From e7806e6caad62e0bea6790271ac8db37f5168750 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 10 May 2016 16:15:06 -0400
Subject: gnu: libarchive: Fix CVE-2016-1541.

* gnu/packages/backup.scm (libarchive)[replacement]: New field.
(libarchive/fixed): New variable.
* gnu/packages/patches/libarchive-CVE-2016-1541.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/packages/backup.scm | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'gnu/packages/backup.scm')

diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index a7b48f1154..917bee78d9 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -136,6 +136,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
+    (replacement libarchive/fixed)
     (version "3.1.2")
     (source
      (origin
@@ -193,6 +194,14 @@ archive.  In particular, note that there is currently no built-in support for
 random access nor for in-place modification.")
     (license license:bsd-2)))
 
+(define libarchive/fixed
+  (package
+    (inherit libarchive)
+    (source (origin
+              (inherit (package-source libarchive))
+              (patches (cons (search-patch "libarchive-CVE-2016-1541.patch")
+                             (origin-patches (package-source libarchive))))))))
+
 (define-public rdup
   (package
     (name "rdup")
-- 
cgit v1.2.3