* [PR PATCH] lurch: revert patch from #26757
@ 2020-11-30 21:28 the-maldridge
2020-11-30 21:43 ` Vaelatern
2020-12-01 2:20 ` [PR PATCH] [Merged]: " the-maldridge
0 siblings, 2 replies; 3+ messages in thread
From: the-maldridge @ 2020-11-30 21:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 770 bytes --]
There is a new pull request by the-maldridge against master on the void-packages repository
https://github.com/the-maldridge/void-packages revert-26757
https://github.com/void-linux/void-packages/pull/26843
lurch: revert patch from #26757
The patch was erroneously applied after a github user claimed it to be
a security issue, and later it was determined that this user was going
around tricking various projects into applying their patch that had
been exlicitly declined by upstream (xsf/xeps#894).
There's probably a dialog to happen here around relative security of
accepting unverified patches in the name of 'security' but this is
neither the time nor the place.
A patch file from https://github.com/void-linux/void-packages/pull/26843.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-revert-26757-26843.patch --]
[-- Type: text/x-diff, Size: 1394 bytes --]
From f1b0c673cf88c1ca68f82028c0f69b9d21549f11 Mon Sep 17 00:00:00 2001
From: Michael Aldridge <maldridge@VoidLinux.org>
Date: Mon, 30 Nov 2020 13:21:58 -0800
Subject: [PATCH] lurch: revert patch from #26757
The patch was erroneously applied after a github user claimed it to be
a security issue, and later it was determined that this user was going
around tricking various projects into applying their patch that had
been exlicitly declined by upstream (xsf/xeps#894).
There's probably a dialog to happen here around relative security of
accepting unverified patches in the name of 'security' but this is
neither the time nor the place.
---
srcpkgs/lurch/template | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/srcpkgs/lurch/template b/srcpkgs/lurch/template
index b5f1bd3e4d2..207c49d3ec5 100644
--- a/srcpkgs/lurch/template
+++ b/srcpkgs/lurch/template
@@ -1,7 +1,7 @@
# Template file for 'lurch'
pkgname=lurch
version=0.6.8
-revision=3
+revision=4
build_style=gnu-makefile
make_use_env=yes
hostmakedepends="cmake pkg-config"
@@ -14,7 +14,3 @@ distfiles="https://github.com/gkdr/lurch/releases/download/v${version}/lurch-${v
checksum=2e2447b5fe6b1ae4f08d8c79a2a846c70290685d6e338bf5ea8f59705bd2b19f
LDFLAGS="-L${XBPS_CROSS_BASE}/usr/lib/purple-2"
-
-post_patch() {
- vsed -e '/#define OMEMO_AES_GCM_IV_LENGTH/s/16/12/' -i lib/libomemo/src/libomemo.h
-}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: lurch: revert patch from #26757
2020-11-30 21:28 [PR PATCH] lurch: revert patch from #26757 the-maldridge
@ 2020-11-30 21:43 ` Vaelatern
2020-12-01 2:20 ` [PR PATCH] [Merged]: " the-maldridge
1 sibling, 0 replies; 3+ messages in thread
From: Vaelatern @ 2020-11-30 21:43 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 593 bytes --]
New comment by Vaelatern on void-packages repository
https://github.com/void-linux/void-packages/pull/26843#issuecomment-736074335
Comment:
We should not maintain patches that change functionality, and that go against [expressed upstream wishes](https://github.com/gkdr/libomemo/issues/24#issuecomment-735408224). Approved.
We have been known to accept security patches, referencing identical upstream commits or CVEs. We have been known to expedite upgrades when they include security fixes. Even if upstream chooses to be insecure by some measure, I think it is reasonable to let them.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PR PATCH] [Merged]: lurch: revert patch from #26757
2020-11-30 21:28 [PR PATCH] lurch: revert patch from #26757 the-maldridge
2020-11-30 21:43 ` Vaelatern
@ 2020-12-01 2:20 ` the-maldridge
1 sibling, 0 replies; 3+ messages in thread
From: the-maldridge @ 2020-12-01 2:20 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 602 bytes --]
There's a merged pull request on the void-packages repository
lurch: revert patch from #26757
https://github.com/void-linux/void-packages/pull/26843
Description:
The patch was erroneously applied after a github user claimed it to be
a security issue, and later it was determined that this user was going
around tricking various projects into applying their patch that had
been exlicitly declined by upstream (xsf/xeps#894).
There's probably a dialog to happen here around relative security of
accepting unverified patches in the name of 'security' but this is
neither the time nor the place.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-01 2:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-30 21:28 [PR PATCH] lurch: revert patch from #26757 the-maldridge
2020-11-30 21:43 ` Vaelatern
2020-12-01 2:20 ` [PR PATCH] [Merged]: " the-maldridge
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).