gnu: libvorbis: Fix CVE-2017-{14632,14633}.

[jackhill/guix/guix.git] / gnu / packages / xiph.scm

diff --git a/gnu/packages/xiph.scm b/gnu/packages/xiph.scm
index 9277f57..e9ab06d 100644 (file)
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@@ -79,6 +79,7 @@ periodic timestamps for seeking.")
 (define libvorbis
   (package
    (name "libvorbis")
+   (replacement libvorbis/fixed)
    (version "1.3.5")
    (source (origin
             (method url-fetch)
@@ -102,6 +103,14 @@ polyphonic) audio and music at fixed and variable bitrates from 16 to
                                "See COPYING in the distribution."))
    (home-page "http://xiph.org/vorbis/")))
 
+(define libvorbis/fixed
+  (package
+    (inherit libvorbis)
+    (source (origin
+              (inherit (package-source libvorbis))
+              (patches (search-patches "libvorbis-CVE-2017-14633.patch"
+                                       "libvorbis-CVE-2017-14632.patch"))))))
+
 (define libtheora
   (package
     (name "libtheora")