summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
authorJohn Kehayias <john.kehayias@protonmail.com>2023-10-04 18:21:45 -0400
committerJohn Kehayias <john.kehayias@protonmail.com>2023-10-04 18:46:22 -0400
commit20df2ee697bb5057a476a926a363d71cc8944c84 (patch)
tree591fa49d6e9a82b8f66566e99acda95164fd196a /gnu
parentb317eb8a9ee1a56e00313d1163ace42d92ca9407 (diff)
downloadguix-20df2ee697bb5057a476a926a363d71cc8944c84.tar.gz
gnu: libxpm: Graft with 3.5.17 [security fixes].
Fixes CVE-2023-43788 and CVE-2023-43789.  See the X.Org security advisory
<https://lists.x.org/archives/xorg/2023-October/061506.html> for more
information.

* gnu/packages/xorg.scm (libxpm)[replacement]: New field, set to ...
(libxpm/fixed): ... this new variable.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/xorg.scm17
1 files changed, 17 insertions, 0 deletions
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 519b2ae37b..4b3c96794d 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -36,6 +36,7 @@
 ;;; Copyright © 2021 Lu Hui <luhux76@gmail.com>
 ;;; Copyright © 2023 Zheng Junjie <873216071@qq.com>
 ;;; Copyright © 2023 Janneke Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1432,6 +1433,7 @@ treat it as part of their software base when porting.")
   (package
     (name "libxpm")
     (version "3.5.13")
+    (replacement libxpm/fixed)
     (source
       (origin
         (method url-fetch)
@@ -1455,6 +1457,21 @@ treat it as part of their software base when porting.")
     (description "XPM (X Pixmap) image file format library.")
     (license license:x11)))
 
+(define-public libxpm/fixed
+  (package
+    (inherit libxpm)
+    (version "3.5.17")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append
+               "mirror://xorg/individual/lib/libXpm-"
+               version
+               ".tar.xz"))
+        (sha256
+          (base32
+            "0hvf49qy55gwldpwpw7ihcmn5i2iinpjh2rbha63hzcy060izcv4"))))))
+
 (define-public libxres
   (package
     (name "libxres")