From cf1d1f4f79ddf3a75b960ef52116221cc9732600 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 1 Aug 2020 03:16:40 -0400 Subject: gnu: xorg-server: Fix CVE-2020-14347 via graft. * gnu/packages/patches/xorg-server-CVE-2020-14347.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xorg.scm (xorg-server/fixed): New variable. (xorg-server)[replacement]: New field. (xorg-server-wayland): Use package/inherit. --- gnu/packages/xorg.scm | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'gnu/packages/xorg.scm') diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index b58a5521ca..560e6b6a1c 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -5327,6 +5327,7 @@ over Xlib, including: (package (name "xorg-server") (version "1.20.8") + (replacement xorg-server/fixed) (source (origin (method url-fetch) @@ -5450,6 +5451,16 @@ communicates with the user via graphical controls such as buttons and draggable titlebars and borders.") (license license:x11))) +(define xorg-server/fixed ; Fixes CVE-2020-14347 + (package + (inherit xorg-server) + (source + (origin + (inherit (package-source xorg-server)) + (patches + (append (origin-patches (package-source xorg-server)) + (search-patches "xorg-server-CVE-2020-14347.patch"))))))) + ;; This package is intended to be used when building GTK+. ;; Note: It's currently marked as "hidden" to avoid having two non-eq? ;; packages with the same name and version. @@ -5468,8 +5479,7 @@ draggable titlebars and borders.") "18bfl04ihw1jr3h0fs522nnxxq5ixjay77y9dcymnkzk23q8cndx"))))))) (define-public xorg-server-xwayland - (package - (inherit xorg-server) + (package/inherit xorg-server (name "xorg-server-xwayland") (inputs `(("wayland" ,wayland) -- cgit v1.2.3