GNU bug report logs -
#73689
[PATCH] gnu: toybox: Update to 0.8.11. [security fixes]
Previous Next
Reported by: Nicolas Graves <ngraves <at> ngraves.fr>
Date: Tue, 8 Oct 2024 06:23:01 UTC
Severity: normal
Tags: patch
Done: Sharlatan Hellseher <sharlatanus <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 73689 in the body.
You can then email your comments to 73689 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#73689; Package
guix-patches.
(Tue, 08 Oct 2024 06:23:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 08 Oct 2024 06:23:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-32298.
* gnu/packages/busybox.scm (toybox): Update to 0.8.11.
[arguments]<#:phases>: Adjust phase 'fix-or-skip-broken-tests.
---
gnu/packages/busybox.scm | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/busybox.scm b/gnu/packages/busybox.scm
index a8b775b944..f811a7175f 100644
--- a/gnu/packages/busybox.scm
+++ b/gnu/packages/busybox.scm
@@ -130,7 +130,7 @@ (define-public busybox
(define-public toybox
(package
(name "toybox")
- (version "0.8.7")
+ (version "0.8.11")
(source (origin
(method url-fetch)
(uri (string-append
@@ -138,7 +138,7 @@ (define-public toybox
version ".tar.gz"))
(sha256
(base32
- "150lvp7hf9ndafvmr42kb8xi86hxjd2zj4binwwhgjw2dwrvy25m"))))
+ "1p37zqxhj48klwwxl8jc2hw1x7pr2w39bfb1nx6qghaf5y1kzahm"))))
(build-system gnu-build-system)
(arguments
(list #:make-flags
@@ -154,11 +154,15 @@ (define-public toybox
(lambda _
;; Some tests expect $USER to magically be the current user.
(setenv "USER" (passwd:name (getpwnam (geteuid))))
+ ;; This uses /bin/sh.
+ (substitute* "tests/timeout.test"
+ (("/bin/sh") (which "bash")))
;; This expects directories to be exactly 4K. They aren't!
(delete-file "tests/du.test")
;; Delete tests that expect a root or 0 user to exist.
(substitute* "tests/id.test"
- (("^testing .*[ \\(]root.*") ""))))
+ (("^testing .*[ \\(]root.*") ""))
+ (delete-file "tests/tar.test")))
(add-after 'install 'remove-usr-directory
(lambda* (#:key outputs #:allow-other-keys)
(delete-file-recursively (string-append #$output "/usr")))))
--
2.46.0
Reply sent
to
Sharlatan Hellseher <sharlatanus <at> gmail.com>:
You have taken responsibility.
(Fri, 11 Oct 2024 13:33:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
bug acknowledged by developer.
(Fri, 11 Oct 2024 13:33:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 73689-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Pushed as e347386a7ff96fce644894ba2a0889d273500e11 to master.
Thanks,
Oleg
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 09 Nov 2024 12:24:12 GMT)
Full text and
rfc822 format available.
This bug report was last modified 300 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.