From 15df12beae9f01c87bae85a9a60edf72d8b6ed66 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Mon, 5 Jun 2017 22:09:13 -0400
Subject: gnu: perl: Fix CVE-2017-6512 in File::Path.

* gnu/packages/perl.scm (perl)[replacement]: New field.
(perl/fixed): New variable.
* gnu/packages/patches/perl-file-path-CVE-2017-6512.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/packages/perl.scm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'gnu/packages/perl.scm')

diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index e56c80609b..6da4bb13fd 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -51,6 +51,7 @@
   ;; Yeah, Perl...  It is required early in the bootstrap process by Linux.
   (package
     (name "perl")
+    (replacement perl/fixed)
     (version "5.24.0")
     (source (origin
              (method url-fetch)
@@ -147,6 +148,18 @@
     (home-page "http://www.perl.org/")
     (license gpl1+)))                          ; or "Artistic"
 
+(define perl/fixed
+  (package
+    (inherit perl)
+    (replacement #f)
+    (source
+      (origin
+        (inherit (package-source perl))
+        (patches
+          (append
+            (origin-patches (package-source perl))
+            (search-patches "perl-file-path-CVE-2017-6512.patch")))))))
+
 (define-public perl-algorithm-c3
   (package
     (name "perl-algorithm-c3")
-- 
cgit v1.2.3