Skip to content

libarchive: 3.6.2 -> 3.7.2#244713

Merged
AndersonTorres merged 1 commit intoNixOS:stagingfrom
LeSuisse:libarchive-3.7.0
Sep 23, 2023
Merged

libarchive: 3.6.2 -> 3.7.2#244713
AndersonTorres merged 1 commit intoNixOS:stagingfrom
LeSuisse:libarchive-3.7.0

Conversation

@LeSuisse
Copy link
Member

@LeSuisse LeSuisse commented Jul 21, 2023

Description of changes

https://github.com/libarchive/libarchive/releases/tag/v3.7.0

Things done
  • Built on platform(s)
    • x86_64-linux (on top of master)
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@ofborg ofborg bot requested review from AndersonTorres and jcumming July 21, 2023 21:24
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jul 21, 2023
@wegank wegank added 2.status: merge conflict This PR has merge conflicts with the target branch 12.approvals: 1 This PR was reviewed and approved by one person. labels Sep 1, 2023
chkno
chkno approved these changes Sep 18, 2023
View reviewed changes
Copy link
Member

@chkno chkno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This version bump fixes https://nvd.nist.gov/vuln/detail/CVE-2023-30571

@LeSuisse LeSuisse added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 23, 2023
@LeSuisse
Copy link
Member Author

LeSuisse commented Sep 23, 2023

This version bump fixes https://nvd.nist.gov/vuln/detail/CVE-2023-30571

It does not. The metadata associated with the CVE entry are not correct.

Upstream issue is still open and AFAIK there is no available fix.
libarchive/libarchive#1876

@LeSuisse LeSuisse removed the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 23, 2023
@github-actions github-actions bot added 6.topic: python Python is a high-level, general-purpose programming language. 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: kernel The Linux kernel 8.has: documentation This PR adds or changes documentation 8.has: changelog This PR adds or changes release notes 8.has: module (update) This PR changes an existing module in `nixos/` labels Sep 23, 2023
@github-actions github-actions bot removed the 6.topic: python Python is a high-level, general-purpose programming language. label Sep 23, 2023
@github-actions github-actions bot removed 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 6.topic: kernel The Linux kernel 8.has: documentation This PR adds or changes documentation 8.has: changelog This PR adds or changes release notes 8.has: module (update) This PR changes an existing module in `nixos/` labels Sep 23, 2023
@LeSuisse
Copy link
Member Author

LeSuisse commented Sep 23, 2023

Rebased on top of staging and updated to 3.7.2 (sorry for the noise, I first rebased it on top of master by mistake).

Flagging this as security related even if CVE-2023-30571 is not fixed.
3.7.1 and 3.7.2 contains security fixes (no CVE ID seems to be associated with them?):
libarchive/libarchive@ee312cf
libarchive/libarchive@1b4e0d0

@LeSuisse LeSuisse added 1.severity: security Issues which raise a security issue, or PRs that fix one and removed 2.status: merge conflict This PR has merge conflicts with the target branch labels Sep 23, 2023
@ofborg ofborg bot requested review from AndersonTorres and jcumming September 23, 2023 18:21
@AndersonTorres AndersonTorres changed the title libarchive: 3.6.2 -> 3.7.0 libarchive: 3.6.2 -> 3.7.2 Sep 23, 2023
@AndersonTorres AndersonTorres merged commit e81936d into NixOS:staging Sep 23, 2023
@LeSuisse LeSuisse deleted the libarchive-3.7.0 branch September 23, 2023 22:19
@trofi
Copy link
Contributor

trofi commented Sep 24, 2023

Bisect says e81936d libarchive: 3.6.2 -> 3.7.2 broke pkgsi686Linux.libarchive on staging as:

Failing tests:
  522: test_write_filter_zstd (202 failures)

Upstream already fixed it. Proposed nixpkgs backport as #257080

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jcumming jcumming Awaiting requested review from jcumming

2 more reviewers

@chkno chkno chkno approved these changes

@AndersonTorres AndersonTorres AndersonTorres approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@LeSuisse @trofi @chkno @AndersonTorres @wegank