diff options
author | Marius Bakke <mbakke@fastmail.com> | 2018-03-16 19:27:43 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-03-16 19:28:57 +0100 |
commit | fe1b04df2f9dc2eb35b2bd70dd0651553384f97c (patch) | |
tree | 8ccfe2ae4b86c7b5dd7d75d9f41d0830be1f0220 | |
parent | 1d97d8ffd8531696b1a651419aa9e106b09bb615 (diff) | |
download | guix-fe1b04df2f9dc2eb35b2bd70dd0651553384f97c.tar.gz |
gnu: libvorbis: Replace with 1.3.6 [fixes CVE-2018-5146].
* gnu/packages/xiph.scm (libvorbis)[replacement]: New field. (libvorbis-1.3.6): New public variable.
-rw-r--r-- | gnu/packages/xiph.scm | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm index a8e7833990..2e922d2a95 100644 --- a/gnu/packages/xiph.scm +++ b/gnu/packages/xiph.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org> ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il> -;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr> ;;; ;;; This file is part of GNU Guix. @@ -81,6 +81,7 @@ periodic timestamps for seeking.") (package (name "libvorbis") (version "1.3.5") + (replacement libvorbis-1.3.6) (source (origin (method url-fetch) (uri (string-append "http://downloads.xiph.org/releases/vorbis/" @@ -105,6 +106,18 @@ polyphonic) audio and music at fixed and variable bitrates from 16 to "See COPYING in the distribution.")) (home-page "https://xiph.org/vorbis/"))) +;; For CVE-2018-5146. +(define-public libvorbis-1.3.6 + (package/inherit libvorbis + (version "1.3.6") + (source (origin + (method url-fetch) + (uri (string-append "http://downloads.xiph.org/releases/vorbis/" + "libvorbis-" version ".tar.xz")) + (sha256 + (base32 + "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g")))))) + (define libtheora (package (name "libtheora") |