me/guix
Archived
1
0
Fork 0
Code Activity

gnu: tar: Replace with 1.34 [fixes CVE-2021-20193].

Browse source 
* gnu/packages/base.scm (tar)[replacement]: New field.
(tar-1.34): New variable.
This commit is contained in:
Mark H Weaver 2021-11-06 05:52:51 -04:00
parent 893a31ec20
commit 33a80e1110
No known key found for this signature in database
GPG key ID: 7CEF29847562C516
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
gnu/packages/base.scm
View file

@ -180,6 +180,7 @@ implementation offers several extensions over the standard utility.")
(package (package
(name "tar") (name "tar")
(version "1.32") (version "1.32")
(replacement tar-1.34)
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://gnu/tar/tar-" (uri (string-append "mirror://gnu/tar/tar-"
@ -234,6 +235,21 @@ standard utility.")
(license gpl3+) (license gpl3+)
(home-page "https://www.gnu.org/software/tar/"))) (home-page "https://www.gnu.org/software/tar/")))
(define-public tar-1.34 ; fixes CVE-2021-20193
(package
(inherit tar)
(version "1.34")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/tar/tar-"
version ".tar.xz"))
(sha256
(base32
"0a0x87anh9chbi2cgcyy7pmnm5hzk4yd1w2j8gm1wplwhwkbvgk3"))
(patches
(search-patches "tar-skip-unreliable-tests.patch"
"tar-remove-wholesparse-check.patch"))))))
(define-public patch (define-public patch
(package (package
(name "patch") (name "patch")