gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685.

* gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ncurses.scm (ncurses)[replacement]: New field.
(ncurses/fixed): New variable.

1 files changed, 13 insertions, 1 deletions

diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 44a79e7186..0b23baf129 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@@ -37,6 +37,7 @@
 (define-public ncurses
   (package
     (name "ncurses")
+    (replacement ncurses/fixed)
     (version "6.0")
     (source (origin
               (method url-fetch)
@@ -188,6 +189,17 @@ ncursesw library provides wide character support.")
     (license x11)
     (home-page "https://www.gnu.org/software/ncurses/")))
 
+(define ncurses/fixed
+  (package
+    (inherit ncurses)
+    (source
+      (origin
+        (inherit (package-source ncurses))
+        (patches
+          (append
+            (origin-patches (package-source ncurses))
+            (search-patches "ncurses-CVE-2017-10684-10685.patch")))))))
+
 (define-public dialog
   (package
     (name "dialog")