aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/xiph.scm
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2018-01-10 01:04:19 -0800
committerLeo Famulari <leo@famulari.name>2018-01-11 14:13:17 -0800
commit138c08899ba73049de8afd2b74a8cf6845a1d9e1 (patch)
tree0e7dd7ca0be3498a7b1b5a9b48f1e2361b0107a2 /gnu/packages/xiph.scm
parentce577655a3829a64014afcd520c8405114443d89 (diff)
downloadguix-138c08899ba73049de8afd2b74a8cf6845a1d9e1.tar
guix-138c08899ba73049de8afd2b74a8cf6845a1d9e1.tar.gz
gnu: libvorbis: Fix CVE-2017-{14632,14633}.
* gnu/packages/patches/libvorbis-CVE-2017-14632.patch, gnu/packages/patches/libvorbis-CVE-2017-14633.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xiph.scm (libvorbis)[replacement]: New field. (libvorbis/fixed): New variable.
Diffstat (limited to 'gnu/packages/xiph.scm')
-rw-r--r--gnu/packages/xiph.scm9
1 files changed, 9 insertions, 0 deletions
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index 9277f57ad4..e9ab06de42 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -79,6 +79,7 @@ periodic timestamps for seeking.")
(define libvorbis
(package
(name "libvorbis")
+ (replacement libvorbis/fixed)
(version "1.3.5")
(source (origin
(method url-fetch)
@@ -102,6 +103,14 @@ polyphonic) audio and music at fixed and variable bitrates from 16 to
"See COPYING in the distribution."))
(home-page "http://xiph.org/vorbis/")))
+(define libvorbis/fixed
+ (package
+ (inherit libvorbis)
+ (source (origin
+ (inherit (package-source libvorbis))
+ (patches (search-patches "libvorbis-CVE-2017-14633.patch"
+ "libvorbis-CVE-2017-14632.patch"))))))
+
(define libtheora
(package
(name "libtheora")