GNU bug report logs -
#74050
[PATCH 0/6] Add lint-hidden-cve property for near-leaf packages.
Previous Next
Reported by: Nicolas Graves <ngraves <at> ngraves.fr>
Date: Sun, 27 Oct 2024 18:26:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #14 received at 74050 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/compression.scm (upx): Update to 4.2.4.
[properties]: Add lint-hidden-cve property.
---
gnu/packages/compression.scm | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 97696ff0ef..a32b15a64a 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -2438,15 +2438,14 @@ (define-public ucl
(define-public upx
(package
(name "upx")
- (version "4.1.0")
+ (version "4.2.4")
(source
(origin
(method url-fetch)
(uri (string-append "https://github.com/upx/upx/releases/download/v"
version "/upx-" version "-src.tar.xz"))
(sha256
- (base32
- "1l273pwa573x9l3izw75cz8ysn2g8w8w3s56rahppa3ya65zg0h5"))))
+ (base32 "1i71p03861hlf5x1w217l67zm5inm449zhbg6kpv8zyj0wb5dmjy"))))
(build-system cmake-build-system)
(home-page "https://upx.github.io/")
(synopsis "Compression tool for executables")
@@ -2455,6 +2454,8 @@ (define-public upx
compressor. UPX typically reduces the file size of programs and shared
libraries by around 50%--70%, thus reducing disk space, network load times,
download times, and other distribution and storage costs.")
+ ;; These CVEs have been fixed since 4.0.2 but are still linted.
+ (properties `((lint-hidden-cve . ("CVE-2023-23456" "CVE-2023-23457"))))
(license license:gpl2+)))
(define-public quazip-0
--
2.46.0
This bug report was last modified 278 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.