gnu: libvorbis: Replace with 1.3.6 [fixes CVE-2018-5146].
* gnu/packages/xiph.scm (libvorbis)[replacement]: New field. (libvorbis-1.3.6): New public variable.
This commit is contained in:
parent
1d97d8ffd8
commit
fe1b04df2f
|
@ -6,7 +6,7 @@
|
||||||
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
|
;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
|
||||||
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
|
;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
|
||||||
;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
|
;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
|
||||||
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
|
;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
|
||||||
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
|
@ -81,6 +81,7 @@ periodic timestamps for seeking.")
|
||||||
(package
|
(package
|
||||||
(name "libvorbis")
|
(name "libvorbis")
|
||||||
(version "1.3.5")
|
(version "1.3.5")
|
||||||
|
(replacement libvorbis-1.3.6)
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "http://downloads.xiph.org/releases/vorbis/"
|
(uri (string-append "http://downloads.xiph.org/releases/vorbis/"
|
||||||
|
@ -105,6 +106,18 @@ polyphonic) audio and music at fixed and variable bitrates from 16 to
|
||||||
"See COPYING in the distribution."))
|
"See COPYING in the distribution."))
|
||||||
(home-page "https://xiph.org/vorbis/")))
|
(home-page "https://xiph.org/vorbis/")))
|
||||||
|
|
||||||
|
;; For CVE-2018-5146.
|
||||||
|
(define-public libvorbis-1.3.6
|
||||||
|
(package/inherit libvorbis
|
||||||
|
(version "1.3.6")
|
||||||
|
(source (origin
|
||||||
|
(method url-fetch)
|
||||||
|
(uri (string-append "http://downloads.xiph.org/releases/vorbis/"
|
||||||
|
"libvorbis-" version ".tar.xz"))
|
||||||
|
(sha256
|
||||||
|
(base32
|
||||||
|
"05dlzjkdpv46zb837wysxqyn8l636x3dw8v8ymlrwz2fg1dbn05g"))))))
|
||||||
|
|
||||||
(define libtheora
|
(define libtheora
|
||||||
(package
|
(package
|
||||||
(name "libtheora")
|
(name "libtheora")
|
||||||
|
|
Loading…
Reference in New Issue