From 94d671f673d184691cb13d36203e109c13cd4859 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Wed, 6 Sep 2017 15:43:30 -0400
Subject: gnu: libarchive: Replace with libarchive 3.3.2 and fix
 CVE-2017-14166.

* gnu/packages/backup.scm (libarchive)[replacement]: New field.
(libarchive-3.3.2): New variable.
* gnu/packages/patches/libarchive-CVE-2017-14166.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/packages/backup.scm | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'gnu/packages/backup.scm')

diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index eca69bebed..006d00ef0c 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -184,6 +184,7 @@ (define-public hdup
 (define-public libarchive
   (package
     (name "libarchive")
+    (replacement libarchive-3.3.2)
     (version "3.3.1")
     (source
      (origin
@@ -239,19 +240,19 @@ (define-public libarchive
 random access nor for in-place modification.")
     (license license:bsd-2)))
 
-(define libarchive-3.3.1
+(define libarchive-3.3.2
   (package
     (inherit libarchive)
-    (name "libarchive")
-    (version "3.3.1")
+    (version "3.3.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "http://libarchive.org/downloads/libarchive-"
                            version ".tar.gz"))
+       (patches (search-patches "libarchive-CVE-2017-14166.patch"))
        (sha256
         (base32
-         "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))))
+         "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))))
 
 (define-public rdup
   (package
-- 
cgit v1.2.3