guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: ruby-minitar: Update to 0.5.4-1.e25205ec.

From: Ben Woodcroft
Subject: 01/01: gnu: ruby-minitar: Update to 0.5.4-1.e25205ec.
Date: Wed, 25 Jan 2017 22:19:32 +0000 (UTC) 
benwoodcroft pushed a commit to branch master
in repository guix.

commit bfaf8efd74e88d99f743845357e3f1ff191e23c2
Author: Ben Woodcroft <address@hidden>
Date:   Thu Jan 26 08:11:17 2017 +1000

    gnu: ruby-minitar: Update to 0.5.4-1.e25205ec.
    
    Fixes the security-related issue reported at
    http://seclists.org/oss-sec/2017/q1/178.
    
    * gnu/packages/ruby.scm (ruby-minitar): Update to 0.5.4-1.e25205ec.
    [source]: Use GitHub URL.
---
 gnu/packages/ruby.scm |   42 ++++++++++++++++++++++++------------------
 1 file changed, 24 insertions(+), 18 deletions(-)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 0f1ecd2..819e8e5 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -1859,25 +1859,31 @@ generation of complex SQL queries and is compatible 
with various RDBMSes.")
     (license license:expat)))
 
 (define-public ruby-minitar
-  (package
-    (name "ruby-minitar")
-    (version "0.5.4")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (rubygems-uri "minitar" version))
-       (sha256
-        (base32
-         "1vpdjfmdq1yc4i620frfp9af02ia435dnpj8ybsd7dc3rypkvbka"))))
-    (build-system ruby-build-system)
-    (arguments
-     '(#:tests? #f)) ; missing a gemspec
-    (synopsis "Ruby library and utility for handling tar archives")
-    (description
-     "Archive::Tar::Minitar is a pure-Ruby library and command-line utility
+  ;; We package from the GitHub source to fix the security issue reported at
+  ;; https://github.com/halostatue/minitar/issues/16.
+  (let ((commit "e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4"))
+    (package
+      (name "ruby-minitar")
+      (version (string-append "0.5.4-1." (string-take commit 8)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/halostatue/minitar.git";)
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1iywfx07jgjqcmixzkxk9zdwfmij1fyg1z2jlwzj15cj7s99qlfv"))))
+      (build-system ruby-build-system)
+      (arguments
+       '(#:tests? #f)) ; missing a gemspec
+      (synopsis "Ruby library and utility for handling tar archives")
+      (description
+       "Archive::Tar::Minitar is a pure-Ruby library and command-line utility
 that provides the ability to deal with POSIX tar archive files.")
-    (home-page "http://www.github.com/atoulme/minitar";)
-    (license (list license:gpl2+ license:ruby))))
+      (home-page "http://www.github.com/atoulme/minitar";)
+      (license (list license:gpl2+ license:ruby)))))
 
 (define-public ruby-mini-portile
   (package
reply via email to
[Prev in Thread] Current Thread [Next in Thread]