aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-11-13 11:10:51 +0100
committerLudovic Courtès <ludo@gnu.org>2014-11-13 11:35:14 +0100
commit3940c5cab39357158c161a7642297ced9988f1a1 (patch)
treeb048575571acc9314c71573972a239c5b7b34e7f
parent7f614a747c233ad6f2c76b144ef235412891b3a8 (diff)
downloadguix-3940c5cab39357158c161a7642297ced9988f1a1.tar
guix-3940c5cab39357158c161a7642297ced9988f1a1.tar.gz
gnu: file: Add 5.20 as a replacement--fixes CVE-2014-3710.
* gnu/packages/file.scm (file)[replacement]: New field. (file/fixed): New variable.
-rw-r--r--gnu/packages/file.scm13
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm
index ee7da784f7..0b4cae98ba 100644
--- a/gnu/packages/file.scm
+++ b/gnu/packages/file.scm
@@ -26,6 +26,7 @@
(define-public file
(package
+ (replacement file/fixed)
(name "file")
(version "5.19")
(source (origin
@@ -44,3 +45,15 @@ extensions to tell you the type of a file, but looks at the actual contents
of the file.")
(license bsd-2)
(home-page "http://www.darwinsys.com/file/")))
+
+(define file/fixed ;fix for CVE-2014-3710
+ (let ((real-version "5.20"))
+ (package (inherit file)
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "ftp://ftp.astron.com/pub/file/file-"
+ real-version ".tar.gz"))
+ (sha256
+ (base32
+ "0iyjs9z8kp43gz7gva4j67h4p0n53f7q8x3ibai9s01sp3xnphsv"))))
+ (replacement #f))))