GNU bug report logs - #30448
Update librsync to 2.0.1

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 13 Feb 2018 19:02:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: 30448 <at> debbugs.gnu.org
Subject: [bug#30448] Update librsync to 2.0.1
Date: Tue, 13 Feb 2018 14:01:13 -0500

[Message part 1 (text/plain, inline)]
librsync 2.0.1 is available at a new upstream URL:

https://github.com/librsync/librsync/releases

Patch attached.

This would also include the fix for CVE-2014-8242, which is about use of
a cryptographically broken hash function (truncated MD4), released in
librsync 1.0.0.

However, at least btar and rdiff-backup aren't compatible with this new
version of librsync (I'm still building deja-dup to test its
compatibility).

Additionally, I noticed that the built package doesn't keep any
references to bzip2 or zlib, which seems wrong to me.

Is anyone using one of the dependent packages interested in looking more
closely at this?

[0001-gnu-librsync-Update-to-2.0.1.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 87 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.