gnu: libxfont@2: Update replacement to 2.0.3 [fixes CVE-2017-16611].

* gnu/packages/xorg.scm (libxfont2/fixed): Rename to ...
(libxfont2-2.0.3): ... this.  Make public.
[version]: New field.
[source]: Add URI and SHA256.  Remove patches.
(libxfont2)[replacement]: Change LIBXFONT2/FIXED to LIBXFONT2-2.0.3.
* gnu/packages/patches/libxfont-CVE-2017-13720.patch,
gnu/packages/patches/libxfont-CVE-2017-13722.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.

1 files changed, 12 insertions, 4 deletions

diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 1c1ddd4bf1..8c32608f8f 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -4892,7 +4892,7 @@ new API's in libXft, or the legacy API's in libX11.")
   (package
     (inherit libxfont)
     (version "2.0.1")
-    (replacement libxfont2/fixed)
+    (replacement libxfont2-2.0.3)
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
@@ -4901,14 +4901,22 @@ new API's in libXft, or the legacy API's in libX11.")
                (base32
                 "0znvwk36nhmyqpmhbm9mzisgixp1mp5qkfald8x1n5yxbm3vpyz9"))))))
 
-(define libxfont2/fixed
+;; Fixes the following security vulnerabilities:
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13720
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13722
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612
+(define-public libxfont2-2.0.3
   (package
     (inherit libxfont2)
+    (version "2.0.3")
     (source
      (origin
        (inherit (package-source libxfont2))
-       (patches (search-patches "libxfont-CVE-2017-13720.patch"
-                                "libxfont-CVE-2017-13722.patch"))))))
+       (uri (string-append "mirror://xorg/individual/lib/libXfont2-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32
+         "0klwmimmhm3axpj8pwn5l41lbggh47r5aazhw63zxkbwfgyvg2hf"))))))
 
 (define-public libxi
   (package