gnu: flac: Fix CVE-2017-6888.

* gnu/packages/xiph.scm (flac)[replacement]: New field.
(flac/fixed): New variable.
* gnu/packages/patches/flac-CVE-2017-6888.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.

1 files changed, 10 insertions, 1 deletions

diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index 43b0d2723a..49d23bf6d5 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -5,7 +5,7 @@
 ;;; Copyright © 2014 Sree Harsha Totakura <sreeharsha@totakura.in>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
-;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Leo Famulari <leo@famulari.name>
@@ -235,6 +235,7 @@ It currently supports:
 (define flac
   (package
    (name "flac")
+   (replacement flac/fixed)
    (version "1.3.2")
    (source (origin
             (method url-fetch)
@@ -256,6 +257,14 @@ meaning that audio is compressed in FLAC without any loss in quality.")
                                "See COPYING in the distribution.")) ; and LGPL and GPL
    (home-page "https://xiph.org/flac/")))
 
+(define flac/fixed
+  (package
+    (inherit flac)
+    (source
+      (origin
+        (inherit (package-source flac))
+        (patches (search-patches "flac-CVE-2017-6888.patch"))))))
+
 (define libkate
   (package
    (name "libkate")