From 386399296a48c3ee34b9cc8d2fe08c95635a77af Mon Sep 17 00:00:00 2001
From: Nicolas Graves <ngraves@ngraves.fr>
Date: Fri, 25 Oct 2024 09:39:45 +0200
Subject: gnu: libtar: Patch CVEs. [security fixes]

This fixes CVE-2021-33643, CVE-2021-33644, CVE-2021-33645,
CVE-2021-33646.

* gnu/packages/compression.scm (libtar)[source]<patches>: Add patches
here...
* gnu/local.mk (dist_patch_DATA): ...and here.
* gnu/packages/patches/libtar-CVE-2021-33643-CVE-2021-33644.patch,
gnu/packages/patches/libtar-CVE-2021-33645-CVE-2021-33646.patch: New files.

Signed-off-by: Andreas Enge <andreas@enge.fr>
Change-Id: I60a6b753fddc1a0d08f96010ef3d57ec66c2251b
---
 gnu/local.mk | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 6bd7c75090..c432685775 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1699,6 +1699,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/libquicktime-ffmpeg.patch 		\
   %D%/packages/patches/libsepol-versioned-docbook.patch		\
   %D%/packages/patches/libtar-CVE-2013-4420.patch 		\
+  %D%/packages/patches/libtar-CVE-2021-33643-CVE-2021-33644.patch	\
+  %D%/packages/patches/libtar-CVE-2021-33645-CVE-2021-33646.patch	\
   %D%/packages/patches/libtgvoip-disable-sse2.patch 		\
   %D%/packages/patches/libtgvoip-disable-webrtc.patch 		\
   %D%/packages/patches/libtheora-config-guess.patch		\
-- 
cgit v1.2.3