gnu: libarchive: Replace with 3.3.1 [security fixes].
Fixes CVE-2016-{10209,10350} and CVE-2017-5601. * gnu/packages/backup.scm (libarchive)[replacement]: New field. (libarchive-3.3.1): New variable.
This commit is contained in:
parent
d14b8dbb74
commit
9034dc8f2a
|
@ -5,6 +5,7 @@
|
||||||
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
|
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||||
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
|
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
|
||||||
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
|
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
|
||||||
|
;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -186,6 +187,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
|
||||||
(define-public libarchive
|
(define-public libarchive
|
||||||
(package
|
(package
|
||||||
(name "libarchive")
|
(name "libarchive")
|
||||||
|
(replacement libarchive-3.3.1)
|
||||||
(version "3.2.2")
|
(version "3.2.2")
|
||||||
(source
|
(source
|
||||||
(origin
|
(origin
|
||||||
|
@ -241,6 +243,20 @@ archive. In particular, note that there is currently no built-in support for
|
||||||
random access nor for in-place modification.")
|
random access nor for in-place modification.")
|
||||||
(license license:bsd-2)))
|
(license license:bsd-2)))
|
||||||
|
|
||||||
|
(define libarchive-3.3.1
|
||||||
|
(package
|
||||||
|
(inherit libarchive)
|
||||||
|
(name "libarchive")
|
||||||
|
(version "3.3.1")
|
||||||
|
(source
|
||||||
|
(origin
|
||||||
|
(method url-fetch)
|
||||||
|
(uri (string-append "http://libarchive.org/downloads/libarchive-"
|
||||||
|
version ".tar.gz"))
|
||||||
|
(sha256
|
||||||
|
(base32
|
||||||
|
"1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))))
|
||||||
|
|
||||||
(define-public rdup
|
(define-public rdup
|
||||||
(package
|
(package
|
||||||
(name "rdup")
|
(name "rdup")
|
||||||
|
|
Loading…
Reference in New Issue