gnu: libxfont: Fix CVE-2017-13720, CVE-2017-13722.

* gnu/packages/patches/libxfont-CVE-2017-13720.patch,
  gnu/packages/patches/libxfont-CVE-2017-13722.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.
* gnu/packages/xorg.scm (libxfont, libxfont2)[source]: Use them.

1 files changed, 4 insertions, 0 deletions

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index c2023dead2..7511c53266 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4862,6 +4862,8 @@ an X Window System display.")
                "mirror://xorg/individual/lib/libXfont-"
                version
                ".tar.bz2"))
+        (patches (search-patches "libxfont-CVE-2017-13720.patch"
+                                 "libxfont-CVE-2017-13722.patch"))
         (sha256
           (base32
             "0w8d07bkmjiarkx09579bl8zsq903mn8javc7qpi0ix4ink5x502"))))
@@ -4895,6 +4897,8 @@ new API's in libXft, or the legacy API's in libX11.")
               (method url-fetch)
               (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
                                   version ".tar.bz2"))
+              (patches (search-patches "libxfont-CVE-2017-13720.patch"
+                                       "libxfont-CVE-2017-13722.patch"))
               (sha256
                (base32
                 "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9"))))))