From unknown Mon Aug 18 18:00:54 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#57546] [PATCH core-updates] gnu: xz: Update to 5.2.6 [security fix]. Resent-From: Greg Hogan Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 02 Sep 2022 17:24:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 57546 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 57546@debbugs.gnu.org Cc: Greg Hogan X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.166213939218023 (code B ref -1); Fri, 02 Sep 2022 17:24:01 +0000 Received: (at submit) by debbugs.gnu.org; 2 Sep 2022 17:23:12 +0000 Received: from localhost ([127.0.0.1]:47604 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oUANs-0004gc-E5 for submit@debbugs.gnu.org; Fri, 02 Sep 2022 13:23:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:49520) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oUANq-0004gV-CZ for submit@debbugs.gnu.org; Fri, 02 Sep 2022 13:23:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51806) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oUANp-0006GQ-Ov for guix-patches@gnu.org; Fri, 02 Sep 2022 13:23:10 -0400 Received: from mail-qt1-x834.google.com ([2607:f8b0:4864:20::834]:35615) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oUANh-0004vQ-Fh for guix-patches@gnu.org; Fri, 02 Sep 2022 13:23:09 -0400 Received: by mail-qt1-x834.google.com with SMTP id h22so2002171qtu.2 for ; Fri, 02 Sep 2022 10:23:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=greghogan-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date; bh=QxZNgb3SDN3TLI0t5YHtm1ONVSYcuUJJMWFIpCIUcsw=; b=YsDFAzTtZo3YsWa7upmfJrgc6PLhTPBhtodypCXoXTCONzn+p1Fn7VkvLyqjuMavqd Q8dsqHcvAfcr+o0HMDVVNhdgsqUu9J+66ENbu9UGr5ogMrvF93MYyVukY/wUw4eNNqnk WPdNVyrT3pBF6Fv4Da12/x/NP8qq91SsVyZWUMKxrq7k5jZWXI2G4xyrH0w9xuHVih+Y Z1bvDzGPqHbw11RuTS0xGwaPKTM44FRYkWtT5JQQywXSbe7S39CpkmbzuWXe6znNeAWE 0NvbZFcei30uRDPh4KHmul3W8vYcoUe7AvBxoLrgc2Lgq1gfNEg9WXnpNq7KZCfF7bLk FubA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date; bh=QxZNgb3SDN3TLI0t5YHtm1ONVSYcuUJJMWFIpCIUcsw=; b=ok+5DVH6iregbv4zye6ZgSYw+uLnc5rUQQV6rCLf5G4q9GCWwsgkCL6TPvA9XQ2CmQ o4LaKbY6g84sUkOLsGCr7r+DYECVVg/t0MkV6Wpxn3KFRohhFfqXuOUn1B7jftkVP58D Shz3JA37CaXpEVxkM13r5rVhfrwEp6omi/JOawS0gE3OA+KvgA4GgLBw0wwn8yM7MUDl xCHmLWazV6FDGqj3TmdnSoQBJoRakZzB54w2ho9R/vNuOAR+3NrPskLUYwlzVwhE9VoK 7m5KZtF/cJfRecEFjrw8JraUQZFNOHH3z1dzHXzoQh3sHNc5DAcgtHagju54bYGFnZNo gdVg== X-Gm-Message-State: ACgBeo3WmF/TOzkICqBrKWRSYozs1iefQMIYZoTeUN/iLfWdy3lTqoEp HGL8TQog9cnBLWhVatvNv7hdKf2DY5yimWxM X-Google-Smtp-Source: AA6agR4dZJQqsEHAScNwTiH6lxq5mtIXxD07zoBUbd6x0agi1dCP8wbtM8bp+BIR5WpZ/5qMdTAV6w== X-Received: by 2002:a05:622a:1a05:b0:343:87eb:c686 with SMTP id f5-20020a05622a1a0500b0034387ebc686mr28905781qtb.643.1662139380089; Fri, 02 Sep 2022 10:23:00 -0700 (PDT) Received: from ip-10-114-89-198.evoforge.org (ec2-52-70-167-183.compute-1.amazonaws.com. [52.70.167.183]) by smtp.gmail.com with ESMTPSA id j11-20020ac85c4b000000b0031ef67386a5sm1301490qtj.68.2022.09.02.10.22.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Sep 2022 10:22:59 -0700 (PDT) From: Greg Hogan Date: Fri, 2 Sep 2022 17:22:57 +0000 Message-Id: X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: none client-ip=2607:f8b0:4864:20::834; envelope-from=code@greghogan.com; helo=mail-qt1-x834.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Includes fix for CVE-2022-1271. * gnu/packages/compression.scm (xz): Update to 5.2.6. --- gnu/packages/compression.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 9e0a132cfc..501db8f38b 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -484,7 +484,7 @@ (define-public pbzip2 (define-public xz (package (name "xz") - (version "5.2.5") + (version "5.2.6") (source (origin (method url-fetch) (uri (list (string-append "http://tukaani.org/xz/xz-" version @@ -493,7 +493,7 @@ (define-public xz version ".tar.gz"))) (sha256 (base32 - "045s9agl3bpv3swlwydhgsqh7791957vmgw2plw8f1rks07r3x7n")))) + "185kj56a996d04d943xisvpifvnsbr7iplyf2nyjxkbvw6z5l452")))) (build-system gnu-build-system) (arguments `(#:phases -- 2.37.2 From unknown Mon Aug 18 18:00:54 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Greg Hogan Subject: bug#57546: closed (Re: [bug#57546] [PATCH core-updates] gnu: xz: Update to 5.2.6 [security fix].) Message-ID: References: <87illxve3n.fsf@gnu.org> X-Gnu-PR-Message: they-closed 57546 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 57546@debbugs.gnu.org Date: Thu, 08 Sep 2022 19:53:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1662666782-17886-1" This is a multi-part message in MIME format... ------------=_1662666782-17886-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #57546: [PATCH core-updates] gnu: xz: Update to 5.2.6 [security fix]. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 57546@debbugs.gnu.org. --=20 57546: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D57546 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1662666782-17886-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 57546-done) by debbugs.gnu.org; 8 Sep 2022 19:52:09 +0000 Received: from localhost ([127.0.0.1]:60155 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oWNZJ-0004dP-G1 for submit@debbugs.gnu.org; Thu, 08 Sep 2022 15:52:09 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43918) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oWNZG-0004cb-Nd for 57546-done@debbugs.gnu.org; Thu, 08 Sep 2022 15:52:07 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:53238) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oWNZB-0000EY-E4; Thu, 08 Sep 2022 15:52:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=4RmvtxqPfUkZzAlXM3+2TyDe8yBNsr9gJ8A7/Qbhcrw=; b=RCGf7fS5UFtUr/e3AU8M DgwI3y+7311r+DhbH2O7ptfE95Y24SKLV6bl8PfI3kyDqQbGX+kd5e0dsHIeaaik0wB/d/VzLIliC QYxcxnV7sp2fwiK4FBjr+a7p5bKfLA1FJekXGbRvNq/5HFY2KjWUKOkdDVTkrSutfVgs9X0ZnLgRN 0tMnAtQGX2ksDHym9qucNL9t1uUYWBorkfFl6Bc9CjMjImk0DfSmhGiNJkee/WIwqheCxPKJTTsm+ 9jL/mWH2/4xskJq3xE4ze8114Yqs4hkN20Gql94u3li+RKjNPp7/gvy/+2Y4lTNkl58bwT7KrTpfv rkTwj9UPbHmgJQ==; Received: from [84.214.173.6] (port=57608 helo=localhost) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oWNZ9-0007Ra-Rn; Thu, 08 Sep 2022 15:52:00 -0400 From: Marius Bakke To: Greg Hogan , 57546-done@debbugs.gnu.org Subject: Re: [bug#57546] [PATCH core-updates] gnu: xz: Update to 5.2.6 [security fix]. In-Reply-To: References: Date: Thu, 08 Sep 2022 21:51:56 +0200 Message-ID: <87illxve3n.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 57546-done Cc: Greg Hogan X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Greg Hogan skriver: > Includes fix for CVE-2022-1271. > > * gnu/packages/compression.scm (xz): Update to 5.2.6. Pushed in d4485c5af7b6f0412b5d536eff62d0c666a5dbe6, thanks! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIUEARYKAC0WIQRNTknu3zbaMQ2ddzTocYulkRQQdwUCYxpH3A8cbWFyaXVzQGdu dS5vcmcACgkQ6HGLpZEUEHer7gEAl6pU68fhCbZgO6NS2M+eSzg7qG94aXAI5Evq Kqw+bfUBAJcdkqCjHnhQTKgbkXsmNwUkteP7giV9jM9M9/EP58MN =G1iS -----END PGP SIGNATURE----- --=-=-=-- ------------=_1662666782-17886-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 2 Sep 2022 17:23:12 +0000 Received: from localhost ([127.0.0.1]:47604 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oUANs-0004gc-E5 for submit@debbugs.gnu.org; Fri, 02 Sep 2022 13:23:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:49520) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oUANq-0004gV-CZ for submit@debbugs.gnu.org; Fri, 02 Sep 2022 13:23:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51806) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oUANp-0006GQ-Ov for guix-patches@gnu.org; Fri, 02 Sep 2022 13:23:10 -0400 Received: from mail-qt1-x834.google.com ([2607:f8b0:4864:20::834]:35615) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oUANh-0004vQ-Fh for guix-patches@gnu.org; Fri, 02 Sep 2022 13:23:09 -0400 Received: by mail-qt1-x834.google.com with SMTP id h22so2002171qtu.2 for ; Fri, 02 Sep 2022 10:23:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=greghogan-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date; bh=QxZNgb3SDN3TLI0t5YHtm1ONVSYcuUJJMWFIpCIUcsw=; b=YsDFAzTtZo3YsWa7upmfJrgc6PLhTPBhtodypCXoXTCONzn+p1Fn7VkvLyqjuMavqd Q8dsqHcvAfcr+o0HMDVVNhdgsqUu9J+66ENbu9UGr5ogMrvF93MYyVukY/wUw4eNNqnk WPdNVyrT3pBF6Fv4Da12/x/NP8qq91SsVyZWUMKxrq7k5jZWXI2G4xyrH0w9xuHVih+Y Z1bvDzGPqHbw11RuTS0xGwaPKTM44FRYkWtT5JQQywXSbe7S39CpkmbzuWXe6znNeAWE 0NvbZFcei30uRDPh4KHmul3W8vYcoUe7AvBxoLrgc2Lgq1gfNEg9WXnpNq7KZCfF7bLk FubA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date; bh=QxZNgb3SDN3TLI0t5YHtm1ONVSYcuUJJMWFIpCIUcsw=; b=ok+5DVH6iregbv4zye6ZgSYw+uLnc5rUQQV6rCLf5G4q9GCWwsgkCL6TPvA9XQ2CmQ o4LaKbY6g84sUkOLsGCr7r+DYECVVg/t0MkV6Wpxn3KFRohhFfqXuOUn1B7jftkVP58D Shz3JA37CaXpEVxkM13r5rVhfrwEp6omi/JOawS0gE3OA+KvgA4GgLBw0wwn8yM7MUDl xCHmLWazV6FDGqj3TmdnSoQBJoRakZzB54w2ho9R/vNuOAR+3NrPskLUYwlzVwhE9VoK 7m5KZtF/cJfRecEFjrw8JraUQZFNOHH3z1dzHXzoQh3sHNc5DAcgtHagju54bYGFnZNo gdVg== X-Gm-Message-State: ACgBeo3WmF/TOzkICqBrKWRSYozs1iefQMIYZoTeUN/iLfWdy3lTqoEp HGL8TQog9cnBLWhVatvNv7hdKf2DY5yimWxM X-Google-Smtp-Source: AA6agR4dZJQqsEHAScNwTiH6lxq5mtIXxD07zoBUbd6x0agi1dCP8wbtM8bp+BIR5WpZ/5qMdTAV6w== X-Received: by 2002:a05:622a:1a05:b0:343:87eb:c686 with SMTP id f5-20020a05622a1a0500b0034387ebc686mr28905781qtb.643.1662139380089; Fri, 02 Sep 2022 10:23:00 -0700 (PDT) Received: from ip-10-114-89-198.evoforge.org (ec2-52-70-167-183.compute-1.amazonaws.com. [52.70.167.183]) by smtp.gmail.com with ESMTPSA id j11-20020ac85c4b000000b0031ef67386a5sm1301490qtj.68.2022.09.02.10.22.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Sep 2022 10:22:59 -0700 (PDT) From: Greg Hogan To: guix-patches@gnu.org Subject: [PATCH core-updates] gnu: xz: Update to 5.2.6 [security fix]. Date: Fri, 2 Sep 2022 17:22:57 +0000 Message-Id: X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: none client-ip=2607:f8b0:4864:20::834; envelope-from=code@greghogan.com; helo=mail-qt1-x834.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: Greg Hogan X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Includes fix for CVE-2022-1271. * gnu/packages/compression.scm (xz): Update to 5.2.6. --- gnu/packages/compression.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm index 9e0a132cfc..501db8f38b 100644 --- a/gnu/packages/compression.scm +++ b/gnu/packages/compression.scm @@ -484,7 +484,7 @@ (define-public pbzip2 (define-public xz (package (name "xz") - (version "5.2.5") + (version "5.2.6") (source (origin (method url-fetch) (uri (list (string-append "http://tukaani.org/xz/xz-" version @@ -493,7 +493,7 @@ (define-public xz version ".tar.gz"))) (sha256 (base32 - "045s9agl3bpv3swlwydhgsqh7791957vmgw2plw8f1rks07r3x7n")))) + "185kj56a996d04d943xisvpifvnsbr7iplyf2nyjxkbvw6z5l452")))) (build-system gnu-build-system) (arguments `(#:phases -- 2.37.2 ------------=_1662666782-17886-1--