--- Begin Message ---
Subject: |
Update librsync to 2.0.1 |
Date: |
Tue, 13 Feb 2018 14:01:13 -0500 |
User-agent: |
Mutt/1.9.3 (2018-01-21) |
librsync 2.0.1 is available at a new upstream URL:
https://github.com/librsync/librsync/releases
Patch attached.
This would also include the fix for CVE-2014-8242, which is about use of
a cryptographically broken hash function (truncated MD4), released in
librsync 1.0.0.
However, at least btar and rdiff-backup aren't compatible with this new
version of librsync (I'm still building deja-dup to test its
compatibility).
Additionally, I noticed that the built package doesn't keep any
references to bzip2 or zlib, which seems wrong to me.
Is anyone using one of the dependent packages interested in looking more
closely at this?
0001-gnu-librsync-Update-to-2.0.1.patch
Description: Text document
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#30448] Update librsync to 2.0.1 |
Date: |
Mon, 25 Feb 2019 18:24:10 -0500 |
User-agent: |
Mutt/1.11.3 (2019-02-01) |
On Wed, Feb 13, 2019 at 04:30:24PM -0500, Leo Famulari wrote:
> Since a new librsync user, burp, has been added to Guix, I've submitted
> an updated revision of this patch.
Pushed as 584dbd8568cca381682fb682b7daf7aa37bc7df8
signature.asc
Description: PGP signature
--- End Message ---