From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([209.51.188.92]:43665)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ggRCW-0000TN-A2
	for guix-patches@gnu.org; Mon, 07 Jan 2019 04:28:05 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ggRCV-0006wg-Iw
	for guix-patches@gnu.org; Mon, 07 Jan 2019 04:28:04 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:48355)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1ggRCU-0006py-H9
	for guix-patches@gnu.org; Mon, 07 Jan 2019 04:28:03 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1ggRCT-0002Ny-Vt
	for guix-patches@gnu.org; Mon, 07 Jan 2019 04:28:02 -0500
Subject: [bug#33988] [PATCH] gnu: libarchive: Replace with libarchive 3.3.3
	and fix CVE-2018-{1000877, 1000878, 1000880}.
Resent-Message-ID: <handler.33988.B33988.15468532719150@debbugs.gnu.org>
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
References: <87pntbw120.fsf@gmail.com>
Date: Mon, 07 Jan 2019 10:27:44 +0100
In-Reply-To: <87pntbw120.fsf@gmail.com> (Alex Vong's message of "Sat, 05 Jan
	2019 23:56:23 +0800")
Message-ID: <8736q4g6lr.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Alex Vong <alexvong1995@gmail.com>
Cc: 33988@debbugs.gnu.org, guix-security@gnu.org

Hi Alex,

Alex Vong <alexvong1995@gmail.com> skribis:

> From c8f1c64de45c7a1fefed69d902164f3577aac817 Mon Sep 17 00:00:00 2001
> From: Alex Vong <alexvong1995@gmail.com>
> Date: Sat, 5 Jan 2019 23:20:41 +0800
> Subject: [PATCH] gnu: libarchive: Replace with libarchive 3.3.3 and fix
>  CVE-2018-{1000877,1000878,1000880}.
>
> * gnu/packages/backup.scm (libarchive)[source, home-page]: Use HTTPS.
> [replacement]: New field.
> (libarchive-3.3.3): New variable.
> * gnu/packages/patches/libarchive-CVE-2018-1000877.patch,
> gnu/packages/patches/libarchive-CVE-2018-1000878.patch,
> gnu/packages/patches/libarchive-CVE-2018-1000880.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.

LGTM, thank you!

Ludo=E2=80=99.