From c824dedf711dc4aa33e005fa291a3aec58a9e2e2 Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Sat, 5 Jan 2019 23:20:41 +0800
Subject: gnu: libarchive: Replace with libarchive 3.3.3 and fix
 CVE-2018-{1000877,1000878,1000880}.

* gnu/packages/backup.scm (libarchive)[source, home-page]: Use HTTPS.
[replacement]: New field.
(libarchive-3.3.3): New variable.
* gnu/packages/patches/libarchive-CVE-2018-1000877.patch,
gnu/packages/patches/libarchive-CVE-2018-1000878.patch,
gnu/packages/patches/libarchive-CVE-2018-1000880.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
---
 gnu/local.mk | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 6b57f36552..36d0ca541b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -9,7 +9,7 @@
 # Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 # Copyright © 2016, 2017, 2018 Ricardo Wurmus <rekado@elephly.net>
 # Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
-# Copyright © 2016, 2017, 2018 Alex Vong <alexvong1995@gmail.com>
+# Copyright © 2016, 2017, 2018, 2019 Alex Vong <alexvong1995@gmail.com>
 # Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 # Copyright © 2016, 2017 Jan Nieuwenhuizen <janneke@gnu.org>
 # Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -879,6 +879,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/liba52-use-mtune-not-mcpu.patch		\
   %D%/packages/patches/libarchive-CVE-2017-14166.patch		\
   %D%/packages/patches/libarchive-CVE-2017-14502.patch		\
+  %D%/packages/patches/libarchive-CVE-2018-1000877.patch	\
+  %D%/packages/patches/libarchive-CVE-2018-1000878.patch	\
+  %D%/packages/patches/libarchive-CVE-2018-1000880.patch	\
   %D%/packages/patches/libbase-fix-includes.patch		\
   %D%/packages/patches/libbase-use-own-logging.patch		\
   %D%/packages/patches/libbonobo-activation-test-race.patch	\
-- 
cgit v1.2.3