Skip to content

libarchive: 3.7.8 -> 3.8.0#409300

Merged
vcunat merged 2 commits intoNixOS:stagingfrom
zhaofengli:libarchive-3.8.0
May 28, 2025
Merged

libarchive: 3.7.8 -> 3.8.0#409300
vcunat merged 2 commits intoNixOS:stagingfrom
zhaofengli:libarchive-3.8.0

Conversation

@zhaofengli
Copy link
Member

@zhaofengli zhaofengli commented May 21, 2025
edited
Loading

This PR needs #382403 to build on Darwin.

Release notes & diff:

Changes:

This PR addresses:
CVE-2025-5914
CVE-2025-5915
CVE-2025-5916
CVE-2025-5917
CVE-2025-5918

(thanks to @stigtsp for coordinating the assignment)

Things done

  • Built on platform(s)
    • x86_64-linux (applied to master)
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin (applied to master)
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • Nixpkgs 25.11 Release Notes (or backporting 24.11 and 25.05 Nixpkgs Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
  • NixOS 25.11 Release Notes (or backporting 24.11 and 25.05 NixOS Release notes)
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. labels May 21, 2025
@nix-owners nix-owners bot requested a review from jcumming May 21, 2025 06:46
@SigmaSquadron SigmaSquadron added 1.severity: security Issues which raise a security issue, or PRs that fix one 9.needs: port to stable A PR needs a backport to the stable release. labels May 21, 2025
@zhaofengli
libarchive: Add patch to fix macOS metadata handling when reading cer…
8fa0b53 
…tain tarballs

This was merged in <libarchive/libarchive#2636>
and fixes the root cause of the test_copy failure.
@zhaofengli zhaofengli mentioned this pull request May 25, 2025
Closed
13 tasks
@vcunat vcunat mentioned this pull request May 28, 2025
Closed
13 tasks
@vcunat vcunat merged commit e543938 into NixOS:staging May 28, 2025
18 of 19 checks passed
@nixpkgs-ci nixpkgs-ci bot mentioned this pull request May 28, 2025
Merged
1 task
@nixpkgs-ci
Copy link
Contributor

nixpkgs-ci bot commented May 28, 2025

Successfully created backport PR for staging-25.05:

@github-actions github-actions bot added the 8.has: port to stable This PR already has a backport to the stable release. label May 28, 2025
@reckenrode reckenrode mentioned this pull request Jun 3, 2025
Closed
3 tasks
@mdaniels5757 mdaniels5757 removed the 9.needs: port to stable A PR needs a backport to the stable release. label Jun 22, 2025
@stigtsp
Copy link
Member

stigtsp commented Jun 27, 2025

This PR addresses:
CVE-2025-5914
CVE-2025-5915
CVE-2025-5916
CVE-2025-5917
CVE-2025-5918

@zhaofengli zhaofengli deleted the libarchive-3.8.0 branch June 27, 2025 19:03
@h0nIg h0nIg mentioned this pull request Jul 1, 2025
Merged
13 tasks
@h0nIg h0nIg mentioned this pull request Sep 15, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jcumming jcumming Awaiting requested review from jcumming

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 8.has: port to stable This PR already has a backport to the stable release. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@zhaofengli @stigtsp @vcunat @mdaniels5757 @SigmaSquadron