GNU bug report logs

#70114 [PATCH 0/1] Xz backdoor / JiaT75 cleanup for libarchive

PackageSource(s)Maintainer(s)
guix-patches PTS Buildd Popcon
Full log

Message #19 received at 70114@debbugs.gnu.org (full text, mbox, reply):

Received: (at 70114) by debbugs.gnu.org; 3 Apr 2024 22:08:33 +0000
From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 03 18:08:33 2024
Received: from localhost ([127.0.0.1]:59841 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1rs8mU-0004AH-Vb
	for submit@debbugs.gnu.org; Wed, 03 Apr 2024 18:08:33 -0400
Received: from wfout6-smtp.messagingengine.com ([64.147.123.149]:49213)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>)
 id 1rs8mQ-00049G-Q4; Wed, 03 Apr 2024 18:08:27 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
 by mailfout.west.internal (Postfix) with ESMTP id CD0FC1C00101;
 Wed,  3 Apr 2024 18:08:15 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute2.internal (MEProxy); Wed, 03 Apr 2024 18:08:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:cc:content-type:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:subject:subject:to:to; s=mesmtp; t=1712182095; x=
 1712268495; bh=ypv4r2WTs3h771ebxpqVhfuBr7DAmFcEtBYqw1tjQaM=; b=K
 ni00i7dVgfk7s5ItG73ZVZhl2szXbdCXwdCrQI88w3xWDL4maAstAs16P2BachLs
 DaEk9rxvZ4hnUUJM3m7DSNU53GYntkW6wuEMyfH2AXM2k2gZ7bXWtMmzuQEIhyck
 uqgiOiWj+QKlWSy1/rlRHMFd5GA2OgXwiBcg9uTNoo=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:subject:subject:to
 :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm2; t=1712182095; x=1712268495; bh=ypv4r2WTs3h771ebxpqVhfuBr7DA
 mFcEtBYqw1tjQaM=; b=GMRQc7Q7sKYF4iv3R4TN8cez6nxluhLNHCBhsHkvm4tE
 Q4e2NecKLulQoiVUrZRUCMbGH9SMxklNGQHFFJeWeIhExLRLFlpKEipiuh+xgEOo
 zqfeUEtXRJyLUFec96y22sNCNsXtGTn++W12QuEPT1beshGALWB5hf4/RkWps3nE
 TN8yGlZDp60Bqjmn9AZieA4EV7Ly1VfiGbFibu0zjVGdR4kF/6Kd3+mBk/VIh/D7
 O6BPvs8HQZf6Eo+NVcydcO4AX2JD137q6S1Q8qWtPf1eI+3GxQ/IWdfHyZTKYy2C
 vpmCMB21wcT6zxt8694g40kCiIA+BSGSSCyeVp8zuw==
X-ME-Sender: <xms:TtMNZsOGwjeuEyqImsoR0__zrs4nqjEzvCQ65eKVhoeMpocNm57vNg>
 <xme:TtMNZi-voCDOXM30Gh6gppxQZj4wrZJIJXlixzT56gLG1qAUUd4LRed1a1BUYZpAg
 T3X4Zsk-uts9BjIWw>
X-ME-Received: <xmr:TtMNZjQpg3pn-L4-viqkVAd7k1nvpjl0oS2Io0ItlclYQDvJ7Vc-wy8K0GPMS93f_dqVOGXWFPZXb6pEaRFwmS7K>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudefjedgtdejucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepnfgvohcu
 hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth
 htvghrnheptedvtdetfefffffffeelfedvkeekfeduveduieejfeeugeelteffvdeuffej
 leevnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh
 gvohesfhgrmhhulhgrrhhirdhnrghmvg
X-ME-Proxy: <xmx:TtMNZkuvsFkPcQqltD22aeUiI7llJKfOQbdVYz7AE3huB7XldjzPFQ>
 <xmx:TtMNZkfJH83oVKOZbBFynIw9tzGx8F0SL2vrcU2_QdKfhmxSB41U_A>
 <xmx:TtMNZo0ZuYX6SdowDeZt_EDev-u4raiy0Xv-MIlSU_aSU_tKt1UImQ>
 <xmx:TtMNZo8gXoMtwXsq2F77lif97X6i4ap-aD3y5YCOqBXxvzt16bCjMg>
 <xmx:T9MNZj6S9z9Mco29Kdpg26mvIN1ubxHjKfOCb5BUCZ8G8GhNzBR8c_cZ>
Feedback-ID: i819c4023:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 3 Apr 2024 18:08:14 -0400 (EDT)
Date: Wed, 3 Apr 2024 18:08:12 -0400
From: Leo Famulari <leo@famulari.name>
To: John Kehayias <john.kehayias@protonmail.com>
Subject: Re: [bug#70113] [PATCH 1/1] gnu: libarchive: Fix a potential
 security issue.
Message-ID: <Zg3TTEwIZkIObXc0@jasmine.lan>
References: <87il10wipx.fsf@protonmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="PTlCHuXfbKDRXpCB"
Content-Disposition: inline
In-Reply-To: <87il10wipx.fsf@protonmail.com>
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 70114
Cc: 70114@debbugs.gnu.org, 70113-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

[Message part 1 (text/plain, inline)]
On Tue, Apr 02, 2024 at 03:23:44AM +0000, John Kehayias wrote:
> Overall changes look good, but I have not had a chance to try it locally
> (building or dependents).

I successfully tested with the file-roller package, which depends
directly on libarchive and no other related packages. I think it's a
reasonable basic test case.

I agree it's a good idea to look into a more comprehensive update to
libarchive, but I just wanted to get this patch in ASAP.

Pushed as 629614c7a3f9283306939402f1ff46914f327c21

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:42:04 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.