guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/04: gnu: libsndfile: Replace with 1.0.30 [security fixes].

From: guix-commits
Subject: 01/04: gnu: libsndfile: Replace with 1.0.30 [security fixes].
Date: Sun, 27 Sep 2020 18:51:19 -0400 (EDT) 
mbakke pushed a commit to branch master
in repository guix.

commit 7d366a8387a57badca220eb93a207ad47b719111
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Sun Sep 27 20:18:23 2020 +0200

    gnu: libsndfile: Replace with 1.0.30 [security fixes].
    
    This replacement fixes CVE-2017-17456, CVE-2017-17457, CVE-2018-19661,
    CVE-2018-19662, CVE-2018-19758, and CVE-2019-3832.
    
    * gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
    (libsndfile-1.0.30): New variable.
---
 gnu/packages/pulseaudio.scm | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index 9522d02..d1c188f 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2020 Amin Bandali <bandali@gnu.org>
 ;;; Copyright © 2020 Michael Rohleder <mike@rohleder.de>
 ;;; Copyright © 2020 Pierre Neidhardt <mail@ambrevar.xyz>
+;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -71,6 +72,7 @@
   (package
     (name "libsndfile")
     (version "1.0.28")
+    (replacement libsndfile-1.0.30)
     (source (origin
              (method url-fetch)
              (uri (string-append 
"http://www.mega-nerd.com/libsndfile/files/libsndfile-";
@@ -104,6 +106,41 @@ SPARC.  Hopefully the design of the library will also make 
it easy to extend
 for reading and writing new sound file formats.")
     (license l:gpl2+)))
 
+;; Replacement package to fix multiple security vulnerabilities.
+(define libsndfile-1.0.30
+  (package
+    (inherit libsndfile)
+    (version "1.0.30")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://github.com/erikd/libsndfile";
+                                 "/releases/download/v" version
+                                 "/libsndfile-" version ".tar.bz2"))
+             (sha256
+              (base32
+               "0gsbg8ni496h55mx2p9999fk0xvbsjyz6v678a0l75b5fqs8d2gc"))
+             (modules '((ice-9 textual-ports) (guix build utils)))
+             (snippet
+              '(begin
+                 ;; Remove carriage returns (CRLF) to prevent bogus
+                 ;; errors from bash like "$'\r': command not found".
+                 (let ((data (call-with-input-file
+                                 "tests/pedantic-header-test.sh.in"
+                               (lambda (port)
+                                 (string-join
+                                  (string-split (get-string-all port)
+                                                #\return))))))
+                   (call-with-output-file "tests/pedantic-header-test.sh.in"
+                     (lambda (port) (format port data))))
+
+                 ;; While at it, fix hard coded executable name.
+                 (substitute* "tests/test_wrapper.sh.in"
+                   (("^/usr/bin/env") "env"))
+                 #t))))
+    (native-inputs
+     `(("python" ,python)
+       ,@(package-native-inputs libsndfile)))))
+
 (define-public libsamplerate
   (package
     (name "libsamplerate")                     ; aka. Secret Rabbit Code (SRC)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]