[PATCH] gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-16612].

Done

Details

3 participants

Leo Famulari
Ludovic Courtès
Marius Bakke

Owner: unassigned

Submitted by: Marius Bakke

Severity: normal

Debbugs page

Marius Bakke wrote on 28 Nov 2017 09:02

Recipients:(address . guix-patches@gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)

Message-ID:20171128170205.30002-1-mbakke@fastmail.com

* gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable.
(libxcursor)[replacement]: New field.
---
 gnu/packages/xorg.scm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

Toggle diff (33 lines)diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 994476ed6..1c1ddd4bf 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5307,6 +5307,7 @@ draggable titlebars and borders.")
   (package
     (name "libxcursor")
     (version "1.1.14")
+    (replacement libxcursor-1.1.15)
     (source
       (origin
         (method url-fetch)
@@ -5339,6 +5340,18 @@ draggable titlebars and borders.")
     (description "Xorg Cursor management library.")
     (license license:x11)))
 
+;; For CVE-2017-16612.
+(define-public libxcursor-1.1.15
+  (package
+    (inherit libxcursor)
+    (version "1.1.15")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://xorg/individual/lib/libXcursor-"
+                                  version ".tar.bz2"))
+              (sha256
+               (base32
+                "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9"))))))
 
 (define-public libxt
   (package
-- 
2.15.0

Leo Famulari wrote on 28 Nov 2017 10:16

Recipients:(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 29487@debbugs.gnu.org)

Message-ID:20171128181642.GC14200@jasmine.lan

On Tue, Nov 28, 2017 at 06:02:05PM +0100, Marius Bakke wrote:

Toggle quote (3 lines)

> * gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable.

> (libxcursor)[replacement]: New field.

LGTM, thanks!

Ludovic Courtès wrote on 30 Nov 2017 06:43

control message for bug #29487

Recipients:(address . control@debbugs.gnu.org)

Message-ID:874lpb4yja.fsf@gnu.org

tags 29487 fixed

close 29487

Your comment

This issue is archived.

To comment on this conversation send an email to 29487@patchwise.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 29487

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date