[debbugs-tracker] bug#28972: closed ([PATCH] gnu: Remove unrar.)

[GNU bug Tracking System]

Your message dated Sun, 12 Nov 2017 16:20:35 -0500
with message-id <address@hidden>
and subject line Re: [bug#28972] [PATCH] gnu: Remove unrar.
has caused the debbugs.gnu.org bug report #28972,
regarding [PATCH] gnu: Remove unrar.
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
28972: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=28972
GNU Bug Tracking System
Contact address@hidden with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> [PATCH] gnu: Remove unrar.
>
>
>
>
> Date: 
>
> Tue, 24 Oct 2017 14:52:34 -0400
>
>
>
>
> This package is abandoned upstream and contains serious bugs:
>
> http://seclists.org/oss-sec/2017/q3/329
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14120
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14121
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14122
>
> * gnu/packages/compression.scm (unrar): Remove variable.
> ---
>  gnu/packages/compression.scm | 18 ------------------
>  1 file changed, 18 deletions(-)
>
> diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
> index a2bf3a186..c06c3c52e 100644
> --- a/gnu/packages/compression.scm
> +++ b/gnu/packages/compression.scm
> @@ -1285,24 +1285,6 @@ or junctions, and always follows hard links.")
>   archives from InstallShield installers.")
>      (license license:expat)))
>  
> -(define-public unrar
> -  (package
> -    (name "unrar")
> -    (version "0.0.1")
> -    (source (origin
> -              (method url-fetch)
> -              (uri (string-append
> -                    "http://download.gna.org/unrar/unrar-"; version ".tar.gz"))
> -              (sha256
> -               (base32
> -                "1fgmjaxffj3shyxgy765jhxwz1cq88hk0fih1bsdzyvymyyz6mz7"))))
> -    (build-system gnu-build-system)
> -    (home-page "http://download.gna.org/unrar";)
> -    (synopsis "RAR archive extraction tool")
> -    (description "Unrar is a simple command-line program to list and extract
> -RAR archives.")
> -    (license license:gpl2+)))
> -
>  (define-public zstd
>    (package
>      (name "zstd")
> -- 
> 2.14.3
>
>
>
>
> --- End Message ---

--- Begin Message --- Subject: Re: [bug#28972] [PATCH] gnu: Remove unrar. Date: Sun, 12 Nov 2017 16:20:35 -0500 User-agent: Mutt/1.9.1 (2017-09-22)

On Wed, Oct 25, 2017 at 04:30:43PM +0200, Ricardo Wurmus wrote:
> 
> Adonay Felipe Nogueira <address@hidden> writes:
> 
> > Perhaps The Unarchiver (unar, no R in the middle)?
> >
> > See <https://directory.fsf.org/wiki/Unar>
> 
> I tried packaging this once, but it is quite difficult as it depends on
> an Objective C compiler (which is currently broken in Guix due to the
> fact that GCC doesn’t find it) and GNUstep (which is not fully packaged
> yet).
> 
> I agree with Leo to remove the outdated unrar package.  Waiting for the
> alternative to be packaged would not be reasonable, given the size of
> the task.

Removed with commit 2560aa7adbfcb46306e8b19180bd48d39c2da6dc.

If anyone is interested in maintaining a package outside of Guix, Debian
has written some patches for the recently discovered bugs, distributed
in their package version 1:0.0.1+cvs20140707-4:

https://packages.debian.org/sid/unrar-free
http://http.debian.net/debian/pool/main/u/unrar-free/unrar-free_0.0.1+cvs20140707-4.debian.tar.xz

I thought about taking these patches, but the bug reporter said it took
them only "a few minutes" to find these bugs, so I'm not optimistic
about the state of this program, at least if it is not maintained
upstream.

signature.asc
Description: PGP signature

--- End Message ---