[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#33988] [PATCH] gnu: libarchive: Replace with libarchive 3.3.3 and f
From: |
Leo Famulari |
Subject: |
[bug#33988] [PATCH] gnu: libarchive: Replace with libarchive 3.3.3 and fix CVE-2018-{1000877, 1000878, 1000880}. |
Date: |
Sun, 6 Jan 2019 13:16:38 -0500 |
User-agent: |
Mutt/1.11.0 (2018-11-25) |
On Sat, Jan 05, 2019 at 11:56:23PM +0800, Alex Vong wrote:
> Tags: security
>
> Hello guix,
>
> The following patch fixes all CVEs in libarchive. Since updating
> libarchive would cause > 3000 rebuilds, we graft instead.
>
> From c8f1c64de45c7a1fefed69d902164f3577aac817 Mon Sep 17 00:00:00 2001
> From: Alex Vong <address@hidden>
> Date: Sat, 5 Jan 2019 23:20:41 +0800
> Subject: [PATCH] gnu: libarchive: Replace with libarchive 3.3.3 and fix
> CVE-2018-{1000877,1000878,1000880}.
>
> * gnu/packages/backup.scm (libarchive)[source, home-page]: Use HTTPS.
> [replacement]: New field.
> (libarchive-3.3.3): New variable.
> * gnu/packages/patches/libarchive-CVE-2018-1000877.patch,
> gnu/packages/patches/libarchive-CVE-2018-1000878.patch,
> gnu/packages/patches/libarchive-CVE-2018-1000880.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.
Thanks, this works for me. Please push! :)
signature.asc
Description: PGP signature