summary refs log tree commit diff
path: root/gnu/packages/ncurses.scm
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-07-08 11:00:47 -0400
committerLeo Famulari <leo@famulari.name>2017-07-10 13:31:58 -0400
commit625e7cd654418aa8c5af9f49189d67b9d550b8ea (patch)
treee315dc062e1e02dd3361e1d196c199453c34d149 /gnu/packages/ncurses.scm
parentef019092b98e1337acac51525e8e4e092267f69c (diff)
downloadguix-625e7cd654418aa8c5af9f49189d67b9d550b8ea.tar.gz
gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685.
* gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ncurses.scm (ncurses)[replacement]: New field.
(ncurses/fixed): New variable.
Diffstat (limited to 'gnu/packages/ncurses.scm')
-rw-r--r--gnu/packages/ncurses.scm14
1 files changed, 13 insertions, 1 deletions
diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm
index 44a79e7186..0b23baf129 100644
--- a/gnu/packages/ncurses.scm
+++ b/gnu/packages/ncurses.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@@ -37,6 +37,7 @@
 (define-public ncurses
   (package
     (name "ncurses")
+    (replacement ncurses/fixed)
     (version "6.0")
     (source (origin
               (method url-fetch)
@@ -188,6 +189,17 @@ ncursesw library provides wide character support.")
     (license x11)
     (home-page "https://www.gnu.org/software/ncurses/")))
 
+(define ncurses/fixed
+  (package
+    (inherit ncurses)
+    (source
+      (origin
+        (inherit (package-source ncurses))
+        (patches
+          (append
+            (origin-patches (package-source ncurses))
+            (search-patches "ncurses-CVE-2017-10684-10685.patch")))))))
+
 (define-public dialog
   (package
     (name "dialog")