* [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1
@ 2024-11-04 2:48 Aaron Covrig via Guix-patches via
2024-11-04 6:13 ` Nicolas Graves via Guix-patches via
0 siblings, 1 reply; 3+ messages in thread
From: Aaron Covrig via Guix-patches via @ 2024-11-04 2:48 UTC (permalink / raw)
To: 74199; +Cc: Aaron Covrig
* gnu/packages/compression.scm (zlib): Update to version 1.3.1
---
The zlib version 1.3.1 update addresses CVE-2023-45853,
see issue: https://github.com/madler/zlib/issues/868
gnu/packages/compression.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 97696ff0ef..f39cbca84e 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -112,7 +112,7 @@ (define-module (gnu packages compression)
(define-public zlib
(package
(name "zlib")
- (version "1.3")
+ (version "1.3.1")
(source
(origin
(method url-fetch)
@@ -122,7 +122,7 @@ (define-public zlib
version "/zlib-" version ".tar.gz")))
(sha256
(base32
- "0gjrz8p70mgkic7mxjh1vqwws4x8z7hq2fhbackvqg81jb1a82zz"))))
+ "08yzf8xz0q7vxs8mnn74xmpxsrs6wy0aan55lpmpriysvyvv54ws"))))
(build-system gnu-build-system)
(outputs '("out" "static"))
(arguments
base-commit: 8964dfdb84f7d21dbc89c217ca4f4546a15990af
--
2.46.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1
2024-11-04 2:48 [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1 Aaron Covrig via Guix-patches via
@ 2024-11-04 6:13 ` Nicolas Graves via Guix-patches via
2024-11-04 13:00 ` Aaron Covrig via Guix-patches via
0 siblings, 1 reply; 3+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-11-04 6:13 UTC (permalink / raw)
To: 74199; +Cc: Aaron Covrig
On 2024-11-03 21:48, Aaron Covrig via Guix-patches via wrote:
> * gnu/packages/compression.scm (zlib): Update to version 1.3.1
> ---
>
> The zlib version 1.3.1 update addresses CVE-2023-45853,
> see issue: https://github.com/madler/zlib/issues/868
Hi Aaron,
This is true, but rebuilding zlib will rebuild more than 30000 packages.
You can see that with guix refresh -l zlib | cut -d : -f 1
That's why we can't simply merge a patch like that. There are two
solutions in this case, to my knowledge:
- use a graft (see the manual, or packages with a "replacement" field)
- wait for core-updates to pick up this commit
In the meantime, marking this commit as moreinfo, we don't want to
compute the revision for this.
--
Best regards,
Nicolas Graves
^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1
2024-11-04 6:13 ` Nicolas Graves via Guix-patches via
@ 2024-11-04 13:00 ` Aaron Covrig via Guix-patches via
0 siblings, 0 replies; 3+ messages in thread
From: Aaron Covrig via Guix-patches via @ 2024-11-04 13:00 UTC (permalink / raw)
To: Nicolas Graves; +Cc: 74199
[-- Attachment #1: Type: text/plain, Size: 1050 bytes --]
Hello Nicolas,
Ok, should I resubmit against ‘core-updates’ or is this automatically done
via the marking for more info?
v/r,
Aaron Covrig
On Mon, Nov 4, 2024 at 01:13 Nicolas Graves <ngraves@ngraves.fr> wrote:
> On 2024-11-03 21:48, Aaron Covrig via Guix-patches via wrote:
>
> > * gnu/packages/compression.scm (zlib): Update to version 1.3.1
> > ---
> >
> > The zlib version 1.3.1 update addresses CVE-2023-45853,
> > see issue: https://github.com/madler/zlib/issues/868
>
> Hi Aaron,
>
> This is true, but rebuilding zlib will rebuild more than 30000 packages.
> You can see that with guix refresh -l zlib | cut -d : -f 1
> That's why we can't simply merge a patch like that. There are two
> solutions in this case, to my knowledge:
> - use a graft (see the manual, or packages with a "replacement" field)
> - wait for core-updates to pick up this commit
>
> In the meantime, marking this commit as moreinfo, we don't want to
> compute the revision for this.
>
> --
> Best regards,
> Nicolas Graves
>
[-- Attachment #2: Type: text/html, Size: 1688 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-11-04 13:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-04 2:48 [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1 Aaron Covrig via Guix-patches via
2024-11-04 6:13 ` Nicolas Graves via Guix-patches via
2024-11-04 13:00 ` Aaron Covrig via Guix-patches via
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).