aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/avahi.scm
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2019-10-23 19:43:02 +0200
committerTobias Geerinckx-Rice <me@tobias.gr>2019-10-23 19:58:48 +0200
commit3f4ea9a62b5fa68d57724b2f83c35a191e33b7c8 (patch)
tree89c23778ff146795ad9924e8582622cc2a5f76fe /gnu/packages/avahi.scm
parentdff0eedb04ac7c61fc1e2ddd4cd577f83f5eb89a (diff)
downloadguix-3f4ea9a62b5fa68d57724b2f83c35a191e33b7c8.tar
guix-3f4ea9a62b5fa68d57724b2f83c35a191e33b7c8.tar.gz
gnu: avahi: Fix CVE-2018-1000845 and duplicate CVE-2017-6519.
* gnu/packages/avahi.scm (avahi/fixed): New variable. (avahi)[replacement]: Use it. * gnu/packages/patches/avahi-CVE-2018-1000845.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/avahi.scm')
-rw-r--r--gnu/packages/avahi.scm11
1 files changed, 11 insertions, 0 deletions
diff --git a/gnu/packages/avahi.scm b/gnu/packages/avahi.scm
index e71ffc2982..408be8ed57 100644
--- a/gnu/packages/avahi.scm
+++ b/gnu/packages/avahi.scm
@@ -35,6 +35,7 @@
(package
(name "avahi")
(version "0.7")
+ (replacement avahi/fixed)
(home-page "http://avahi.org")
(source (origin
(method url-fetch)
@@ -74,6 +75,16 @@ network. It is an implementation of the mDNS (for \"Multicast DNS\") and
DNS-SD (for \"DNS-Based Service Discovery\") protocols.")
(license lgpl2.1+)))
+(define avahi/fixed
+ (package/inherit avahi
+ (source (origin
+ (inherit (package-source avahi))
+ (patches
+ (append (search-patches "avahi-CVE-2018-1000845.patch")
+ (origin-patches (package-source avahi))))))
+ ;; Hide a duplicate of the CVE fixed above.
+ (properties `((lint-hidden-cve . ("CVE-2017-6519"))))))
+
(define-public nss-mdns
(package
(name "nss-mdns")