From 97ecd75e289d96a8b4f9b1ae877d9d1a2f6774b4 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Tue, 10 Oct 2017 19:34:02 +0200
Subject: gnu: libxfont: Fix CVE-2017-13720, CVE-2017-13722.

* gnu/packages/patches/libxfont-CVE-2017-13720.patch,
  gnu/packages/patches/libxfont-CVE-2017-13722.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.
* gnu/packages/xorg.scm (libxfont, libxfont2)[source]: Use them.
---
 gnu/packages/xorg.scm | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'gnu/packages/xorg.scm')

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index c2023dead2..7511c53266 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4862,6 +4862,8 @@ an X Window System display.")
                "mirror://xorg/individual/lib/libXfont-"
                version
                ".tar.bz2"))
+        (patches (search-patches "libxfont-CVE-2017-13720.patch"
+                                 "libxfont-CVE-2017-13722.patch"))
         (sha256
           (base32
             "0w8d07bkmjiarkx09579bl8zsq903mn8javc7qpi0ix4ink5x502"))))
@@ -4895,6 +4897,8 @@ new API's in libXft, or the legacy API's in libX11.")
               (method url-fetch)
               (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
                                   version ".tar.bz2"))
+              (patches (search-patches "libxfont-CVE-2017-13720.patch"
+                                       "libxfont-CVE-2017-13722.patch"))
               (sha256
                (base32
                 "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9"))))))
-- 
cgit v1.2.3