From 3940c5cab39357158c161a7642297ced9988f1a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 13 Nov 2014 11:10:51 +0100 Subject: [PATCH] gnu: file: Add 5.20 as a replacement--fixes CVE-2014-3710. * gnu/packages/file.scm (file)[replacement]: New field. (file/fixed): New variable. --- gnu/packages/file.scm | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index ee7da784f7..0b4cae98ba 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -26,6 +26,7 @@ (define-public file (package + (replacement file/fixed) (name "file") (version "5.19") (source (origin @@ -44,3 +45,15 @@ extensions to tell you the type of a file, but looks at the actual contents of the file.") (license bsd-2) (home-page "http://www.darwinsys.com/file/"))) + +(define file/fixed ;fix for CVE-2014-3710 + (let ((real-version "5.20")) + (package (inherit file) + (source (origin + (method url-fetch) + (uri (string-append "ftp://ftp.astron.com/pub/file/file-" + real-version ".tar.gz")) + (sha256 + (base32 + "0iyjs9z8kp43gz7gva4j67h4p0n53f7q8x3ibai9s01sp3xnphsv")))) + (replacement #f))))