GNU bug report logs - #30448
Update librsync to 2.0.1

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 13 Feb 2018 19:02:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#30448: closed (Update librsync to 2.0.1)
Date: Wed, 13 Feb 2019 00:01:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Tue, 12 Feb 2019 19:00:35 -0500
with message-id <20190213000035.GA2069 <at> jasmine.lan>
and subject line Re: Breaking rdiff-backup and btar (was Re: [bug#30448] Update librsync to 2.0.1)
has caused the debbugs.gnu.org bug report #30448,
regarding Update librsync to 2.0.1
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
30448: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=30448
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: Update librsync to 2.0.1
Date: Tue, 13 Feb 2018 14:01:13 -0500

[Message part 3 (text/plain, inline)]
librsync 2.0.1 is available at a new upstream URL:

https://github.com/librsync/librsync/releases

Patch attached.

This would also include the fix for CVE-2014-8242, which is about use of
a cryptographically broken hash function (truncated MD4), released in
librsync 1.0.0.

However, at least btar and rdiff-backup aren't compatible with this new
version of librsync (I'm still building deja-dup to test its
compatibility).

Additionally, I noticed that the built package doesn't keep any
references to bzip2 or zlib, which seems wrong to me.

Is anyone using one of the dependent packages interested in looking more
closely at this?

[0001-gnu-librsync-Update-to-2.0.1.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
[Message part 6 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
Cc: 30448-done <at> debbugs.gnu.org
Subject: Re: Breaking rdiff-backup and btar (was Re: [bug#30448] Update
 librsync to 2.0.1)
Date: Tue, 12 Feb 2019 19:00:35 -0500

[Message part 7 (text/plain, inline)]
On Wed, Apr 25, 2018 at 01:23:33PM -0400, Leo Famulari wrote:
> Btw, the affected packages (btar, rdiff-backup, and duplicity) are the
> only users of librsync in Guix. So I think there is no reason to
> update librsync for now.

Closing this bug ticket...

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 86 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.