[PATCH] gnu: libxcursor: Replace with 1.1.15 [fixes CVE-2017-16612].

  • Done
  • quality assurance status badge
Details
3 participants
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Submitted by
Marius Bakke
Severity
normal
M
M
Marius Bakke wrote on 28 Nov 2017 18:02
(address . guix-patches@gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)
20171128170205.30002-1-mbakke@fastmail.com
* gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable.
(libxcursor)[replacement]: New field.
---
gnu/packages/xorg.scm | 13 +++++++++++++
1 file changed, 13 insertions(+)

Toggle diff (33 lines)
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 994476ed6..1c1ddd4bf 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -5307,6 +5307,7 @@ draggable titlebars and borders.")
(package
(name "libxcursor")
(version "1.1.14")
+ (replacement libxcursor-1.1.15)
(source
(origin
(method url-fetch)
@@ -5339,6 +5340,18 @@ draggable titlebars and borders.")
(description "Xorg Cursor management library.")
(license license:x11)))
+;; For CVE-2017-16612.
+(define-public libxcursor-1.1.15
+ (package
+ (inherit libxcursor)
+ (version "1.1.15")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://xorg/individual/lib/libXcursor-"
+ version ".tar.bz2"))
+ (sha256
+ (base32
+ "0syzlfvh29037p0vnlc8f3jxz8nl55k65blswsakklkwsc6nfki9"))))))
(define-public libxt
(package
--
2.15.0
L
L
Leo Famulari wrote on 28 Nov 2017 19:16
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 29487@debbugs.gnu.org)
20171128181642.GC14200@jasmine.lan
On Tue, Nov 28, 2017 at 06:02:05PM +0100, Marius Bakke wrote:
Toggle quote (3 lines)
> * gnu/packages/xorg.scm (libxcursor-1.1.15): New public variable.
> (libxcursor)[replacement]: New field.

LGTM, thanks!
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlodqAoACgkQJkb6MLrK
fwjCWQ//fvZj7MdnvIBFDArXkm+JKbOtFKsIA8e248jomNM+QacILQ9AIxvg0zTi
MUwI3rPN9ua/9F/NdRBnMFbbXvb7iS8FTlFqYeIPq8YJ6o6kIrKQU9G8f+XvYDuQ
3CyC+MkDPOx5Ecq2YnbYIjzxxltAf3CZ/WGTOQK6oONp1PyB30NwHCjaWpTz7CIi
cbCEpFODHCcRFdOMmhXs1cPlJWGMLWnYo4ia4NkVfUDDlLrXf4JKNbFkvLx2R38S
GnfS21rZbb3RFFpj4KUCTWH/9jZBZMnmkpvFxveQ2YQalA2oykD9AxaddUci4iZ9
6/z9EOAfXtsTD5IHQ42+WRranQtONLGGwUO84tTU+wAzDRjkZwYTfFPGCpQloNul
uxLKmaBfXKr9reNIhkjkq95pm/6XFT2hl0rZmCvN1Wsq6HoZJDNu1tRck8D89HQM
lE5J7WMjQ5KwxTtbvXQ1Os2wwFQbxccl4QsLvDELnRijQ0jzh7CSjZIrTCQVNYl4
vT+4YGkL3YTH6FVBkQdc0Q/i89aj29g4uPbRjwEwkFo8z7Iqxoybg2HpVNN+wo5z
ezUJ2I4WRtkO7duMftUtnpFJ8az93/KTPC65JbzAKE+kh1sGe1XABlRWax+uR8uE
f4IuY4sPSqzb9eBbw7+nSSEiheqJuybuRudS8QnBs1vzd7EnY7I=
=rfQF
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 30 Nov 2017 15:43
control message for bug #29487
(address . control@debbugs.gnu.org)
874lpb4yja.fsf@gnu.org
tags 29487 fixed
close 29487
?
Your comment

This issue is archived.

To comment on this conversation send an email to 29487@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 29487
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch