Patchwork libidn security update patch

login
register
mail settings
Submitter Leo Famulari
Date Sept. 2, 2016, 6:41 a.m.
Message ID <20160902064136.GA14384@jasmine>
Download mbox | patch
Permalink /patch/15174/
State New
Headers show

Comments

Leo Famulari - Sept. 2, 2016, 6:41 a.m.
... and the patch.
From 217f444aa56ec292ddfaacfabcbb6ddea8d1f262 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 2 Sep 2016 02:11:49 -0400
Subject: [PATCH] gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and
 CVE-2016-{6261,6263}].

* gnu/packages/libidn.scm (libidn)[replacement]: New field.
(libidn-1.33): New variable.
---
 gnu/packages/libidn.scm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
Ludovic Courtès - Sept. 2, 2016, 12:47 p.m.
Leo Famulari <leo@famulari.name> skribis:

> From 217f444aa56ec292ddfaacfabcbb6ddea8d1f262 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Fri, 2 Sep 2016 02:11:49 -0400
> Subject: [PATCH] gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and
>  CVE-2016-{6261,6263}].
>
> * gnu/packages/libidn.scm (libidn)[replacement]: New field.
> (libidn-1.33): New variable.

Perfect, thank you!

Ludo’.
Leo Famulari - Sept. 2, 2016, 1:56 p.m.
On Fri, Sep 02, 2016 at 02:47:35PM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > From 217f444aa56ec292ddfaacfabcbb6ddea8d1f262 Mon Sep 17 00:00:00 2001
> > From: Leo Famulari <leo@famulari.name>
> > Date: Fri, 2 Sep 2016 02:11:49 -0400
> > Subject: [PATCH] gnu: libidn: Replace with 1.33 [fixes CVE-2015-8948 and
> >  CVE-2016-{6261,6263}].
> >
> > * gnu/packages/libidn.scm (libidn)[replacement]: New field.
> > (libidn-1.33): New variable.
> 
> Perfect, thank you!

Pushed as d058708e8, with a follow-up on core-updates to ensure the
conflict is resolved properly.

Patch

diff --git a/gnu/packages/libidn.scm b/gnu/packages/libidn.scm
index 053565c..432c1fe 100644
--- a/gnu/packages/libidn.scm
+++ b/gnu/packages/libidn.scm
@@ -27,6 +27,7 @@ 
 (define-public libidn
   (package
    (name "libidn")
+   (replacement libidn-1.33)
    (version "1.32")
    (source (origin
             (method url-fetch)
@@ -45,3 +46,16 @@  names.  It includes native C, C# and Java libraries.")
    ;; the command line tool is gpl3+.
    (license (list gpl2+ gpl3+ lgpl3+ fdl1.3+))
    (home-page "http://www.gnu.org/software/libidn/")))
+
+(define libidn-1.33
+  (package
+    (inherit libidn)
+    (source
+      (let ((version "1.33"))
+        (origin
+          (method url-fetch)
+          (uri (string-append "mirror://gnu/libidn/libidn-" version
+                              ".tar.gz"))
+          (sha256
+           (base32
+            "068fjg2arlppjqqpzd714n1lf6gxkpac9v5yyvp1qwmv6nvam9s4")))))))