gnu: freetype: Replace with 2.10.4 [fixes CVE-2020-15999].

* gnu/packages/fontutils.scm (freetype)[replacement]: New field, set to...
(freetype/fixed): ...this new variable.

1 files changed, 15 insertions, 1 deletions

diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index b3852fe093..eec5093dea 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -6,7 +6,7 @@
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Nikita <nikita@n0.is>
-;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2018, 2019 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2019, 2020 Marius Bakke <mbakke@fastmail.com>
@@ -69,6 +69,7 @@
   (package
    (name "freetype")
    (version "2.10.1")
+   (replacement freetype/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://savannah/freetype/freetype-"
@@ -97,6 +98,19 @@ anti-aliased glyph bitmap generation with 256 gray levels.")
    (license license:freetype)           ; some files have other licenses
    (home-page "https://www.freetype.org/")))
 
+(define freetype/fixed
+  ;; Security fix for CVE-2020-15999.
+  (package
+    (inherit freetype)
+    (version "2.10.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://savannah/freetype/freetype-"
+                           version ".tar.xz"))
+       (sha256
+        (base32 "112pyy215chg7f7fmp2l9374chhhpihbh8wgpj5nj6avj3c59a46"))))))
+
 (define-public ttfautohint
   (package
     (name "ttfautohint")