From 625e7cd654418aa8c5af9f49189d67b9d550b8ea Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 8 Jul 2017 11:00:47 -0400 Subject: gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685. * gnu/packages/patches/ncurses-CVE-2017-10684-10685.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/ncurses.scm (ncurses)[replacement]: New field. (ncurses/fixed): New variable. --- gnu/packages/ncurses.scm | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'gnu/packages/ncurses.scm') diff --git a/gnu/packages/ncurses.scm b/gnu/packages/ncurses.scm index 44a79e7186..0b23baf129 100644 --- a/gnu/packages/ncurses.scm +++ b/gnu/packages/ncurses.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès ;;; Copyright © 2014, 2016 Mark H Weaver -;;; Copyright © 2015 Leo Famulari +;;; Copyright © 2015, 2017 Leo Famulari ;;; Copyright © 2016 ng0 ;;; Copyright © 2016 Efraim Flashner ;;; Copyright © 2016 Jan Nieuwenhuizen @@ -37,6 +37,7 @@ (define-public ncurses (package (name "ncurses") + (replacement ncurses/fixed) (version "6.0") (source (origin (method url-fetch) @@ -188,6 +189,17 @@ ncursesw library provides wide character support.") (license x11) (home-page "https://www.gnu.org/software/ncurses/"))) +(define ncurses/fixed + (package + (inherit ncurses) + (source + (origin + (inherit (package-source ncurses)) + (patches + (append + (origin-patches (package-source ncurses)) + (search-patches "ncurses-CVE-2017-10684-10685.patch"))))))) + (define-public dialog (package (name "dialog") -- cgit 1.4.1