec/2017/q3/329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14122
* gnu/packages/compression.scm (unrar): Remove variable.
---
gnu/packages/compression.scm | 18 ------------------
1 file changed, 18 deletions(-)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index a2bf3a186..c06c3c52e 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1285,24 +1285,6 @@ or junctions, and always follows hard links.")
archives from InstallShield installers.")
(license license:expat)))
-(define-public unrar
- (package
- (name "unrar")
- (version "0.0.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "http://download.gna.org/unrar/unrar-" version ".tar.gz"))
- (sha256
- (base32
- "1fgmjaxffj3shyxgy765jhxwz1cq88hk0fih1bsdzyvymyyz6mz7"))))
- (build-system gnu-build-system)
- (home-page "http://download.gna.org/unrar")
- (synopsis "RAR archive extraction tool")
- (description "Unrar is a simple command-line program to list and extract
-RAR archives.")
- (license license:gpl2+)))
-
(define-public zstd
(package
(name "zstd")
--
2.14.3
This bug report was last modified 7 years and 249 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.