From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id sLi+NyLVTmZ9lQAAe85BDQ:P1 (envelope-from ) for ; Thu, 23 May 2024 07:33:23 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id sLi+NyLVTmZ9lQAAe85BDQ (envelope-from ) for ; Thu, 23 May 2024 07:33:23 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1716442402; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-to:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=L1QVBQmhEmLZsHuTuMHEGWTu3zbHsPFXhKsGJmYwHNU=; b=aVIaPtFe7kR1ylWMYdWJ+ls9Kmf/IQknpkrCd59O3QGfrbvxkhT/FkvhumkJJfKuqZpzgA e8HKSEKzf7NqI6F8iHV3lgU8XgVdzgoZXDCz2SP0d+4EhyvOG3qMqgBmjo/3mbsTqg2Enx XjW3Y5Vyq/rY3CSR3lvjVkukA9MQCIO9QWH0iWQpqF3yj35BEO915GCVMQOf5Y1cHFvg+b sZ25dpmVd5+m/mB0lEz9IYK9DxPejvMz+mDcoWz9spZbftQq1mUStLAKqFxwGU5lWPCvSn gDLkk1a+IEO9npw86R0C2cg6GDZUb+/KSFxQ52D4c5faLMjFgZMa31UvSvjOMQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1716442402; a=rsa-sha256; cv=none; b=lIq5UMtnnMkZykx4DuYuC84XSfMxelQcnbDC8ApKJ8pT/tpFEFD6TYqmgISt0G5Y9rG7dw QdE7AbacS2+o4pvxRsHeMY5zbPUIcl2Al3BnrGWVHEchmKTw13d78+0JTrOxKXXSI7Cfnh +HYj0+DkhEMnFKkgIaqRhTypyqSkpWH9ocM0O9aoLfcGV0go4+oDSVOQr9UExuDjrshGN/ JdWrPFRmhz5MAZpKlflxSynt2zdUw4YxlufJU3PvuWLjjMKmTMKRIDbKEJFbjuS73oKEkr m7kt5TWztpe/JZjRmMhBsXZQMH270a3aNwLE0cf0cVQ0/rP3J+RzlQq+9L38lQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A36E07F5D9 for ; Thu, 23 May 2024 07:33:21 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sA14g-0000xp-AC; Thu, 23 May 2024 01:33:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sA14T-0000t6-Oz for guix-patches@gnu.org; Thu, 23 May 2024 01:32:58 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sA14T-0004OE-GP for guix-patches@gnu.org; Thu, 23 May 2024 01:32:57 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sA14Z-0006i7-KQ for guix-patches@gnu.org; Thu, 23 May 2024 01:33:03 -0400 Subject: bug#71124: [PATCH] gnu: skopeo: Update to 1.15.1 [security fixes]. Resent-From: Zheng Junjie Original-Sender: "Debbugs-submit" Resent-To: guix-patches@gnu.org Resent-Date: Thu, 23 May 2024 05:33:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 71124 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Tomas Volf <~@wolfsden.cz> Cc: 71124-done@debbugs.gnu.org Mail-Followup-To: 71124@debbugs.gnu.org, zhengjunjie@iscas.ac.cn, ~@wolfsden.cz Received: via spool by 71124-done@debbugs.gnu.org id=D71124.171644236825755 (code D ref 71124); Thu, 23 May 2024 05:33:03 +0000 Received: (at 71124-done) by debbugs.gnu.org; 23 May 2024 05:32:48 +0000 Received: from localhost ([127.0.0.1]:58397 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sA14K-0006hL-2q for submit@debbugs.gnu.org; Thu, 23 May 2024 01:32:48 -0400 Received: from smtp21.cstnet.cn ([159.226.251.21]:42822 helo=cstnet.cn) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sA14H-0006hD-Bp for 71124-done@debbugs.gnu.org; Thu, 23 May 2024 01:32:46 -0400 Received: from m (unknown [107.174.64.25]) by APP-01 (Coremail) with SMTP id qwCowAAnLxPl1E5mOBfqBg--.704S2; Thu, 23 May 2024 13:32:24 +0800 (CST) From: Zheng Junjie In-Reply-To: (Tomas Volf's message of "Wed, 22 May 2024 20:47:55 +0200") References: User-Agent: mu4e 1.12.4; emacs 30.0.50 Date: Thu, 23 May 2024 13:32:19 +0800 Message-ID: <87jzjlrt3w.fsf@iscas.ac.cn> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-CM-TRANSID: qwCowAAnLxPl1E5mOBfqBg--.704S2 X-Coremail-Antispam: 1UD129KBjvdXoW7XFy7uF1fZr13tF1rKw48JFb_yoWktrg_ur y3A3yavr4vgr1jkrs2yF1fJFyrXFW8Zr4fK3W3Ka1xtas5WrsFqFsruFy0yF13AF4UtFs5 Ars8CrW5uryI9jkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUIcSsGvfJTRUUUbV8YjsxI4VWkCwAYFVCjjxCrM7AC8VAFwI0_Jr0_Gr1l1xkIjI8I 6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM2 8CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWUCVW8JwA2z4x0Y4vE2Ix0 cI8IcVCY1x0267AKxVWUJVW8JwA2z4x0Y4vEx4A2jsIE14v26r4UJVWxJr1l84ACjcxK6I 8E87Iv6xkF7I0E14v26rxl6s0DM2vj62AExVA0xI801c8C04v26x02cVCv0xWle2I262IY c4CY6c8Ij28IcVAaY2xG8wASzI0EjI02j7AqF2xKxwAqx4xG64xvF2IEw4CE5I8CrVC2j2 WlYx0E2Ix0cI8IcVAFwI0_JrI_JrylYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkE bVWUJVW8JwACjcxG0xvEwIxGrwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJV W8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF 1VAFwI0_Jrv_JF1lIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6x IIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvE x4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBIdaVFxhVjvj DU0xZFpf9x07UTMKZUUUUU= X-Originating-IP: [107.174.64.25] X-CM-SenderInfo: x2kh0wxmxqyx3h6l2u1dvotugofq/ X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -8.66 X-Migadu-Queue-Id: A36E07F5D9 X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -8.66 X-TUID: k1+17Ztfv1VR --=-=-= Content-Type: text/plain Tomas Volf <~@wolfsden.cz> writes: > This fixes CVE-2024-3727. > > * gnu/packages/virtualization.scm (skopeo): Update to 1.15.1. > > Change-Id: Icebb6f50e7317bce9ff106d71ad30dcfa6665666 > --- > gnu/packages/virtualization.scm | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm > index 34cccd6550..d45249455e 100644 > --- a/gnu/packages/virtualization.scm > +++ b/gnu/packages/virtualization.scm > @@ -2258,7 +2258,7 @@ (define-public umoci > (define-public skopeo > (package > (name "skopeo") > - (version "1.15.0") > + (version "1.15.1") > (source (origin > (method git-fetch) > (uri (git-reference > @@ -2267,7 +2267,7 @@ (define-public skopeo > (file-name (git-file-name name version)) > (sha256 > (base32 > - "1f9n3ysdmll7vq8dmgpv03m8aqq3w9cfvbmxxpwmnv1nlfc67ihq")))) > + "0fhw3jrbklpz7kb1kdwn2hg3v2jyyz30710wkd0wlpfz4fyzmzb6")))) > (build-system gnu-build-system) > (native-inputs > (list go-1.21 push, see https://git.savannah.gnu.org/cgit/guix.git/commit/?id=4fbce61aa91f93a0f56398e71095bd8b8d26de6c --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfr6klGDOXiwIdX/bO1qpk+Gi3/AFAmZO1OMACgkQO1qpk+Gi 3/AmYw/+JHZXcNsdZ7jDSFQnfOkt8VAWxi0c2rpQ5r+f2xYl/YhVe0IjMx9UvpSu J1zdeKLbwYtd/9hpHNt0QM4N6MpRcjUiaWbuc8CVLqYFIXetYinwS9Bid2DM/CET ApEMq1gyBD5P86navr9XuDpPgWc2b6tWC5aP3pK7FyGRIXGfLse6j6jUq+E57Ksa wqWK1Vmw2NYViYpoG6OPK4fR0qgbX8CdvBd0xIv8d9K0306LlkN0Qu3FaVTPN8kN ytdR14u49t3CXJJdeEbRbAms5rb/F1u6w54nFXGlWJKYTF6CscolN1KqBwpCZfgG Iln34qiy1zWBnolozpoIZQIh5OpfOAENiN7AAKM9m5HeRFUj248DFxLlYEeCLJlL MSrRKzjU1UaB4NhdY7vukQJKKp8C9LxWT3ZQtqIdfr0jmsogAlEh7qAVdamAoN9b HKqeUl+SEydafTFNOuytQUCAS/BHtOabu/2sXcBEdzuzSVODo5NTQt0WWtJqOnnl o+fk46ra1joJrxQ2zp97rkiGQgr4HnGEgesaHT+fCj2w0ffVzFemzbcOAK0ZVrmi tDU/uvK76v8Y+xOaJiBYQW/GOvhzUEWBslY9QPRgptLAlxSNppjD+CthqCkUFeVF 8dWG42g2i61FQFkiL4HbR5BREgY5LbOMFOhyx4HbdSyHlO5gh00= =dvm/ -----END PGP SIGNATURE----- --=-=-=--