Closed jdblischak closed 4 months ago
conda-forge-webservices[bot]
commented
4 months ago Hi! This is the friendly automated conda-forge-linting service.
I just wanted to let you know that I linted all conda-recipes in your PR (recipe) and found it was in an excellent condition.
jdblischak
commented
4 months ago Looks like the patch applied cleanly:
Applying patch: /home/conda/recipe_root/0019-CVE-2024-27322.patch
Applying patch: /home/conda/recipe_root/0019-CVE-2024-27322.patch with args:
['-Np1', '-i', '/tmp/tmpebdlr5o6/0019-CVE-2024-27322.patch.native', '--binary']
checking file src/main/serialize.c
Hunk #1 succeeded at 2583 (offset -67 lines).
Hunk #2 succeeded at 2639 (offset -67 lines).
Hunk #3 succeeded at 3270 (offset -67 lines).
patching file src/main/serialize.c
Hunk #1 succeeded at 2583 (offset -67 lines).
Hunk #2 succeeded at 2639 (offset -67 lines).
Hunk #3 succeeded at 3270 (offset -67 lines).
Patch analysis gives:
[[ RA-MD1L-VE ]] - [[ 0019-CVE-2024-27322.patch ]]
Checklist
conda-smithy(Use the phrase code>@<space/conda-forge-admin, please rerender in a comment in this PR for automated rerendering)Downloaded the patch from https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7.patch
Rerendering resulted in no changes
xref: #338, #297
Warning to end users: This patch only prevents an obscure (though admittedly now well publicized) vulnerability. Unserializing R data objects (RDS, RDATA) is still inherently insecure, and you should continue to only load such objects from trusted sources.