[PATCH] gnu: buildah: Update to 1.35.4 [security fixes].

Done

Details

2 participants

Maxim Cournoyer
Tomas Volf

Owner: unassigned

Submitted by: Tomas Volf

Severity: normal

Tomas Volf wrote on 22 May 20:52 +0200

Recipients:(address . guix-patches@gnu.org)(name . Tomas Volf)(address . ~@wolfsden.cz)

Message-ID:3199a6f4c03372b649f40145a4da52837f9a1f70.1716403923.git.~@wolfsden.cz

This fixes CVE-2024-3727 and CVE-2024-28180.

* gnu/packages/containers.scm (buildah): Update to 1.35.4.

Change-Id: I5ee2b4591b39ee85d7236aedda7a2508df8e0e48

---

gnu/packages/containers.scm | 4 ++--

1 file changed, 2 insertions(+), 2 deletions(-)

Toggle diff (24 lines)diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm
index 917d152609..f733bb6b6c 100644
--- a/gnu/packages/containers.scm
+++ b/gnu/packages/containers.scm
@@ -609,7 +609,7 @@ (define-public podman-compose
 (define-public buildah
   (package
     (name "buildah")
-    (version "1.35.3")
+    (version "1.35.4")
     (source
      (origin
        (method git-fetch)
@@ -617,7 +617,7 @@ (define-public buildah
              (url "https://github.com/containers/buildah")
              (commit (string-append "v" version))))
        (sha256
-        (base32 "07hr2cfp4kblnmva02ap97id5nzhbqigdfvx7c8nyrkfzw0340n0"))
+        (base32 "1p21lh8ds688nv0valzgl6s20bwzsyvr1sa15ra2mprj79azvl4r"))
        (file-name (git-file-name name version))))
     (build-system gnu-build-system)
     (arguments
-- 
2.41.0

Maxim Cournoyer wrote on 30 May 15:28 +0200

Recipients:(name . Tomas Volf)(address . ~@wolfsden.cz)(address . 71125-done@debbugs.gnu.org)

Message-ID:87frtze8f0.fsf@gmail.com

Hi,

Tomas Volf <~@wolfsden.cz> writes:

Toggle quote (4 lines)

> This fixes CVE-2024-3727 and CVE-2024-28180.

> * gnu/packages/containers.scm (buildah): Update to 1.35.4.

I see another patch of yours has landed meanwhile, updating it to
1.36.0.  I trust this is resolved.

-- 
Thanks,
Maxim

Closed

Tomas Volf wrote on 30 May 16:08 +0200

Recipients:(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)(address . 71125-done@debbugs.gnu.org)

Message-ID:ZliIVhnO5admy0Kq@ws

On 2024-05-30 09:28:03 -0400, Maxim Cournoyer wrote:

Toggle quote (11 lines)> Hi,
>
> Tomas Volf <~@wolfsden.cz> writes:
>
> > This fixes CVE-2024-3727 and CVE-2024-28180.
> >
> > * gnu/packages/containers.scm (buildah): Update to 1.35.4.
>
> I see another patch of yours has landed meanwhile, updating it to
> 1.36.0.  I trust this is resolved.

Yes, I believe so. I should have paid more attention and close this (obsolete)

patch. Sorry about that.

Tomas

There are only two hard things in Computer Science:

cache invalidation, naming things and off-by-one errors.

Closed

Maxim Cournoyer wrote on 30 May 22:35 +0200

Recipients:(name . Tomas Volf)(address . ~@wolfsden.cz)(address . 71125-done@debbugs.gnu.org)

Message-ID:87y17rca1z.fsf@gmail.com

Hi Tomas,

Tomas Volf <~@wolfsden.cz> writes:

Toggle quote (15 lines)> On 2024-05-30 09:28:03 -0400, Maxim Cournoyer wrote:
>> Hi,
>>
>> Tomas Volf <~@wolfsden.cz> writes:
>>
>> > This fixes CVE-2024-3727 and CVE-2024-28180.
>> >
>> > * gnu/packages/containers.scm (buildah): Update to 1.35.4.
>>
>> I see another patch of yours has landed meanwhile, updating it to
>> 1.36.0.  I trust this is resolved.
>
> Yes, I believe so.  I should have paid more attention and close this (obsolete)
> patch.  Sorry about that.

No worries! Thanks for the heads-up.

Thanks,

Maxim

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 71125@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 71125

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date