From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33845) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1elfqA-0008Ml-V0 for guix-patches@gnu.org; Tue, 13 Feb 2018 14:02:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1elfq6-0007iX-JP for guix-patches@gnu.org; Tue, 13 Feb 2018 14:02:07 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:33892) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1elfq6-0007iM-DT for guix-patches@gnu.org; Tue, 13 Feb 2018 14:02:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1elfq5-0007XK-US for guix-patches@gnu.org; Tue, 13 Feb 2018 14:02:02 -0500 Subject: [bug#30448] Update librsync to 2.0.1 Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33742) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1elfpP-0007uu-UN for guix-patches@gnu.org; Tue, 13 Feb 2018 14:01:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1elfpL-0007QE-Rl for guix-patches@gnu.org; Tue, 13 Feb 2018 14:01:19 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:33197) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1elfpL-0007Pz-II for guix-patches@gnu.org; Tue, 13 Feb 2018 14:01:15 -0500 Received: from localhost (unknown [172.58.225.135]) by mail.messagingengine.com (Postfix) with ESMTPA id 7B233246AC for ; Tue, 13 Feb 2018 14:01:14 -0500 (EST) Date: Tue, 13 Feb 2018 14:01:13 -0500 From: Leo Famulari Message-ID: <20180213190113.GA22610@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1UWUbFP1cBYEclgG" Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 30448@debbugs.gnu.org --1UWUbFP1cBYEclgG Content-Type: multipart/mixed; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline librsync 2.0.1 is available at a new upstream URL: https://github.com/librsync/librsync/releases Patch attached. This would also include the fix for CVE-2014-8242, which is about use of a cryptographically broken hash function (truncated MD4), released in librsync 1.0.0. However, at least btar and rdiff-backup aren't compatible with this new version of librsync (I'm still building deja-dup to test its compatibility). Additionally, I noticed that the built package doesn't keep any references to bzip2 or zlib, which seems wrong to me. Is anyone using one of the dependent packages interested in looking more closely at this? --/04w6evG8XlLl3ft Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: attachment; filename="0001-gnu-librsync-Update-to-2.0.1.patch" Content-Transfer-Encoding: quoted-printable =46rom f89c21668a82a78bdc7b7bf5d2a0a3418032b582 Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Tue, 13 Feb 2018 13:50:26 -0500 Subject: [PATCH] gnu: librsync: Update to 2.0.1. * gnu/packages/rsync.scm (librsync): Update to 2.0.1. [source]: Update source URL. [build-system]: Use cmake-build-system. [inputs]: Add bzip2, popt, and zlib. [arguments]: Remove field. --- gnu/packages/rsync.scm | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/gnu/packages/rsync.scm b/gnu/packages/rsync.scm index 4fed03523..6f4c1aec9 100644 --- a/gnu/packages/rsync.scm +++ b/gnu/packages/rsync.scm @@ -3,6 +3,7 @@ ;;; Copyright =A9 2016 Mark H Weaver ;;; Copyright =A9 2017 Efraim Flashner ;;; Copyright =A9 2018 Tobias Geerinckx-Rice +;;; Copyright =A9 2018 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,12 +22,15 @@ =20 (define-module (gnu packages rsync) #:use-module (gnu packages) - #:use-module (gnu packages perl) #:use-module (gnu packages acl) #:use-module (gnu packages base) - #:use-module (guix licenses) + #:use-module (gnu packages compression) + #:use-module (gnu packages perl) + #:use-module (gnu packages popt) + #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix build-system cmake) #:use-module (guix build-system gnu)) =20 =20 @@ -51,25 +55,28 @@ to/from another host over any remote shell, or to/from = a remote rsync daemon. Its delta-transfer algorithm reduces the amount of data sent over the netw= ork by sending only the differences between the source files and the existing files in the destination.") - (license gpl3+) + (license license:gpl3+) (home-page "http://rsync.samba.org/"))) =20 (define-public librsync (package (name "librsync") - (version "0.9.7") + (version "2.0.1") (source (origin (method url-fetch) - (uri (string-append "mirror://sourceforge/librsync/librsync/" - version "/librsync-" version ".tar.gz")) + (uri (string-append "https://github.com/librsync/librsync/arch= ive/v" + version ".tar.gz")) (sha256 (base32 - "1mj1pj99mgf1a59q9f2mxjli2fzxpnf55233pc1klxk2arhf8cv6")))) - (build-system gnu-build-system) + "0pk2a9kpwlpxjn35v8m03wmxz0lv56kq1chs3yi75z543826kkkg")))) + (build-system cmake-build-system) + (inputs + `(("bzip2" ,bzip2) + ("popt" ,popt) + ("zlib" ,zlib))) (native-inputs `(("which" ,which) ("perl" ,perl))) - (arguments '(#:configure-flags '("--enable-shared"))) (home-page "http://librsync.sourceforge.net/") (synopsis "Implementation of the rsync remote-delta algorithm") (description @@ -78,4 +85,4 @@ remote-delta algorithm. This algorithm allows efficient = remote updates of a file, without requiring the old and new versions to both be present at the sending end. The library uses a \"streaming\" design similar to that of z= lib with the aim of allowing it to be embedded into many different application= s.") - (license lgpl2.1+))) + (license license:lgpl2.1+))) --=20 2.16.1 --/04w6evG8XlLl3ft-- --1UWUbFP1cBYEclgG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlqDNfUACgkQJkb6MLrK fwjpow//fo1gSF1I9aR0C0xqq8QhjBFZk/QM12wdXfwUNRaWmTHLUy0Kgf63SXEC qlTFOnMaeE1NwU875wxhtH3QT5e3rL328oPzrE9WeOtCDFkAaaqGG4ddIJ9o1Mi6 Koz2lvw8TP+sYRhpm5AFvisHxQ/r3Vnt6xSmt7G/9IjSQCxOX48GHtkyH5qtGOBz gFvdFjHjPo1T0JCyX/tn8EJSxCSOzJV7BFrpp8g5YyCqQVbp10mN/xnjIZhENMvW p2IbQwQT8gmYlGZXIZOfcCsMb+qv5bAgZPxYpX/EHL53e/3UTLEkoxigCB9p0CYc Rn7OE34qHq2vm9mzSZVd7PTFbKUCJlG+p4JTyNnJagI3OUSsvV43IL+FMiWX2SjS EikvFeMmqe65m+FsIaEp6HSnBUSk/qxDXBCiJbPV5Lxmkx5oaMTb7oyIBQSS6Vtj FzvS5+D0ds8orDVeA1BcPcQ9ADpnZX7ld+b07W9sxcuJxGrvykQtiuv3XvEUs4Cc 3Br3aB5X8a/e2fcBO9fHdbr5PVmB3FRQY8cLhJ9HpBtplrNiq0vhz75j6QjSaY74 xUDFW0FDaBTuEW1mztruInTL8ELxlOzAAzMBmCKGkYJg8ogqgJbDoqnFsvpQP8rC D5Qajt3UOvydBFep/qYQOhQNOy0j+j4D5BBDj0xVRkGN6wOoqBI= =nIsZ -----END PGP SIGNATURE----- --1UWUbFP1cBYEclgG--