gnu: libxpm: Graft with 3.5.17 [security fixes].

Fixes CVE-2023-43788 and CVE-2023-43789. See the X.Org security advisory <https://lists.x.org/archives/xorg/2023-October/061506.html> for more information. * gnu/packages/xorg.scm (libxpm)[replacement]: New field, set to ... (libxpm/fixed): ... this new variable.
2023-10-04 18:21:45 -04:00 · 2023-10-04 18:21:45 -04:00 · 20df2ee697
commit 20df2ee697
parent b317eb8a9e
1 changed files with 17 additions and 0 deletions
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@ -36,6 +36,7 @@
 ;;; Copyright © 2021 Lu Hui <luhux76@gmail.com>
 ;;; Copyright © 2023 Zheng Junjie <873216071@qq.com>
 ;;; Copyright © 2023 Janneke Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2023 John Kehayias <john.kehayias@protonmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -1432,6 +1433,7 @@ treat it as part of their software base when porting.")
  (package
    (name "libxpm")
    (version "3.5.13")
+    (replacement libxpm/fixed)
    (source
      (origin
        (method url-fetch)
@ -1455,6 +1457,21 @@ treat it as part of their software base when porting.")
    (description "XPM (X Pixmap) image file format library.")
    (license license:x11)))

+(define-public libxpm/fixed
+  (package
+    (inherit libxpm)
+    (version "3.5.17")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append
+               "mirror://xorg/individual/lib/libXpm-"
+               version
+               ".tar.xz"))
+        (sha256
+          (base32
+            "0hvf49qy55gwldpwpw7ihcmn5i2iinpjh2rbha63hzcy060izcv4"))))))
+
 (define-public libxres
  (package
    (name "libxres")