GNU bug report logs - #30448
Update librsync to 2.0.1

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Tue, 13 Feb 2018 19:02:01 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Subject: bug#30448: closed (Re: [bug#30448] Update librsync to 2.0.1)
Date: Mon, 25 Feb 2019 23:25:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#30448: Update librsync to 2.0.1

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 30448 <at> debbugs.gnu.org.

-- 
30448: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=30448
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: 30448-done <at> debbugs.gnu.org
Subject: Re: [bug#30448] Update librsync to 2.0.1
Date: Mon, 25 Feb 2019 18:24:10 -0500

[Message part 3 (text/plain, inline)]
On Wed, Feb 13, 2019 at 04:30:24PM -0500, Leo Famulari wrote:
> Since a new librsync user, burp, has been added to Guix, I've submitted
> an updated revision of this patch.

Pushed as 584dbd8568cca381682fb682b7daf7aa37bc7df8

[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: Update librsync to 2.0.1
Date: Tue, 13 Feb 2018 14:01:13 -0500

[Message part 6 (text/plain, inline)]
librsync 2.0.1 is available at a new upstream URL:

https://github.com/librsync/librsync/releases

Patch attached.

This would also include the fix for CVE-2014-8242, which is about use of
a cryptographically broken hash function (truncated MD4), released in
librsync 1.0.0.

However, at least btar and rdiff-backup aren't compatible with this new
version of librsync (I'm still building deja-dup to test its
compatibility).

Additionally, I noticed that the built package doesn't keep any
references to bzip2 or zlib, which seems wrong to me.

Is anyone using one of the dependent packages interested in looking more
closely at this?

[0001-gnu-librsync-Update-to-2.0.1.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years and 87 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.