gnu: libarchive: Replace with 3.3.1 [security fixes].

Fixes CVE-2016-{10209,10350} and CVE-2017-5601.

* gnu/packages/backup.scm (libarchive)[replacement]: New field.
(libarchive-3.3.1): New variable.
This commit is contained in:
Kei Kebreau 2017-05-08 14:58:07 -04:00
parent d14b8dbb74
commit 9034dc8f2a
No known key found for this signature in database
GPG Key ID: E6A5EE3C19467A0D

View File

@ -5,6 +5,7 @@
;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -186,6 +187,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
(replacement libarchive-3.3.1)
(version "3.2.2")
(source
(origin
@ -241,6 +243,20 @@ archive. In particular, note that there is currently no built-in support for
random access nor for in-place modification.")
(license license:bsd-2)))
(define libarchive-3.3.1
(package
(inherit libarchive)
(name "libarchive")
(version "3.3.1")
(source
(origin
(method url-fetch)
(uri (string-append "http://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
(sha256
(base32
"1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))))
(define-public rdup
(package
(name "rdup")