gnu: binutils: Fix CVE-2021-45078.

This is for the release branch. Should we also use a graft for the master branch? It would be even better if we could add a binutils-next package that users could install, in my opinion. * gnu/packages/patches/binutils-CVE-2021-45078.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/base.scm (binutils)[source]: Use it. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
author: Leo Famulari <leo@famulari.name> 2021-12-24 13:16:54 -0500
committer: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2022-01-10 11:46:57 -0500
commit: 8636d0295557e0052c3195dbf878efcee476cabc (patch)
tree: d1b87212267d631bbc97ebbd733e7c5753d5b7c9 /gnu/packages/base.scm
parent: db912d77a86edd78012bdc92be8fbddb2c1a122b (diff)
download: guix-8636d0295557e0052c3195dbf878efcee476cabc.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 73bdf16ea5..a422d64046 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -521,7 +521,8 @@ change.  GNU make offers many powerful extensions over the standard utility.")
       (sha256
        (base32 "1m3b2rdfv1dmdpd0bzg1hy7i8a2qng53szc6livyi3nh6101mz37"))
       (patches (search-patches "binutils-loongson-workaround.patch"
-                               "binutils-2.37-file-descriptor-leak.patch"))))
+                               "binutils-2.37-file-descriptor-leak.patch"
+                               "binutils-CVE-2021-45078.patch"))))
    (build-system gnu-build-system)
    (arguments
     `(#:out-of-source? #t   ;recommended in the README
author	Leo Famulari <leo@famulari.name>	2021-12-24 13:16:54 -0500
committer	Maxim Cournoyer <maxim.cournoyer@gmail.com>	2022-01-10 11:46:57 -0500
commit	8636d0295557e0052c3195dbf878efcee476cabc (patch)
tree	d1b87212267d631bbc97ebbd733e7c5753d5b7c9 /gnu/packages/base.scm
parent	db912d77a86edd78012bdc92be8fbddb2c1a122b (diff)
download	guix-8636d0295557e0052c3195dbf878efcee476cabc.tar.gz