From 625e7cd654418aa8c5af9f49189d67b9d550b8ea Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sat, 8 Jul 2017 11:00:47 -0400
Subject: gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685.

* gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ncurses.scm (ncurses)[replacement]: New field.
(ncurses/fixed): New variable.
---
 gnu/packages/ncurses.scm | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'gnu/packages/ncurses.scm')

diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 44a79e7186..0b23baf129 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@@ -37,6 +37,7 @@
 (define-public ncurses
   (package
     (name "ncurses")
+    (replacement ncurses/fixed)
     (version "6.0")
     (source (origin
               (method url-fetch)
@@ -188,6 +189,17 @@ ncursesw library provides wide character support.")
     (license x11)
     (home-page "https://www.gnu.org/software/ncurses/")))
 
+(define ncurses/fixed
+  (package
+    (inherit ncurses)
+    (source
+      (origin
+        (inherit (package-source ncurses))
+        (patches
+          (append
+            (origin-patches (package-source ncurses))
+            (search-patches "ncurses-CVE-2017-10684-10685.patch")))))))
+
 (define-public dialog
   (package
     (name "dialog")
-- 
cgit v1.2.3