From 4fc61dac3ce201c72b312a6cfed5b3d4b96850f7 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Tue, 28 Nov 2017 17:51:05 +0100
Subject: gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-16612].

* gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable.
(libxcursor)[replacement]: New field.
---
 gnu/packages/xorg.scm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'gnu/packages/xorg.scm')

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 994476ed63..1c1ddd4bf1 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5307,6 +5307,7 @@ draggable titlebars and borders.")
   (package
     (name "libxcursor")
     (version "1.1.14")
+    (replacement libxcursor-1.1.15)
     (source
       (origin
         (method url-fetch)
@@ -5339,6 +5340,18 @@ draggable titlebars and borders.")
     (description "Xorg Cursor management library.")
     (license license:x11)))
 
+;; For CVE-2017-16612.
+(define-public libxcursor-1.1.15
+  (package
+    (inherit libxcursor)
+    (version "1.1.15")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://xorg/individual/lib/libXcursor-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9"))))))
 
 (define-public libxt
   (package
-- 
cgit v1.2.3