[PATCH] gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-16612].

DoneSubmitted by Marius Bakke.
Details
3 participants
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Severity
normal
M
M
Marius Bakke wrote on 28 Nov 2017 18:02
(address . guix-patches@gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)
20171128170205.30002-1-mbakke@fastmail.com
* gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable.(libxcursor)[replacement]: New field.--- gnu/packages/xorg.scm | 13 +++++++++++++ 1 file changed, 13 insertions(+)
Toggle diff (33 lines)diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scmindex 994476ed6..1c1ddd4bf 100644--- a/gnu/packages/xorg.scm+++ b/gnu/packages/xorg.scm@@ -5307,6 +5307,7 @@ draggable titlebars and borders.") (package (name "libxcursor") (version "1.1.14")+ (replacement libxcursor-1.1.15) (source (origin (method url-fetch)@@ -5339,6 +5340,18 @@ draggable titlebars and borders.") (description "Xorg Cursor management library.") (license license:x11))) +;; For CVE-2017-16612.+(define-public libxcursor-1.1.15+ (package+ (inherit libxcursor)+ (version "1.1.15")+ (source (origin+ (method url-fetch)+ (uri (string-append "mirror://xorg/individual/lib/libXcursor-"+ version ".tar.bz2"))+ (sha256+ (base32+ "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9")))))) (define-public libxt (package-- 2.15.0
L
L
Leo Famulari wrote on 28 Nov 2017 19:16
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 29487@debbugs.gnu.org)
20171128181642.GC14200@jasmine.lan
On Tue, Nov 28, 2017 at 06:02:05PM +0100, Marius Bakke wrote:
Toggle quote (3 lines)> * gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable.> (libxcursor)[replacement]: New field.
LGTM, thanks!
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlodqAoACgkQJkb6MLrKfwjCWQ//fvZj7MdnvIBFDArXkm+JKbOtFKsIA8e248jomNM+QacILQ9AIxvg0zTiMUwI3rPN9ua/9F/NdRBnMFbbXvb7iS8FTlFqYeIPq8YJ6o6kIrKQU9G8f+XvYDuQ3CyC+MkDPOx5Ecq2YnbYIjzxxltAf3CZ/WGTOQK6oONp1PyB30NwHCjaWpTz7CIicbCEpFODHCcRFdOMmhXs1cPlJWGMLWnYo4ia4NkVfUDDlLrXf4JKNbFkvLx2R38SGnfS21rZbb3RFFpj4KUCTWH/9jZBZMnmkpvFxveQ2YQalA2oykD9AxaddUci4iZ96/z9EOAfXtsTD5IHQ42+WRranQtONLGGwUO84tTU+wAzDRjkZwYTfFPGCpQloNuluxLKmaBfXKr9reNIhkjkq95pm/6XFT2hl0rZmCvN1Wsq6HoZJDNu1tRck8D89HQMlE5J7WMjQ5KwxTtbvXQ1Os2wwFQbxccl4QsLvDELnRijQ0jzh7CSjZIrTCQVNYl4vT+4YGkL3YTH6FVBkQdc0Q/i89aj29g4uPbRjwEwkFo8z7Iqxoybg2HpVNN+wo5zezUJ2I4WRtkO7duMftUtnpFJ8az93/KTPC65JbzAKE+kh1sGe1XABlRWax+uR8uEf4IuY4sPSqzb9eBbw7+nSSEiheqJuybuRudS8QnBs1vzd7EnY7I==rfQF-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 30 Nov 2017 15:43
control message for bug #29487
(address . control@debbugs.gnu.org)
874lpb4yja.fsf@gnu.org
tags 29487 fixedclose 29487
?
Your comment

This issue is archived.

To comment on this conversation send email to 29487@debbugs.gnu.org