diff options
| author | Leo Famulari <leo@famulari.name> | 2021-05-12 18:21:19 -0400 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2021-05-15 17:04:01 -0400 |
| commit | 7c4c781aa40c42d4cd10b8d9482199f3db345e1b (patch) | |
| tree | de0274f9c98d755baa0ac48118c5dd5f64065c52 /gnu/packages/graphviz.scm | |
| parent | fd2abc2a51e2cc39ac67dcef1d21a8037147e798 (diff) | |
| download | guix-7c4c781aa40c42d4cd10b8d9482199f3db345e1b.tar.gz | |
gnu: Graphviz: Fix CVE-2020-18032.
* gnu/packages/patches/graphviz-CVE-2020-18032.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/graphviz.scm (graphviz)[replacement]: New field. (graphviz/fixed): New variable.
Diffstat (limited to 'gnu/packages/graphviz.scm')
| -rw-r--r-- | gnu/packages/graphviz.scm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/gnu/packages/graphviz.scm b/gnu/packages/graphviz.scm index eb3fd1d583..72c96655bc 100644 --- a/gnu/packages/graphviz.scm +++ b/gnu/packages/graphviz.scm @@ -62,6 +62,7 @@ (define-public graphviz (package (name "graphviz") + (replacement graphviz/fixed) (version "2.42.3") (source (origin (method url-fetch) @@ -126,6 +127,15 @@ software engineering, database and web design, machine learning, and in visual interfaces for other technical domains.") (license license:epl1.0))) +(define-public graphviz/fixed + (hidden-package + (package + (inherit graphviz) + (source (origin + (inherit (package-source graphviz)) + (patches (append (search-patches "graphviz-CVE-2020-18032.patch") + (origin-patches (package-source graphviz))))))))) + ;; Older Graphviz needed for pygraphviz. See ;; https://github.com/pygraphviz/pygraphviz/issues/175 (define-public graphviz-2.38 |