bartronx7/guix
1
0
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2026-01-25 12:05:19 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: libarchive: Graft to 3.7.7. [security fixes]

Browse source 
* gnu/packages/backup.scm (libarchive): Add replacement with libarchive/fixed.
(libarchive/fixed): New variable.

Fixes: Out of bounds access in ZIP files [CVE-2024-37407].
Fixes: Out of bounds access in RAR files [CVE-2024-48957, CVE-2024-48958].
Fixes: Race condition in multi-threaded systems [CVE-2023-30571].
Fixes: NULL pointer dereference [CVE-2022-36227].
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
This commit is contained in:
Liliana Marie Prikler 2024-11-09 15:27:49 +01:00 committed by Maxim Cournoyer
parent 0cbd830ebb
commit a6dab6e915
No known key found for this signature in database
GPG key ID: 1260E46482E63562
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
gnu/packages/backup.scm
View file

@ -262,6 +262,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
(replacement libarchive/fixed)
(version "3.6.1")
(source
(origin
@ -351,6 +352,22 @@ random access nor for in-place modification. This package provides the
@command{bsdcat}, @command{bsdcpio} and @command{bsdtar} commands.")
(license license:bsd-2)))
(define-public libarchive/fixed
(package
(inherit libarchive)
(version "3.7.7")
(source
(origin
(method url-fetch)
(uri (list (string-append "https://libarchive.org/downloads/libarchive-"
version ".tar.xz")
(string-append "https://github.com/libarchive/libarchive"
"/releases/download/v" version "/libarchive-"
version ".tar.xz")))
(sha256
(base32
"1vps57mrpqmrk4zayh5g5amqfq7031s5zzkkxsm7r71rqf1wv6l7"))))))
(define-public rdup
(package
(name "rdup")