From d7d85c6412f6c2077ea930c7e525371912100193 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 1 Aug 2020 03:04:38 -0400 Subject: gnu: libx11: Replace with 1.6.10 [fixes CVE-2020-14344]. * gnu/packages/xorg.scm (libx11/fixed): New variable. (libx11)[replacement]: New field. --- gnu/packages/xorg.scm | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'gnu') diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 6783a2a217..b58a5521ca 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014 Andreas Enge -;;; Copyright © 2014, 2015, 2017, 2018 Mark H Weaver +;;; Copyright © 2014, 2015, 2017, 2018, 2020 Mark H Weaver ;;; Copyright © 2014, 2015 Eric Bavier ;;; Copyright © 2015, 2016, 2017, 2018, 2019 Ludovic Courtès ;;; Copyright © 2015 Eric Dvorsak @@ -5492,6 +5492,7 @@ draggable titlebars and borders.") (package (name "libx11") (version "1.6.9") + (replacement libx11/fixed) (source (origin (method url-fetch) @@ -5529,6 +5530,19 @@ draggable titlebars and borders.") (description "Xorg Core X11 protocol client library.") (license license:x11))) +(define libx11/fixed ; Fixes CVE-2020-14344 + (package + (inherit libx11) + (version "1.6.A") + (source + (origin + (method url-fetch) + (uri (string-append + "mirror://xorg/individual/lib/libX11-1.6.10.tar.bz2")) + (sha256 + (base32 + "09k2pqmqbn2m1bpgl7jfxyqxaaxsnzbnp2bp8ycmqldqi5ln4j5g")))))) + ;; packages of height 5 in the propagated-inputs tree (define-public libxcursor -- cgit 1.4.1