aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/perl.scm
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-06-05 22:09:13 -0400
committerLeo Famulari <leo@famulari.name>2017-06-06 20:59:12 -0400
commit15df12beae9f01c87bae85a9a60edf72d8b6ed66 (patch)
tree934fc2675345e130c10c129ff741cb3a044dea23 /gnu/packages/perl.scm
parent9c8fb06e4c0719319b7b3ca68489dddadeb42571 (diff)
downloadguix-15df12beae9f01c87bae85a9a60edf72d8b6ed66.tar
guix-15df12beae9f01c87bae85a9a60edf72d8b6ed66.tar.gz
gnu: perl: Fix CVE-2017-6512 in File::Path.
* gnu/packages/perl.scm (perl)[replacement]: New field. (perl/fixed): New variable. * gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/perl.scm')
-rw-r--r--gnu/packages/perl.scm13
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index e56c80609b..6da4bb13fd 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -51,6 +51,7 @@
;; Yeah, Perl... It is required early in the bootstrap process by Linux.
(package
(name "perl")
+ (replacement perl/fixed)
(version "5.24.0")
(source (origin
(method url-fetch)
@@ -147,6 +148,18 @@
(home-page "http://www.perl.org/")
(license gpl1+))) ; or "Artistic"
+(define perl/fixed
+ (package
+ (inherit perl)
+ (replacement #f)
+ (source
+ (origin
+ (inherit (package-source perl))
+ (patches
+ (append
+ (origin-patches (package-source perl))
+ (search-patches "perl-file-path-CVE-2017-6512.patch")))))))
+
(define-public perl-algorithm-c3
(package
(name "perl-algorithm-c3")