Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libarchive: 3.6.2 -> 3.7.2 #244713

Merged
merged 1 commit into from
Sep 23, 2023
Merged

Conversation

LeSuisse
Copy link
Contributor

Description of changes

https://github.com/libarchive/libarchive/releases/tag/v3.7.0

Things done
  • Built on platform(s)
    • x86_64-linux (on top of master)
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@wegank wegank added 2.status: merge conflict This PR has merge conflicts with the target branch 12.approvals: 1 This PR was reviewed and approved by one reputable person labels Sep 1, 2023
Copy link
Member

@chkno chkno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@LeSuisse LeSuisse added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 23, 2023
@LeSuisse
Copy link
Contributor Author

This version bump fixes https://nvd.nist.gov/vuln/detail/CVE-2023-30571

It does not. The metadata associated with the CVE entry are not correct.

Upstream issue is still open and AFAIK there is no available fix.
libarchive/libarchive#1876

@LeSuisse LeSuisse removed the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 23, 2023
@github-actions github-actions bot added 6.topic: python 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: kernel The Linux kernel 8.has: documentation This PR adds or changes documentation 8.has: changelog 8.has: module (update) This PR changes an existing module in `nixos/` labels Sep 23, 2023
@github-actions github-actions bot removed 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: kernel The Linux kernel 8.has: documentation This PR adds or changes documentation 8.has: changelog 8.has: module (update) This PR changes an existing module in `nixos/` labels Sep 23, 2023
@LeSuisse
Copy link
Contributor Author

Rebased on top of staging and updated to 3.7.2 (sorry for the noise, I first rebased it on top of master by mistake).

Flagging this as security related even if CVE-2023-30571 is not fixed.
3.7.1 and 3.7.2 contains security fixes (no CVE ID seems to be associated with them?):
libarchive/libarchive@ee312cf
libarchive/libarchive@1b4e0d0

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one and removed 2.status: merge conflict This PR has merge conflicts with the target branch labels Sep 23, 2023
@ofborg ofborg bot requested review from AndersonTorres and jcumming September 23, 2023 18:21
@AndersonTorres AndersonTorres changed the title libarchive: 3.6.2 -> 3.7.0 libarchive: 3.6.2 -> 3.7.2 Sep 23, 2023
@AndersonTorres AndersonTorres merged commit e81936d into NixOS:staging Sep 23, 2023
10 of 11 checks passed
@LeSuisse LeSuisse deleted the libarchive-3.7.0 branch September 23, 2023 22:19
@trofi
Copy link
Contributor

trofi commented Sep 24, 2023

Bisect says e81936d libarchive: 3.6.2 -> 3.7.2 broke pkgsi686Linux.libarchive on staging as:

Failing tests:
  522: test_write_filter_zstd (202 failures)

Upstream already fixed it. Proposed nixpkgs backport as #257080

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ 10.rebuild-darwin: 5001+ 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+ 12.approvals: 1 This PR was reviewed and approved by one reputable person
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants