Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libarchive: security, remove old versions, bump deps #23509

Merged
merged 5 commits into from
Apr 17, 2024
Merged

libarchive: security, remove old versions, bump deps #23509

merged 5 commits into from
Apr 17, 2024

Conversation

mayeut
Copy link
Contributor

@mayeut mayeut commented Apr 13, 2024
edited
Loading

Specify library name and version: libarchive/all

All versions<3.7.0 have some CVEs, let's remove all those versions. The qarchive recipe will need to be updated.
expat<2.6.2 have known security issues, bump: #23277
libxml2<2.12.5 have known security issues, bump: #23277

@mayeut
libarchive: remove vulnerable unused versions
3b7857b 
All versions<3.7.0 have some CVEs, let's remove all versions not used in CCI which are vulnerable.
@mayeut
libarchive: bump deps
ee4f0ae 
expat<2.6.2 have known security issues
libxml2<2.12.5 have known security issues
@mayeut
libarchive: remove vulnerable version 3.6.2
91bcd56 
only used in qarchive recipe
@github-actions GitHub Actions
Copy link
Contributor

🤖 Beep Boop! This pull request is making changes to 'recipes/libarchive//'.

👋 @jwillikers you might be interested. 😉

@conan-center-bot

This comment has been minimized.

Sign in to view
@prince-chrismc prince-chrismc mentioned this pull request Apr 13, 2024
Open
@mayeut mayeut mentioned this pull request Apr 13, 2024
Open
@conan-center-bot

This comment has been minimized.

Sign in to view
@AbrilRBS AbrilRBS self-assigned this Apr 17, 2024
@AbrilRBS
Copy link
Member

Remember that removing versions from the configs only means that they won't be updated again, but they'll still be present in the remote :)

@conan-center-bot
Copy link
Collaborator

Conan v1 pipeline ✔️

All green in build 3 (078d254a18462d1c7054b19a9dc81a5085d3217e):

  • libarchive/3.7.1:
    All packages built successfully! (All logs)

  • libarchive/3.7.3:
    All packages built successfully! (All logs)

  • libarchive/3.7.2:
    All packages built successfully! (All logs)

Conan v2 pipeline ✔️

Note: Conan v2 builds are now mandatory. Please read our discussion about it.

All green in build 3 (078d254a18462d1c7054b19a9dc81a5085d3217e):

  • libarchive/3.7.3:
    All packages built successfully! (All logs)

  • libarchive/3.7.2:
    All packages built successfully! (All logs)

  • libarchive/3.7.1:
    All packages built successfully! (All logs)

@conan-center-bot conan-center-bot merged commit c4495e4 into conan-io:master Apr 17, 2024
23 checks passed
@mayeut mayeut deleted the libarchive-security branch April 17, 2024 20:26
franramirez688 pushed a commit to toge/conan-center-index that referenced this pull request Apr 23, 2024
@mayeut @franramirez688
(conan-io#23509) libarchive: security, remove old versions, bump deps
08b31ee 
* libarchive: remove vulnerable unused versions

All versions<3.7.0 have some CVEs, let's remove all versions not used in CCI which are vulnerable.

* libarchive: bump deps

expat<2.6.2 have known security issues
libxml2<2.12.5 have known security issues

* libarchive: remove vulnerable version 3.6.2

only used in qarchive recipe

* use version range for expat
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwillikers jwillikers jwillikers approved these changes

@AbrilRBS AbrilRBS AbrilRBS approved these changes

Assignees

@AbrilRBS AbrilRBS

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mayeut @conan-center-bot @AbrilRBS @jwillikers