[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?
|
From: |
zimoun |
|
Subject: |
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates? |
|
Date: |
Tue, 16 Mar 2021 18:59:52 +0100 |
Hi,
On Tue, 16 Mar 2021 at 18:06, Léo Le Bouter <lle-bout@zaclys.net> wrote:
> I suggest we disable the test-suite or the specific test in the interim
> for other architectures.
The patch attached in the previous email tweaks the offending test to
allow the test suite to pass on both architectures x86_64 and i686. I
am not able to test the other architectures.
Well, this upgrading zstd from 1.4.4 to 1.4.9 is one way to fix, but
we could also graft by backporting a patch. As Debian did for 1.4.8:
<https://salsa.debian.org/med-team/libzstd/-/blob/master/debian/patches/0018-fix-file-permissions-on-compression.patch>
> The CVE-2021-24032 is Base Score: 9.1 CRITICAL - which is exceptionally
> high so fixing it is an absolute necessity in any branch.
For Suse, the severity is moderate and they rank to 6.2.
<https://www.suse.com/security/cve/CVE-2021-24032/>
Well, even if I agree that security is often important, more haste and
less speed, is generally good. :-)
Cheers,
simon
- Re: GNU Guix (pull?) on i686 broke after zstd grafting, (continued)
Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, zimoun, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, Leo Famulari, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, zimoun, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, Léo Le Bouter, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, Leo Famulari, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, zimoun, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, Leo Famulari, 2021/03/16