aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2020-09-27 20:18:23 +0200
committerMarius Bakke <marius@gnu.org>2020-09-28 00:46:21 +0200
commit7d366a8387a57badca220eb93a207ad47b719111 (patch)
treeae40b8a8bc8a9d84441b431f69266071e6bbf742
parent6f04c0b70290c97f2519d7276f5babf407df80e5 (diff)
downloadguix-7d366a8387a57badca220eb93a207ad47b719111.tar.gz
guix-7d366a8387a57badca220eb93a207ad47b719111.zip
gnu: libsndfile: Replace with 1.0.30 [security fixes].
This replacement fixes CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662, CVE-2018-19758, and CVE-2019-3832. * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field. (libsndfile-1.0.30): New variable.
-rw-r--r--gnu/packages/pulseaudio.scm37
1 files changed, 37 insertions, 0 deletions
diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index 9522d023ad..d1c188fdfd 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -13,6 +13,7 @@
;;; Copyright © 2020 Amin Bandali <bandali@gnu.org>
;;; Copyright © 2020 Michael Rohleder <mike@rohleder.de>
;;; Copyright © 2020 Pierre Neidhardt <mail@ambrevar.xyz>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -71,6 +72,7 @@
(package
(name "libsndfile")
(version "1.0.28")
+ (replacement libsndfile-1.0.30)
(source (origin
(method url-fetch)
(uri (string-append "http://www.mega-nerd.com/libsndfile/files/libsndfile-"
@@ -104,6 +106,41 @@ SPARC. Hopefully the design of the library will also make it easy to extend
for reading and writing new sound file formats.")
(license l:gpl2+)))
+;; Replacement package to fix multiple security vulnerabilities.
+(define libsndfile-1.0.30
+ (package
+ (inherit libsndfile)
+ (version "1.0.30")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://github.com/erikd/libsndfile"
+ "/releases/download/v" version
+ "/libsndfile-" version ".tar.bz2"))
+ (sha256
+ (base32
+ "0gsbg8ni496h55mx2p9999fk0xvbsjyz6v678a0l75b5fqs8d2gc"))
+ (modules '((ice-9 textual-ports) (guix build utils)))
+ (snippet
+ '(begin
+ ;; Remove carriage returns (CRLF) to prevent bogus
+ ;; errors from bash like "$'\r': command not found".
+ (let ((data (call-with-input-file
+ "tests/pedantic-header-test.sh.in"
+ (lambda (port)
+ (string-join
+ (string-split (get-string-all port)
+ #\return))))))
+ (call-with-output-file "tests/pedantic-header-test.sh.in"
+ (lambda (port) (format port data))))
+
+ ;; While at it, fix hard coded executable name.
+ (substitute* "tests/test_wrapper.sh.in"
+ (("^/usr/bin/env") "env"))
+ #t))))
+ (native-inputs
+ `(("python" ,python)
+ ,@(package-native-inputs libsndfile)))))
+
(define-public libsamplerate
(package
(name "libsamplerate") ; aka. Secret Rabbit Code (SRC)