[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: gnu: libvorbis: Replace with 1.3.6 [fixes CVE-2018-5146].
|
From: |
Marius Bakke |
|
Subject: |
01/01: gnu: libvorbis: Replace with 1.3.6 [fixes CVE-2018-5146]. |
|
Date: |
Fri, 16 Mar 2018 14:35:59 -0400 (EDT) |
mbakke pushed a commit to branch master
in repository guix.
commit fe1b04df2f9dc2eb35b2bd70dd0651553384f97c
Author: Marius Bakke <address@hidden>
Date: Fri Mar 16 19:27:43 2018 +0100
gnu: libvorbis: Replace with 1.3.6 [fixes CVE-2018-5146].
* gnu/packages/xiph.scm (libvorbis)[replacement]: New field.
(libvorbis-1.3.6): New public variable.
---
gnu/packages/xiph.scm | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index a8e7833..2e922d2 100644
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -6,7 +6,7 @@
;;; Copyright © 2014 Mark H Weaver <address@hidden>
;;; Copyright © 2015 Paul van der Walt <address@hidden>
;;; Copyright © 2015, 2016, 2017 Efraim Flashner <address@hidden>
-;;; Copyright © 2017 Marius Bakke <address@hidden>
+;;; Copyright © 2017, 2018 Marius Bakke <address@hidden>
;;; Copyright © 2018 Tobias Geerinckx-Rice <address@hidden>
;;;
;;; This file is part of GNU Guix.
@@ -81,6 +81,7 @@ periodic timestamps for seeking.")
(package
(name "libvorbis")
(version "1.3.5")
+ (replacement libvorbis-1.3.6)
(source (origin
(method url-fetch)
(uri (string-append "http://downloads.xiph.org/releases/vorbis/";
@@ -105,6 +106,18 @@ polyphonic) audio and music at fixed and variable bitrates
from 16 to
"See COPYING in the distribution."))
(home-page "https://xiph.org/vorbis/";)))
+;; For CVE-2018-5146.
+(define-public libvorbis-1.3.6
+ (package/inherit libvorbis
+ (version "1.3.6")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "http://downloads.xiph.org/releases/vorbis/";
+ "libvorbis-" version ".tar.xz"))
+ (sha256
+ (base32
+ "05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g"))))))
+
(define libtheora
(package
(name "libtheora")