From e3df6938acc2ba2d2f7333d911b8bdc3697f0f75 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sun, 6 Aug 2017 00:01:10 -0400
Subject: gnu: libtasn1: Add replacement to fix CVE-2017-10790.

Based on commit 01a61d7040b1794f36547b107abce6e967d59f21
by Leo Famulari <leo@famulari.name>.

* gnu/packages/patches/libtasn1-CVE-2017-10790.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (libtasn1)[replacement]: New field.
(libtasn1/fixed): New variable.
---
 gnu/packages/tls.scm | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'gnu/packages/tls.scm')

diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 5a94ac6198..7ee341e99b 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
@@ -55,6 +55,7 @@
   (package
     (name "libtasn1")
     (version "4.12")
+    (replacement libtasn1/fixed)
     (source
      (origin
       (method url-fetch)
@@ -74,6 +75,13 @@ networking, allowing for formal validation of data according to some
 specifications.")
     (license license:lgpl2.0+)))
 
+(define libtasn1/fixed
+  (package
+    (inherit libtasn1)
+    (source (origin
+              (inherit (package-source libtasn1))
+              (patches (search-patches "libtasn1-CVE-2017-10790.patch"))))))
+
 (define-public asn1c
   (package
     (name "asn1c")
-- 
cgit v1.2.3