Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 582710

Summary: =app-arch/libarchive-3.2.0 version bump
Product: Gentoo Linux Reporter: Adam Feldman <np-hardass>
Component: Current packagesAssignee: Gentoo/BSD Team <bsd+disabled>
Status: RESOLVED FIXED    
Severity: normal CC: ago, np-hardass, ssuominen, williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/libarchive/libarchive/tree/v3.2.0
Whiteboard:
Package list:
Runtime testing required: ---

Description Adam Feldman gentoo-dev 2016-05-11 04:21:44 UTC 
First release since 2013 :)
Looks like a lot of work
Adding this bug for myself to remind myself to work on it.
Comment 1 Coacher 2016-05-11 04:35:57 UTC 
Please also backport this change: https://github.com/libarchive/libarchive/commit/9690ea4f3b79d07860f3ea55b6fab571721849b5
Comment 2 Adam Feldman gentoo-dev 2016-05-11 04:37:28 UTC 
(In reply to Coacher from comment #1)
> Please also backport this change:
> https://github.com/libarchive/libarchive/commit/
> 9690ea4f3b79d07860f3ea55b6fab571721849b5

Sure, I can look into doing that.  Is this for a particular package?
Comment 3 Coacher 2016-05-11 05:19:58 UTC 
(In reply to NP-Hardass from comment #2)
> Sure, I can look into doing that.  Is this for a particular package?

Not sure if I understand you. I use ark daily, which relies on libarchive. XZ is quite popular nowadays so having multithreaded XZ support would be nice.
Comment 4 William Hubbs gentoo-dev 2016-07-02 00:08:07 UTC 
I add libarchive-3.2.1 to the tree. Please let me know whether it
includes the change you wanted backported.

I did this because ago was looking for a bump on IRC earlier today.

William
Comment 5 Adam Feldman gentoo-dev 2016-07-02 00:43:08 UTC 
(In reply to William Hubbs from comment #4)
> I add libarchive-3.2.1 to the tree. Please let me know whether it
> includes the change you wanted backported.
> 
> I did this because ago was looking for a bump on IRC earlier today.
> 
> William

Not that I'm not appreciative of the bump... But is there a reason why I wasn't even pinged/consulted?  It hadn't happened yet because there were a lot of upstream changes that required updating the ebuild's configure options and deps.
Comment 6 William Hubbs gentoo-dev 2016-07-03 17:13:56 UTC 
I am adding @ago to this bug so he can explain why he wanted this bump.

Thanks,

William
Comment 7 Agostino Sarubbo gentoo-dev 2016-07-04 08:40:00 UTC 
(In reply to William Hubbs from comment #6)
> I am adding @ago to this bug so he can explain why he wanted this bump.
> 
> Thanks,
> 
> William

Because of this:
https://blog.fuzzing-project.org/48-Out-of-bounds-read-and-signed-integer-overflow-in-libarchive.html
Comment 8 Adam Feldman gentoo-dev 2016-07-04 20:00:28 UTC 
(In reply to Agostino Sarubbo from comment #7)
> (In reply to William Hubbs from comment #6)
> > I am adding @ago to this bug so he can explain why he wanted this bump.
> > 
> > Thanks,
> > 
> > William
> 
> Because of this:
> https://blog.fuzzing-project.org/48-Out-of-bounds-read-and-signed-integer-
> overflow-in-libarchive.html

No problem.  Just ping me directly next time that you need me to look at a package immediately, please.
Comment 9 Adam Feldman gentoo-dev 2016-07-05 19:29:48 UTC 
Bumped to 3.2.1-r3 which includes fixes for OS X prefix and Solaris.

Commit eb38d016eda247952828b7c3de6d1fd4cb558cf5