summaryrefslogtreecommitdiff
path: root/gnu/packages/ncurses.scm
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-07-08 11:00:47 -0400
committerLeo Famulari <leo@famulari.name>2017-07-10 13:31:58 -0400
commit625e7cd654418aa8c5af9f49189d67b9d550b8ea (patch)
treee315dc062e1e02dd3361e1d196c199453c34d149 /gnu/packages/ncurses.scm
parentef019092b98e1337acac51525e8e4e092267f69c (diff)
downloadpatches-625e7cd654418aa8c5af9f49189d67b9d550b8ea.tar
patches-625e7cd654418aa8c5af9f49189d67b9d550b8ea.tar.gz
gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685.
* gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ncurses.scm (ncurses)[replacement]: New field. (ncurses/fixed): New variable.
Diffstat (limited to 'gnu/packages/ncurses.scm')
-rw-r--r--gnu/packages/ncurses.scm14
1 files changed, 13 insertions, 1 deletions
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 44a79e7186..0b23baf129 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@@ -37,6 +37,7 @@
(define-public ncurses
(package
(name "ncurses")
+ (replacement ncurses/fixed)
(version "6.0")
(source (origin
(method url-fetch)
@@ -188,6 +189,17 @@ ncursesw library provides wide character support.")
(license x11)
(home-page "https://www.gnu.org/software/ncurses/")))
+(define ncurses/fixed
+ (package
+ (inherit ncurses)
+ (source
+ (origin
+ (inherit (package-source ncurses))
+ (patches
+ (append
+ (origin-patches (package-source ncurses))
+ (search-patches "ncurses-CVE-2017-10684-10685.patch")))))))
+
(define-public dialog
(package
(name "dialog")