[PATCH] gnu: libarchive: Update to 3.3.1.

Done

Details

2 participants

Kei Kebreau
Leo Famulari

Owner: unassigned

Submitted by: Kei Kebreau

Severity: normal

Debbugs page

Kei Kebreau wrote 8 years ago

Recipients:(address . guix-patches@gnu.org)(name . Kei Kebreau)(address . kei@openmailbox.org)

Message-ID:20170508190714.15902-1-kei@openmailbox.org

Fixes CVE-2016-{10209,10350} and CVE-2017-5601.

* gnu/packages/backup.scm (libarchive): Update to 3.3.1.

---

gnu/packages/backup.scm | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index f9c0a22a0..569d5d64b 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -186,7 +186,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
-    (version "3.2.2")
+    (version "3.3.1")
     (source
      (origin
        (method url-fetch)
@@ -194,7 +194,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "03q6y428rg723c9fj1vidzjw46w1vf8z0h95lkvz1l9jw571j739"))))
+         "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))
     (build-system gnu-build-system)
     ;; TODO: Add -L/path/to/nettle in libarchive.pc.
     (inputs
-- 
2.12.2

Leo Famulari wrote 8 years ago

Recipients:(name . Kei Kebreau)(address . kei@openmailbox.org)(address . 26836@debbugs.gnu.org)

Message-ID:20170508192548.GA20051@jasmine

On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:

Toggle quote (4 lines)

> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.

> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.

Thanks!

Can you use a graft instead? Then, the commit message can be like this:

gnu: libarchive: Replace with 3.3.1 [security fixes].

Fixes CVE-2016-{10209,10350}, CVE-2017-5601.

* gnu/packages/backup.scm (libarchive)[replacement]: New field.

(libarchive-3.3.1): New variable.

Kei Kebreau wrote 8 years ago

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 26836@debbugs.gnu.org)

Message-ID:878tm7kqbf.fsf@openmailbox.org

Leo Famulari <leo@famulari.name> writes:

Toggle quote (16 lines)> On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
>> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> 
>> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
>
> Thanks!
>
> Can you use a graft instead? Then, the commit message can be like this:
>
> gnu: libarchive: Replace with 3.3.1 [security fixes].
>
> Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
>
> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
> (libarchive-3.3.1): New variable.

Like the patch I've attached?

From 45d3157bb61bb8b5f26ff13feb672759b6043e6f Mon Sep 17 00:00:00 2001

To: 26836@debbugs.gnu.org

Fixes CVE-2016-{10209,10350} and CVE-2017-5601.

* gnu/packages/backup.scm (libarchive)[replacement]: New field.

(libarchive-3.3.1): New variable.

---

gnu/packages/backup.scm | 16 ++++++++++++++++

1 file changed, 16 insertions(+)

Toggle diff (43 lines)diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index f9c0a22a0..d5cb5783a 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -186,6 +187,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
+    (replacement libarchive-3.3.1)
     (version "3.2.2")
     (source
      (origin
@@ -241,6 +243,20 @@ archive.  In particular, note that there is currently no built-in support for
 random access nor for in-place modification.")
     (license license:bsd-2)))
 
+(define libarchive-3.3.1
+  (package
+    (inherit libarchive)
+    (name "libarchive")
+    (version "3.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://libarchive.org/downloads/libarchive-"
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))))
+
 (define-public rdup
   (package
     (name "rdup")
-- 
2.12.2

Leo Famulari wrote 8 years ago

Recipients:(name . Kei Kebreau)(address . kei@openmailbox.org)(address . 26836@debbugs.gnu.org)

Message-ID:20170508215611.GA3476@jasmine

On Mon, May 08, 2017 at 05:10:28PM -0400, Kei Kebreau wrote:

Toggle quote (31 lines)> Leo Famulari <leo@famulari.name> writes:
> 
> > On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
> >> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
> >> 
> >> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
> >
> > Thanks!
> >
> > Can you use a graft instead? Then, the commit message can be like this:
> >
> > gnu: libarchive: Replace with 3.3.1 [security fixes].
> >
> > Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
> >
> > * gnu/packages/backup.scm (libarchive)[replacement]: New field.
> > (libarchive-3.3.1): New variable.
> 
> Like the patch I've attached?

> From 45d3157bb61bb8b5f26ff13feb672759b6043e6f Mon Sep 17 00:00:00 2001
> From: Kei Kebreau <kei@openmailbox.org>
> Date: Mon, 8 May 2017 14:58:07 -0400
> Subject: [PATCH] gnu: libarchive: Replace with 3.3.1 [security fixes].
> To: 26836@debbugs.gnu.org
> 
> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
> 
> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
> (libarchive-3.3.1): New variable.

Thanks, LGTM!

Kei Kebreau wrote 8 years ago

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 26836-done@debbugs.gnu.org)

Message-ID:87r2zykh8x.fsf@openmailbox.org

Leo Famulari <leo@famulari.name> writes:

Toggle quote (34 lines)> On Mon, May 08, 2017 at 05:10:28PM -0400, Kei Kebreau wrote:
>> Leo Famulari <leo@famulari.name> writes:
>> 
>> > On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
>> >> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> >> 
>> >> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
>> >
>> > Thanks!
>> >
>> > Can you use a graft instead? Then, the commit message can be like this:
>> >
>> > gnu: libarchive: Replace with 3.3.1 [security fixes].
>> >
>> > Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
>> >
>> > * gnu/packages/backup.scm (libarchive)[replacement]: New field.
>> > (libarchive-3.3.1): New variable.
>> 
>> Like the patch I've attached?
>
>> From 45d3157bb61bb8b5f26ff13feb672759b6043e6f Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <kei@openmailbox.org>
>> Date: Mon, 8 May 2017 14:58:07 -0400
>> Subject: [PATCH] gnu: libarchive: Replace with 3.3.1 [security fixes].
>> To: 26836@debbugs.gnu.org
>> 
>> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> 
>> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
>> (libarchive-3.3.1): New variable.
>
> Thanks, LGTM!

Great! Pushed to master.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 26836@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 26836

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags

mumi command -t +confirmed -t +easy

Or, remove the moreinfo tag and set the help tag

mumi command -t -moreinfo -t +help

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date