diff options
author | Ludovic Courtès <ludo@gnu.org> | 2014-11-13 11:10:51 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2014-11-13 11:35:14 +0100 |
commit | 3940c5cab39357158c161a7642297ced9988f1a1 (patch) | |
tree | b048575571acc9314c71573972a239c5b7b34e7f | |
parent | 7f614a747c233ad6f2c76b144ef235412891b3a8 (diff) | |
download | guix-3940c5cab39357158c161a7642297ced9988f1a1.tar guix-3940c5cab39357158c161a7642297ced9988f1a1.tar.gz |
gnu: file: Add 5.20 as a replacement--fixes CVE-2014-3710.
* gnu/packages/file.scm (file)[replacement]: New field.
(file/fixed): New variable.
-rw-r--r-- | gnu/packages/file.scm | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index ee7da784f7..0b4cae98ba 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -26,6 +26,7 @@ (define-public file (package + (replacement file/fixed) (name "file") (version "5.19") (source (origin @@ -44,3 +45,15 @@ extensions to tell you the type of a file, but looks at the actual contents of the file.") (license bsd-2) (home-page "http://www.darwinsys.com/file/"))) + +(define file/fixed ;fix for CVE-2014-3710 + (let ((real-version "5.20")) + (package (inherit file) + (source (origin + (method url-fetch) + (uri (string-append "ftp://ftp.astron.com/pub/file/file-" + real-version ".tar.gz")) + (sha256 + (base32 + "0iyjs9z8kp43gz7gva4j67h4p0n53f7q8x3ibai9s01sp3xnphsv")))) + (replacement #f)))) |