-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libarchive: 3.7.4 -> 3.7.6 #341705
libarchive: 3.7.4 -> 3.7.6 #341705
Conversation
Automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/libarchive/libarchive/releases. meta.description for libarchive is: Multi-format archive and compression library meta.homepage for libarchive is: http://libarchive.org meta.changelog for libarchive is: https://github.com/libarchive/libarchive/releases/tag/v3.7.6 Updates performed
To inspect upstream changesImpactChecks done
Caution A test defined in
Rebuild report (if merged into master) (click to expand)
Instructions to test this update (click to expand)Either download from Cachix:
(The Cachix cache is only trusted for this store-path realization.) Or, build yourself:
Or:
After you've downloaded or built it, look at the files and if there are any, run the binaries:
Pre-merge build resultsNixPkgs review skipped Maintainer pingscc @jcumming @AndersonTorres for testing. Tip As a maintainer, if your package is located under Add a 👍 reaction to pull requests you find important. |
f4907d8
to
3cd5157
Compare
Security related, it fixes CVE-2024-20696 and CVE-2024-26256 in 3.7.5. https://github.com/libarchive/libarchive/releases/tag/v3.7.5 |
Can someone from Darwin look at this? |
On unsandboxed aarch64-darwin I'm getting this
(when picking this update atop the current nixpkgs master) |
Wait... it did pass on second or third attempt 🤦🏽 Anyway, we surely do want the RCE fix in the upcoming staging-next. |
Successfully created backport PR for |
Bisect says 3cd5157
|
Should be Changaco/python-libarchive-c#131 |
I pulled the fix in #348582 |
Automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/libarchive/libarchive/releases.
meta.description for libarchive is: Multi-format archive and compression library
meta.homepage for libarchive is: http://libarchive.org
meta.changelog for libarchive is: https://github.com/libarchive/libarchive/releases/tag/v3.7.5
Updates performed
To inspect upstream changes
Release on GitHub
Compare changes on GitHub
Impact
Checks done
Caution
A test defined in
passthru.tests
did not pass.Rebuild report (if merged into master) (click to expand)
Instructions to test this update (click to expand)
Either download from Cachix:
(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the
trusted-users
list or you can usesudo
since root is effectively trusted.Or, build yourself:
Or:
After you've downloaded or built it, look at the files and if there are any, run the binaries:
Pre-merge build results
NixPkgs review skipped
Maintainer pings
cc @jcumming @AndersonTorres for testing.
Tip
As a maintainer, if your package is located under
pkgs/by-name/*
, you can comment@NixOS/nixpkgs-merge-bot merge
to automatically merge this update using thenixpkgs-merge-bot
.Add a 👍 reaction to pull requests you find important.