[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#30448] Update librsync to 2.0.1
From: |
Leo Famulari |
Subject: |
[bug#30448] Update librsync to 2.0.1 |
Date: |
Tue, 13 Feb 2018 14:01:13 -0500 |
User-agent: |
Mutt/1.9.3 (2018-01-21) |
librsync 2.0.1 is available at a new upstream URL:
https://github.com/librsync/librsync/releases
Patch attached.
This would also include the fix for CVE-2014-8242, which is about use of
a cryptographically broken hash function (truncated MD4), released in
librsync 1.0.0.
However, at least btar and rdiff-backup aren't compatible with this new
version of librsync (I'm still building deja-dup to test its
compatibility).
Additionally, I noticed that the built package doesn't keep any
references to bzip2 or zlib, which seems wrong to me.
Is anyone using one of the dependent packages interested in looking more
closely at this?
0001-gnu-librsync-Update-to-2.0.1.patch
Description: Text document
signature.asc
Description: PGP signature
- [bug#30448] Update librsync to 2.0.1,
Leo Famulari <=