summaryrefslogtreecommitdiff
path: root/gnu/packages/compression.scm
diff options
context:
space:
mode:
authorLéo Le Bouter <lle-bout@zaclys.net>2021-03-30 02:10:19 +0200
committerLéo Le Bouter <lle-bout@zaclys.net>2021-03-30 02:21:25 +0200
commit9feef62b73e284e106717a386624d6da90750a3d (patch)
tree48886275eeca43c4dc5f4f53d6ca29a5c0c7745e /gnu/packages/compression.scm
parentaae012e91e66e3edcc486db7bd4939fb34ed3b24 (diff)
gnu: zstd: Downgrade to 1.4.4 and make security graft saner.
* gnu/packages/patches/zstd-CVE-2021-24031_CVE-2021-24032.patch: New patch. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/compression.scm (zstd-1.4.9): Remove. (zstd/fixed): New variable. Apply patch. (zstd)[replacement]: Graft with zstd/fixed.
Diffstat (limited to 'gnu/packages/compression.scm')
-rw-r--r--gnu/packages/compression.scm19
1 files changed, 7 insertions, 12 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index ef73e6038b..5ed4b4ce98 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1409,7 +1409,7 @@ or junctions, and always follows hard links.")
"v" version "/zstd-" version ".tar.gz"))
(sha256
(base32 "05ckxap00qvc0j51d3ci38150cxsw82w7s9zgd5fgzspnzmp1vsr"))))
- (replacement zstd-1.4.9)
+ (replacement zstd/fixed)
(build-system gnu-build-system)
(outputs '("out" ;1.2MiB executables and documentation
"lib" ;1.2MiB shared library and headers
@@ -1469,21 +1469,16 @@ speed.")
license:public-domain ; zlibWrapper/examples/fitblk*
license:zlib)))) ; zlibWrapper/{gz*.c,gzguts.h}
-(define-public zstd-1.4.9
+(define zstd/fixed
(package
(inherit zstd)
- (name "zstd")
- (version "1.4.9")
(source
(origin
- (method url-fetch)
- (uri (string-append "https://github.com/facebook/zstd/releases/download/"
- "v" version "/zstd-" version ".tar.gz"))
- (sha256
- (base32 "14yj7309gsvg39rki4xqnd6w5idmqi0655v1fc0mk1m2kvhp9b19"))))
- (arguments
- (substitute-keyword-arguments (package-arguments zstd)
- ((#:tests? _ #t) #f)))))
+ (inherit (package-source zstd))
+ (patches
+ (search-patches
+ ;; From Ubuntu focal-security
+ "zstd-CVE-2021-24031_CVE-2021-24032.patch"))))))
(define-public pzstd
(package/inherit zstd