From c73a00a3763aef0045dd30c252d93ce4d12e76f8 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Fri, 19 Jan 2018 18:06:08 -0800 Subject: gnu: libsndfile: Fix CVE-2017-12562. * gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field. (libsndfile/fixed): New variable. --- gnu/packages/pulseaudio.scm | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'gnu/packages/pulseaudio.scm') diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm index ba288aa441..39f54437cb 100644 --- a/gnu/packages/pulseaudio.scm +++ b/gnu/packages/pulseaudio.scm @@ -47,6 +47,7 @@ (define-public libsndfile (package (name "libsndfile") + (replacement libsndfile/fixed) (version "1.0.28") (source (origin (method url-fetch) @@ -80,6 +81,15 @@ SPARC. Hopefully the design of the library will also make it easy to extend for reading and writing new sound file formats.") (license l:gpl2+))) +(define libsndfile/fixed + (package + (inherit libsndfile) + (source (origin + (inherit (package-source libsndfile)) + (patches (append + (origin-patches (package-source libsndfile)) + (search-patches "libsndfile-CVE-2017-12562.patch"))))))) + (define-public libsamplerate (package (name "libsamplerate") ; aka. Secret Rabbit Code (SRC) -- cgit v1.2.3