GNU bug report logs - #54604
[PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 28 Mar 2022 04:08:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 54604 in the body.
You can then email your comments to 54604 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#54604; Package guix-patches. (Mon, 28 Mar 2022 04:08:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 28 Mar 2022 04:08:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Subject: [PATCH] gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].
Date: Mon, 28 Mar 2022 00:06:59 -0400

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://seclists.org/oss-sec/2022/q1/191

* gnu/packages/compression.scm (zlib)[replacement]: New field.
(zlib-1.2.12): New variable.
---
 gnu/packages/compression.scm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 3edaecd951..2287c755b4 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -98,6 +98,7 @@ (define-module (gnu packages compression)
 (define-public zlib
   (package
     (name "zlib")
+    (replacement zlib-1.2.12)
     (version "1.2.11")
     (source
      (origin
@@ -148,6 +149,21 @@ (define-public zlib
 in compression.")
     (license license:zlib)))
 
+(define-public zlib-1.2.12
+  (package
+    (inherit zlib)
+    (version "1.2.12")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (list (string-append "http://zlib.net/zlib-"
+                                 version ".tar.gz")
+                 (string-append "mirror://sourceforge/libpng/zlib/"
+                                version "/zlib-" version ".tar.gz")))
+      (sha256
+       (base32
+        "1n9na4fq4wagw1nzsfjr6wyly960jfa94460ncbf6p1fac44i14i"))))))
+
 (define-public minizip
   (package
     (name "minizip")
-- 
2.34.0
Information forwarded to guix-patches <at> gnu.org:
bug#54604; Package guix-patches. (Sun, 03 Apr 2022 10:37:01 GMT) Full text and rfc822 format available.

Message #8 received at 54604 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: 54604 <at> debbugs.gnu.org
Subject: Re: bug#54604: [PATCH] gnu: zlib: Update to 1.2.12 [fixes
 CVE-2018-25032].
Date: Sun, 03 Apr 2022 12:35:58 +0200

Hi Leo,

Leo Famulari <leo <at> famulari.name> skribis:

> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
> https://seclists.org/oss-sec/2022/q1/191
>
> * gnu/packages/compression.scm (zlib)[replacement]: New field.
> (zlib-1.2.12): New variable.

LGTM, sorry for the delay, and thanks for taking care of it!

Ludo’.
Information forwarded to guix-patches <at> gnu.org:
bug#54604; Package guix-patches. (Tue, 03 Jan 2023 22:32:02 GMT) Full text and rfc822 format available.

Message #11 received at 54604 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: Ludovic Courtès <ludo <at> gnu.org>, 54604 <at> debbugs.gnu.org
Subject: Re: bug#54604: [PATCH] gnu: zlib: Update to 1.2.12 [fixes
 CVE-2018-25032].
Date: Tue, 03 Jan 2023 17:31:04 -0500

Hi Leo,

Ludovic Courtès <ludo <at> gnu.org> writes:

> Hi Leo,
>
> Leo Famulari <leo <at> famulari.name> skribis:
>
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
>> https://seclists.org/oss-sec/2022/q1/191
>>
>> * gnu/packages/compression.scm (zlib)[replacement]: New field.
>> (zlib-1.2.12): New variable.
>
> LGTM, sorry for the delay, and thanks for taking care of it!

Ping!  Feel free to apply it.

-- 
Thanks,
Maxim
Reply sent to Leo Famulari <leo <at> famulari.name>:
You have taken responsibility. (Wed, 04 Jan 2023 18:02:02 GMT) Full text and rfc822 format available.
Notification sent to Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer. (Wed, 04 Jan 2023 18:02:02 GMT) Full text and rfc822 format available.

Message #16 received at 54604-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Ludovic Courtès <ludo <at> gnu.org>,
 54604-done <at> debbugs.gnu.org
Subject: Re: bug#54604: [PATCH] gnu: zlib: Update to 1.2.12 [fixes
 CVE-2018-25032].
Date: Wed, 4 Jan 2023 13:01:30 -0500

On Tue, Jan 03, 2023 at 05:31:04PM -0500, Maxim Cournoyer wrote:
> Ping!  Feel free to apply it.

Pushed as c2c93abd18c37f438006cded8124ff0a32a0e4a7

I forgot about it, sorry!
Information forwarded to guix-patches <at> gnu.org:
bug#54604; Package guix-patches. (Wed, 04 Jan 2023 20:23:02 GMT) Full text and rfc822 format available.

Message #19 received at 54604-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: Ludovic Courtès <ludo <at> gnu.org>, 54604-done <at> debbugs.gnu.org
Subject: Re: bug#54604: [PATCH] gnu: zlib: Update to 1.2.12 [fixes
 CVE-2018-25032].
Date: Wed, 04 Jan 2023 15:22:15 -0500

Hi Leo,

Leo Famulari <leo <at> famulari.name> writes:

> On Tue, Jan 03, 2023 at 05:31:04PM -0500, Maxim Cournoyer wrote:
>> Ping!  Feel free to apply it.
>
> Pushed as c2c93abd18c37f438006cded8124ff0a32a0e4a7
>
> I forgot about it, sorry!

No problem, thank you!

-- 
Thanks,
Maxim
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 02 Feb 2023 12:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 84 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.