From b8f0a3fdc8e9263a061e4a3ea79c85099b284b15 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sat, 9 Nov 2019 21:03:19 +0200 Subject: gnu: fribidi: Fix CVE-2019-18397. * gnu/packages/fribidi.scm (fribidi): Replace with fribidi/fixed. (fribidi/fixed): New variable. * gnu/packages/patches/fribidi-CVE-2019-18397.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/packages/fribidi.scm | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'gnu/packages/fribidi.scm') diff --git a/gnu/packages/fribidi.scm b/gnu/packages/fribidi.scm index dfd2a77c20..61aa6fd726 100644 --- a/gnu/packages/fribidi.scm +++ b/gnu/packages/fribidi.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Marek Benc -;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016, 2019 Efraim Flashner ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. @@ -22,10 +22,12 @@ #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) - #:use-module (guix licenses)) + #:use-module (guix licenses) + #:use-module (gnu packages)) (define-public fribidi (package + (replacement fribidi/fixed) (name "fribidi") (version "1.0.5") (source @@ -45,3 +47,10 @@ Algorithm. This algorithm is used to properly display text in left-to-right or right-to-left ordering as necessary.") (home-page "https://github.com/fribidi/fribidi") (license lgpl2.1+))) + +(define fribidi/fixed + (package + (inherit fribidi) + (source + (origin (inherit (package-source fribidi)) + (patches (search-patches "fribidi-CVE-2019-18397.patch")))))) -- cgit v1.2.3