From 1ec0b7407f27a12adc6978d98832c41226465101 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 28 Nov 2017 17:58:21 +0100 Subject: gnu: libxfont@2: Update replacement to 2.0.3 [fixes CVE-2017-16611]. * gnu/packages/xorg.scm (libxfont2/fixed): Rename to ... (libxfont2-2.0.3): ... this. Make public. [version]: New field. [source]: Add URI and SHA256. Remove patches. (libxfont2)[replacement]: Change LIBXFONT2/FIXED to LIBXFONT2-2.0.3. * gnu/packages/patches/libxfont-CVE-2017-13720.patch, gnu/packages/patches/libxfont-CVE-2017-13722.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/packages/xorg.scm | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'gnu/packages/xorg.scm') diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 1c1ddd4bf1..8c32608f8f 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -4892,7 +4892,7 @@ (define-public libxfont2 (package (inherit libxfont) (version "2.0.1") - (replacement libxfont2/fixed) + (replacement libxfont2-2.0.3) (source (origin (method url-fetch) (uri (string-append "mirror://xorg/individual/lib/libXfont2-" @@ -4901,14 +4901,22 @@ (define-public libxfont2 (base32 "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9")))))) -(define libxfont2/fixed +;; Fixes the following security vulnerabilities: +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720 +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722 +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612 +(define-public libxfont2-2.0.3 (package (inherit libxfont2) + (version "2.0.3") (source (origin (inherit (package-source libxfont2)) - (patches (search-patches "libxfont-CVE-2017-13720.patch" - "libxfont-CVE-2017-13722.patch")))))) + (uri (string-append "mirror://xorg/individual/lib/libXfont2-" + version ".tar.bz2")) + (sha256 + (base32 + "0klwmimmhm3axpj8pwn5l41lbggh47r5aazhw63zxkbwfgyvg2hf")))))) (define-public libxi (package -- cgit v1.2.3