From 138c08899ba73049de8afd2b74a8cf6845a1d9e1 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Wed, 10 Jan 2018 01:04:19 -0800
Subject: gnu: libvorbis: Fix CVE-2017-{14632,14633}.

* gnu/packages/patches/libvorbis-CVE-2017-14632.patch,
gnu/packages/patches/libvorbis-CVE-2017-14633.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/xiph.scm (libvorbis)[replacement]: New field.
(libvorbis/fixed): New variable.
---
 gnu/packages/xiph.scm | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'gnu/packages/xiph.scm')

diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index 9277f57ad4..e9ab06de42 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -79,6 +79,7 @@ periodic timestamps for seeking.")
 (define libvorbis
   (package
    (name "libvorbis")
+   (replacement libvorbis/fixed)
    (version "1.3.5")
    (source (origin
             (method url-fetch)
@@ -102,6 +103,14 @@ polyphonic) audio and music at fixed and variable bitrates from 16 to
                                "See COPYING in the distribution."))
    (home-page "http://xiph.org/vorbis/")))
 
+(define libvorbis/fixed
+  (package
+    (inherit libvorbis)
+    (source (origin
+              (inherit (package-source libvorbis))
+              (patches (search-patches "libvorbis-CVE-2017-14633.patch"
+                                       "libvorbis-CVE-2017-14632.patch"))))))
+
 (define libtheora
   (package
     (name "libtheora")
-- 
cgit 1.4.1