Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libarchive: 3.7.4 -> 3.7.6 #341705

Merged
merged 1 commit into from
Oct 14, 2024
Merged

Conversation

r-ryantm
Copy link
Contributor

Automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/libarchive/libarchive/releases.

meta.description for libarchive is: Multi-format archive and compression library

meta.homepage for libarchive is: http://libarchive.org

meta.changelog for libarchive is: https://github.com/libarchive/libarchive/releases/tag/v3.7.5

Updates performed
  • Version update
To inspect upstream changes
Impact

Checks done


  • built on NixOS

Caution

A test defined in passthru.tests did not pass.

  • found 3.7.5 with grep in /nix/store/npz599iipwpj25mbp8zw2b2752xxv0rb-libarchive-3.7.5
  • found 3.7.5 in filename of file in /nix/store/npz599iipwpj25mbp8zw2b2752xxv0rb-libarchive-3.7.5

Rebuild report (if merged into master) (click to expand)
55403 total rebuild path(s)

55402 package rebuild(s)

First fifty rebuilds by attrpath

ArchiSteamFarm
CuboCore.coreaction
CuboCore.corearchiver
CuboCore.corefm
CuboCore.coregarage
CuboCore.corehunt
CuboCore.coreimage
CuboCore.coreinfo
CuboCore.corekeyboard
CuboCore.corepad
CuboCore.corepaint
CuboCore.corepdf
CuboCore.corepins
CuboCore.corerenamer
CuboCore.coreshot
CuboCore.corestats
CuboCore.corestuff
CuboCore.coreterminal
CuboCore.coretime
CuboCore.coretoppings
CuboCore.coreuniverse
CuboCore.libcprime
CuboCore.libcsys
DisnixWebService
Fabric
LAStools
LPCNet
MMA
OSCAR
OVMF
OVMF-cloud-hypervisor
OVMFFull
QuadProgpp
R
SDL
SDL1
SDL2
SDL2_Pango
SDL2_gfx
SDL2_image
SDL2_image_2_0
SDL2_image_2_6
SDL2_mixer
SDL2_mixer_2_0
SDL2_net
SDL2_sound
SDL2_ttf
SDL_Pango
SDL_audiolib
Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/npz599iipwpj25mbp8zw2b2752xxv0rb-libarchive-3.7.5 \
  --option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
  --option trusted-public-keys '
  nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A libarchive https://github.com/r-ryantm/nixpkgs/archive/f4907d801096ba71737466cd3f80fa48e9db6a1f.tar.gz

Or:

nix build github:r-ryantm/nixpkgs/f4907d801096ba71737466cd3f80fa48e9db6a1f#libarchive

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/npz599iipwpj25mbp8zw2b2752xxv0rb-libarchive-3.7.5
ls -la /nix/store/npz599iipwpj25mbp8zw2b2752xxv0rb-libarchive-3.7.5/bin


Pre-merge build results

NixPkgs review skipped


Maintainer pings

cc @jcumming @AndersonTorres for testing.

Tip

As a maintainer, if your package is located under pkgs/by-name/*, you can comment @NixOS/nixpkgs-merge-bot merge to automatically merge this update using the nixpkgs-merge-bot.


Add a 👍 reaction to pull requests you find important.

@r-ryantm r-ryantm changed the title libarchive: 3.7.4 -> 3.7.5 libarchive: 3.7.4 -> 3.7.6 Sep 23, 2024
@r-ryantm
Copy link
Contributor Author

Automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/libarchive/libarchive/releases.

meta.description for libarchive is: Multi-format archive and compression library

meta.homepage for libarchive is: http://libarchive.org

meta.changelog for libarchive is: https://github.com/libarchive/libarchive/releases/tag/v3.7.6

Updates performed
  • Version update
To inspect upstream changes
Impact

Checks done


  • built on NixOS

Caution

A test defined in passthru.tests did not pass.

  • found 3.7.6 with grep in /nix/store/qzhc612j67vqpcjbx3b33scb3ybfrz7n-libarchive-3.7.6
  • found 3.7.6 in filename of file in /nix/store/qzhc612j67vqpcjbx3b33scb3ybfrz7n-libarchive-3.7.6

Rebuild report (if merged into master) (click to expand)
55335 total rebuild path(s)

55334 package rebuild(s)

First fifty rebuilds by attrpath

ArchiSteamFarm
CuboCore.coreaction
CuboCore.corearchiver
CuboCore.corefm
CuboCore.coregarage
CuboCore.corehunt
CuboCore.coreimage
CuboCore.coreinfo
CuboCore.corekeyboard
CuboCore.corepad
CuboCore.corepaint
CuboCore.corepdf
CuboCore.corepins
CuboCore.corerenamer
CuboCore.coreshot
CuboCore.corestats
CuboCore.corestuff
CuboCore.coreterminal
CuboCore.coretime
CuboCore.coretoppings
CuboCore.coreuniverse
CuboCore.libcprime
CuboCore.libcsys
DisnixWebService
Fabric
LAStools
LPCNet
MMA
OSCAR
OVMF
OVMF-cloud-hypervisor
OVMFFull
QuadProgpp
R
SDL
SDL1
SDL2
SDL2_Pango
SDL2_gfx
SDL2_image
SDL2_image_2_0
SDL2_image_2_6
SDL2_mixer
SDL2_mixer_2_0
SDL2_net
SDL2_sound
SDL2_ttf
SDL_Pango
SDL_audiolib
Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/qzhc612j67vqpcjbx3b33scb3ybfrz7n-libarchive-3.7.6 \
  --option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
  --option trusted-public-keys '
  nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A libarchive https://github.com/r-ryantm/nixpkgs/archive/3cd51572e3de79080e6ab7da2f6bafd66681f5e5.tar.gz

Or:

nix build github:r-ryantm/nixpkgs/3cd51572e3de79080e6ab7da2f6bafd66681f5e5#libarchive

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/qzhc612j67vqpcjbx3b33scb3ybfrz7n-libarchive-3.7.6
ls -la /nix/store/qzhc612j67vqpcjbx3b33scb3ybfrz7n-libarchive-3.7.6/bin


Pre-merge build results

NixPkgs review skipped


Maintainer pings

cc @jcumming @AndersonTorres for testing.

Tip

As a maintainer, if your package is located under pkgs/by-name/*, you can comment @NixOS/nixpkgs-merge-bot merge to automatically merge this update using the nixpkgs-merge-bot.


Add a 👍 reaction to pull requests you find important.

@r-ryantm r-ryantm force-pushed the auto-update/libarchive branch from f4907d8 to 3cd5157 Compare September 23, 2024 21:06
@LeSuisse
Copy link
Contributor

Security related, it fixes CVE-2024-20696 and CVE-2024-26256 in 3.7.5.

https://github.com/libarchive/libarchive/releases/tag/v3.7.5

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one backport staging-24.05 Backport PR automatically labels Oct 11, 2024
@AndersonTorres
Copy link
Member

Can someone from Darwin look at this?

@vcunat
Copy link
Member

vcunat commented Oct 14, 2024

On unsandboxed aarch64-darwin I'm getting this

Totals:
  Tests run:              622
  Tests failed:             1
  Assertions checked:29963628
  Assertions failed:        6
  Skips reported:          54

Failing tests:
  3: test_acl_platform_nfs4 (6 failures)

(when picking this update atop the current nixpkgs master)

@vcunat
Copy link
Member

vcunat commented Oct 14, 2024

Wait... it did pass on second or third attempt 🤦🏽 Anyway, we surely do want the RCE fix in the upcoming staging-next.

@vcunat vcunat merged commit 3c54adf into NixOS:staging Oct 14, 2024
31 checks passed
Copy link
Contributor

Successfully created backport PR for staging-24.05:

@r-ryantm r-ryantm deleted the auto-update/libarchive branch October 14, 2024 12:18
@trofi
Copy link
Contributor

trofi commented Oct 14, 2024

Bisect says 3cd5157 libarchive: 3.7.4 -> 3.7.6 broke python3Packages.libarchive-c tests in staging as:

$ nix build --no-link -f. python3Packages.libarchive-c -L
...
python3.12-libarchive-c> =================================== FAILURES ===================================
python3.12-libarchive-c> _________________ test_check_archiveentry_using_python_testtar _________________
python3.12-libarchive-c>     def test_check_archiveentry_using_python_testtar():
python3.12-libarchive-c> >       check_entries(join(data_dir, 'testtar.tar'))
python3.12-libarchive-c> tests/test_entry.py:67:
python3.12-libarchive-c> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
python3.12-libarchive-c> tests/test_entry.py:95: in check_entries
python3.12-libarchive-c>     actual = list(get_entries(test_file))
python3.12-libarchive-c> tests/__init__.py:47: in get_entries
python3.12-libarchive-c>     for entry in arch:
python3.12-libarchive-c> libarchive/read.py:27: in __iter__
python3.12-libarchive-c>     r = read_next_header2(archive_p, entry._entry_p)
python3.12-libarchive-c> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
python3.12-libarchive-c> retcode = -10, func = <_FuncPtr object at 0x7fffe881bf50>
python3.12-libarchive-c> args = (10179344, 10607424)
python3.12-libarchive-c>     def check_int(retcode, func, args):
python3.12-libarchive-c>         if retcode >= 0:
python3.12-libarchive-c>             return retcode
python3.12-libarchive-c>         elif retcode == ARCHIVE_WARN:
python3.12-libarchive-c>             logger.warning(_error_string(args[0]))
python3.12-libarchive-c>             return retcode
python3.12-libarchive-c>         else:
python3.12-libarchive-c> >           raise archive_error(args[0], retcode)
python3.12-libarchive-c> E           libarchive.exception.ArchiveError: Damaged tar archive (errno=22, retcode=-10, archive_p=10179344)
python3.12-libarchive-c> libarchive/ffi.py:98: ArchiveError
python3.12-libarchive-c> =========================== short test summary info ============================
python3.12-libarchive-c> FAILED tests/test_entry.py::test_check_archiveentry_using_python_testtar - libarchive.exception.ArchiveError: Damaged tar archive (errno=22, retcode=-...
python3.12-libarchive-c> ========================= 1 failed, 35 passed in 0.32s =========================

@vcunat
Copy link
Member

vcunat commented Oct 14, 2024

Should be Changaco/python-libarchive-c#131

@LeSuisse
Copy link
Contributor

I pulled the fix in #348582

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants