From patchwork Fri May 9 16:50:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Z572 X-Patchwork-Id: 42487 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E75E627BC4B; Fri, 9 May 2025 17:52:33 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,FROM_SUSPICIOUS_NTLD,MAILING_LIST_MULTI,PDS_OTHER_BAD_TLD, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3F32C27BC49 for ; Fri, 9 May 2025 17:52:33 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uDQxR-0003dy-7s; Fri, 09 May 2025 12:52:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uDQxB-0003bv-RM for guix-patches@gnu.org; Fri, 09 May 2025 12:52:07 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uDQx9-0001ly-VI for guix-patches@gnu.org; Fri, 09 May 2025 12:52:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=RDBBdIqvqx6vIcPe9vrv9PSHt7cX1p2IY59S5U8G96g=; b=vO4NgfVqxC4vk+YPDaugeTAaqK0h4bPTI51As4+LrH+AFaOjd6qB5a2bwD7m5ddhJIR3yx2pxWLLKD64jDK6v5hltqeDX9ArjwbEnT0phC21CIBsskZr8NXYm3D0X395pMhW3Gq1Vpfy0zQKDyo8DM0hm6Z1ZHe2kTBoiYGVjfwhZQgs6foFzuw0e4uzamg76z2C5YpYazEbTfTPl5tkfgRnYgPsb+UuzyNgIhWlKftN2zWSwOKJQQu0yBXJe2Yuhs0ElPll9YCvnktuQJp2fljcn4NIYjA9t9QZaowJTVULb20eyEDmY2hiaI7epD0upPYJmgRP/9b0EH/a5YAbQw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uDQx9-0007QN-CM for guix-patches@gnu.org; Fri, 09 May 2025 12:52:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78337] [PATCH core-packages-team 3/4] gnu: libarchive: Update to 3.7.7. Resent-From: Zheng Junjie Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 09 May 2025 16:52:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 78337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78337@debbugs.gnu.org Received: via spool by 78337-submit@debbugs.gnu.org id=B78337.174680947328413 (code B ref 78337); Fri, 09 May 2025 16:52:03 +0000 Received: (at 78337) by debbugs.gnu.org; 9 May 2025 16:51:13 +0000 Received: from localhost ([127.0.0.1]:38978 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uDQwL-0007O6-48 for submit@debbugs.gnu.org; Fri, 09 May 2025 12:51:13 -0400 Received: from mail.z572.online ([88.99.160.180]:46358) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uDQwF-0007N1-H4 for 78337@debbugs.gnu.org; Fri, 09 May 2025 12:51:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=z572.online; s=me; t=1746809882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RDBBdIqvqx6vIcPe9vrv9PSHt7cX1p2IY59S5U8G96g=; b=h90+hBffjGdnju7DMYj14KaUg7o7hx3lNQmIJg9G5On9SlmY1AUuVliEuRH7ZxRM1ppQsm BZfsboyrPO1F7ODGAOFP9U7G217ClPsTG+PYULGqppnPNDpI/c16K6k85Fqc+iMFHgxzRr lyggVoAYNXBPD8xvlgesZ0ys/bgln7o= Received: from m.tailaa68d.ts.net ( [61.174.159.83]) by mail.z572.online (OpenSMTPD) with ESMTPSA id 846699dd (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <78337@debbugs.gnu.org>; Fri, 9 May 2025 16:58:01 +0000 (UTC) From: Zheng Junjie Date: Sat, 10 May 2025 00:50:54 +0800 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/backup.scm (libarchive): Update to 3.7.7. * gnu/packages/backup.scm (libarchive/fixed): Delete variable. * gnu/packages/patches/libarchive-remove-potential-backdoor.patch: Remove it * gnu/local.mk (dist_patch_DATA): Unregister it. Change-Id: Ia6474f9dae9a3d1a707d94fcace9bd50b2e3ac4c --- gnu/local.mk | 1 - gnu/packages/backup.scm | 22 +-------- ...libarchive-remove-potential-backdoor.patch | 47 ------------------- 3 files changed, 2 insertions(+), 68 deletions(-) delete mode 100644 gnu/packages/patches/libarchive-remove-potential-backdoor.patch diff --git a/gnu/local.mk b/gnu/local.mk index 67a41bdbf4..831939f72e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1718,7 +1718,6 @@ dist_patch_DATA = \ %D%/packages/patches/liba52-use-mtune-not-mcpu.patch \ %D%/packages/patches/libaio-32bit-test.patch \ %D%/packages/patches/libaio-riscv-test5.patch \ - %D%/packages/patches/libarchive-remove-potential-backdoor.patch \ %D%/packages/patches/libbase-fix-includes.patch \ %D%/packages/patches/libbase-use-own-logging.patch \ %D%/packages/patches/libbonobo-activation-test-race.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index b4aca86774..876167898b 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -263,8 +263,7 @@ (define-public hdup (define-public libarchive (package (name "libarchive") - (replacement libarchive/fixed) - (version "3.6.1") + (version "3.7.7") (source (origin (method url-fetch) @@ -273,10 +272,9 @@ (define-public libarchive (string-append "https://github.com/libarchive/libarchive" "/releases/download/v" version "/libarchive-" version ".tar.xz"))) - (patches (search-patches "libarchive-remove-potential-backdoor.patch")) (sha256 (base32 - "1rj8q5v26lxxr8x4b4nqbrj7p06qvl91hb8cdxi3xx3qp771lhas")))) + "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7")))) (build-system gnu-build-system) (inputs (list bzip2 @@ -353,22 +351,6 @@ (define-public libarchive @command{bsdcat}, @command{bsdcpio} and @command{bsdtar} commands.") (license license:bsd-2))) -(define libarchive/fixed - (package - (inherit libarchive) - (version "3.7.7") - (source - (origin - (method url-fetch) - (uri (list (string-append "https://libarchive.org/downloads/libarchive-" - version ".tar.xz") - (string-append "https://github.com/libarchive/libarchive" - "/releases/download/v" version "/libarchive-" - version ".tar.xz"))) - (sha256 - (base32 - "1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7")))))) - (define-public rdup (package (name "rdup") diff --git a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch deleted file mode 100644 index 2b9a9e2ffe..0000000000 --- a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch +++ /dev/null @@ -1,47 +0,0 @@ -Remove code added by 'JiaT75', the malicious actor that backdoored `xz`: - -https://github.com/libarchive/libarchive/pull/2101 - -At libarchive, they are reviewing all code contributed by this actor: - -https://github.com/libarchive/libarchive/issues/2103 - -See the original disclosure and subsequent discussion for more -information about this incident: - -https://seclists.org/oss-sec/2024/q1/268 - -Patch copied from upstream source repository: - -https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942 - -From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001 -From: Ed Maste -Date: Fri, 29 Mar 2024 18:02:06 -0400 -Subject: [PATCH] tar: make error reporting more robust and use correct errno - (#2101) - -As discussed in #1609. ---- - tar/read.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/tar/read.c b/tar/read.c -index af3d3f42..a7f14a07 100644 ---- a/tar/read.c -+++ b/tar/read.c -@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer) - if (r != ARCHIVE_OK) { - if (!bsdtar->verbose) - safe_fprintf(stderr, "%s", archive_entry_pathname(entry)); -- fprintf(stderr, ": %s: ", archive_error_string(a)); -- fprintf(stderr, "%s", strerror(errno)); -+ safe_fprintf(stderr, ": %s: %s", -+ archive_error_string(a), -+ strerror(archive_errno(a))); - if (!bsdtar->verbose) - fprintf(stderr, "\n"); - bsdtar->return_value = 1; --- -2.41.0 -