GNU bug report logs - #74199
[PATCH] gnu: zlib: Update to version 1.3.1

Reported by: Aaron Covrig <aaron.covrig.us <at> ieee.org>

Date: Mon, 4 Nov 2024 02:53:02 UTC

Severity: normal

Tags: moreinfo, patch

View this message in rfc822 format

From: Aaron Covrig <aaron.covrig.us <at> ieee.org>
To: Nicolas Graves <ngraves <at> ngraves.fr>
Cc: 74199 <at> debbugs.gnu.org
Subject: [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1
Date: Mon, 4 Nov 2024 08:00:23 -0500

[Message part 1 (text/plain, inline)]

Hello Nicolas,

Ok, should I resubmit against ‘core-updates’ or is this automatically done
via the marking for more info?

v/r,

Aaron Covrig

On Mon, Nov 4, 2024 at 01:13 Nicolas Graves <ngraves <at> ngraves.fr> wrote:

> On 2024-11-03 21:48, Aaron Covrig via Guix-patches via wrote:
>
> > * gnu/packages/compression.scm (zlib): Update to version 1.3.1
> > ---
> >
> > The zlib version 1.3.1 update addresses CVE-2023-45853,
> > see issue: https://github.com/madler/zlib/issues/868
>
> Hi Aaron,
>
> This is true, but rebuilding zlib will rebuild more than 30000 packages.
> You can see that with  guix refresh -l zlib | cut -d : -f 1
> That's why we can't simply merge a patch like that.  There are two
> solutions in this case, to my knowledge:
> - use a graft (see the manual, or packages with a "replacement" field)
> - wait for core-updates to pick up this commit
>
> In the meantime, marking this commit as moreinfo, we don't want to
> compute the revision for this.
>
> --
> Best regards,
> Nicolas Graves
>

[Message part 2 (text/html, inline)]

This bug report was last modified 227 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #74199 [PATCH] gnu: zlib: Update to version 1.3.1

GNU bug report logs - #74199
[PATCH] gnu: zlib: Update to version 1.3.1