gnu: cairo: Fix CVE-2016-9082.

* gnu/packages/gtk.scm (cairo)[replacement]: New field.
(cairo/fixed): New variable.
(cairo-xcb)[source]: Use patch.
[replacement]: New field, set false.
* gnu/packages/pdf.scm (poppler)[inputs]: Custom cairo should be
replaced by a new custom patched cairo.
* gnu/packages/patches/cairo-CVE-2016-9082.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.

1 files changed, 12 insertions, 0 deletions

diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 17bd9c9b00..8a258b54cc 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -100,6 +100,7 @@ tools have full access to view and control running applications.")
 (define-public cairo
   (package
    (name "cairo")
+   (replacement cairo/fixed)
    (version "1.14.6")
    (source (origin
             (method url-fetch)
@@ -153,6 +154,10 @@ affine transformation (scale, rotation, shear, etc.).")
   (package
     (inherit cairo)
     (name "cairo-xcb")
+    (source (origin
+              (inherit (package-source cairo))
+              (patches (search-patches "cairo-CVE-2016-9082.patch"))))
+    (replacement #f)
     (inputs
      `(("mesa" ,mesa)
        ,@(package-inputs cairo)))
@@ -162,6 +167,13 @@ affine transformation (scale, rotation, shear, etc.).")
        '("--enable-xlib-xcb" "--enable-gl" "--enable-egl")))
     (synopsis "2D graphics library (with X11 support)")))
 
+(define cairo/fixed
+  (package
+    (inherit cairo)
+    (source (origin
+              (inherit (package-source cairo))
+              (patches (search-patches "cairo-CVE-2016-9082.patch"))))))
+
 (define-public harfbuzz
   (package
    (name "harfbuzz")