gnu: libvorbis: Fix CVE-2017-{14632,14633}.

* gnu/packages/patches/libvorbis-CVE-2017-14632.patch, gnu/packages/patches/libvorbis-CVE-2017-14633.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/xiph.scm (libvorbis)[replacement]: New field. (libvorbis/fixed): New variable.
author: Leo Famulari <leo@famulari.name> 2018-01-10 01:04:19 -0800
committer: Leo Famulari <leo@famulari.name> 2018-01-11 14:13:17 -0800
commit: 138c08899ba73049de8afd2b74a8cf6845a1d9e1 (patch)
tree: 0e7dd7ca0be3498a7b1b5a9b48f1e2361b0107a2 /gnu/packages/xiph.scm
parent: ce577655a3829a64014afcd520c8405114443d89 (diff)
download: guix-138c08899ba73049de8afd2b74a8cf6845a1d9e1.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index 9277f57ad4..e9ab06de42 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -79,6 +79,7 @@ periodic timestamps for seeking.")
 (define libvorbis
   (package
    (name "libvorbis")
+   (replacement libvorbis/fixed)
    (version "1.3.5")
    (source (origin
             (method url-fetch)
@@ -102,6 +103,14 @@ polyphonic) audio and music at fixed and variable bitrates from 16 to
                                "See COPYING in the distribution."))
    (home-page "http://xiph.org/vorbis/")))
 
+(define libvorbis/fixed
+  (package
+    (inherit libvorbis)
+    (source (origin
+              (inherit (package-source libvorbis))
+              (patches (search-patches "libvorbis-CVE-2017-14633.patch"
+                                       "libvorbis-CVE-2017-14632.patch"))))))
+
 (define libtheora
   (package
     (name "libtheora")
author	Leo Famulari <leo@famulari.name>	2018-01-10 01:04:19 -0800
committer	Leo Famulari <leo@famulari.name>	2018-01-11 14:13:17 -0800
commit	138c08899ba73049de8afd2b74a8cf6845a1d9e1 (patch)
tree	0e7dd7ca0be3498a7b1b5a9b48f1e2361b0107a2 /gnu/packages/xiph.scm
parent	ce577655a3829a64014afcd520c8405114443d89 (diff)
download	guix-138c08899ba73049de8afd2b74a8cf6845a1d9e1.tar.gz