unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1
@ 2024-11-04  2:48 Aaron Covrig via Guix-patches via
  2024-11-04  6:13 ` Nicolas Graves via Guix-patches via
  0 siblings, 1 reply; 3+ messages in thread
From: Aaron Covrig via Guix-patches via @ 2024-11-04  2:48 UTC (permalink / raw)
  To: 74199; +Cc: Aaron Covrig

* gnu/packages/compression.scm (zlib): Update to version 1.3.1
---

The zlib version 1.3.1 update addresses CVE-2023-45853,
see issue: https://github.com/madler/zlib/issues/868

 gnu/packages/compression.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 97696ff0ef..f39cbca84e 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -112,7 +112,7 @@ (define-module (gnu packages compression)
 (define-public zlib
   (package
     (name "zlib")
-    (version "1.3")
+    (version "1.3.1")
     (source
      (origin
        (method url-fetch)
@@ -122,7 +122,7 @@ (define-public zlib
                                  version "/zlib-" version ".tar.gz")))
        (sha256
         (base32
-         "0gjrz8p70mgkic7mxjh1vqwws4x8z7hq2fhbackvqg81jb1a82zz"))))
+         "08yzf8xz0q7vxs8mnn74xmpxsrs6wy0aan55lpmpriysvyvv54ws"))))
     (build-system gnu-build-system)
     (outputs '("out" "static"))
     (arguments

base-commit: 8964dfdb84f7d21dbc89c217ca4f4546a15990af
-- 
2.46.0





^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1
  2024-11-04  2:48 [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1 Aaron Covrig via Guix-patches via
@ 2024-11-04  6:13 ` Nicolas Graves via Guix-patches via
  2024-11-04 13:00   ` Aaron Covrig via Guix-patches via
  0 siblings, 1 reply; 3+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-11-04  6:13 UTC (permalink / raw)
  To: 74199; +Cc: Aaron Covrig

On 2024-11-03 21:48, Aaron Covrig via Guix-patches via wrote:

> * gnu/packages/compression.scm (zlib): Update to version 1.3.1
> ---
>
> The zlib version 1.3.1 update addresses CVE-2023-45853,
> see issue: https://github.com/madler/zlib/issues/868

Hi Aaron,

This is true, but rebuilding zlib will rebuild more than 30000 packages.
You can see that with  guix refresh -l zlib | cut -d : -f 1 
That's why we can't simply merge a patch like that.  There are two
solutions in this case, to my knowledge: 
- use a graft (see the manual, or packages with a "replacement" field)
- wait for core-updates to pick up this commit

In the meantime, marking this commit as moreinfo, we don't want to
compute the revision for this.

-- 
Best regards,
Nicolas Graves




^ permalink raw reply	[flat|nested] 3+ messages in thread

* [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1
  2024-11-04  6:13 ` Nicolas Graves via Guix-patches via
@ 2024-11-04 13:00   ` Aaron Covrig via Guix-patches via
  0 siblings, 0 replies; 3+ messages in thread
From: Aaron Covrig via Guix-patches via @ 2024-11-04 13:00 UTC (permalink / raw)
  To: Nicolas Graves; +Cc: 74199

[-- Attachment #1: Type: text/plain, Size: 1050 bytes --]

Hello Nicolas,

Ok, should I resubmit against ‘core-updates’ or is this automatically done
via the marking for more info?

v/r,

Aaron Covrig

On Mon, Nov 4, 2024 at 01:13 Nicolas Graves <ngraves@ngraves.fr> wrote:

> On 2024-11-03 21:48, Aaron Covrig via Guix-patches via wrote:
>
> > * gnu/packages/compression.scm (zlib): Update to version 1.3.1
> > ---
> >
> > The zlib version 1.3.1 update addresses CVE-2023-45853,
> > see issue: https://github.com/madler/zlib/issues/868
>
> Hi Aaron,
>
> This is true, but rebuilding zlib will rebuild more than 30000 packages.
> You can see that with  guix refresh -l zlib | cut -d : -f 1
> That's why we can't simply merge a patch like that.  There are two
> solutions in this case, to my knowledge:
> - use a graft (see the manual, or packages with a "replacement" field)
> - wait for core-updates to pick up this commit
>
> In the meantime, marking this commit as moreinfo, we don't want to
> compute the revision for this.
>
> --
> Best regards,
> Nicolas Graves
>

[-- Attachment #2: Type: text/html, Size: 1688 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-11-04 13:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-04  2:48 [bug#74199] [PATCH] gnu: zlib: Update to version 1.3.1 Aaron Covrig via Guix-patches via
2024-11-04  6:13 ` Nicolas Graves via Guix-patches via
2024-11-04 13:00   ` Aaron Covrig via Guix-patches via

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).