From d32b210f282ef74caf9890e1d4ffe8eb04bd64e5 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Thu, 22 Oct 2020 21:20:47 +0200 Subject: gnu: freetype: Replace with 2.10.4 [fixes CVE-2020-15999]. * gnu/packages/fontutils.scm (freetype)[replacement]: New field, set to... (freetype/fixed): ...this new variable. --- gnu/packages/fontutils.scm | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'gnu/packages/fontutils.scm') diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm index b3852fe093..eec5093dea 100644 --- a/gnu/packages/fontutils.scm +++ b/gnu/packages/fontutils.scm @@ -6,7 +6,7 @@ ;;; Copyright © 2017 Rene Saavedra ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2017 Nikita -;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice +;;; Copyright © 2017, 2018, 2020 Tobias Geerinckx-Rice ;;; Copyright © 2018 Ricardo Wurmus ;;; Copyright © 2018, 2019 Ludovic Courtès ;;; Copyright © 2019, 2020 Marius Bakke @@ -69,6 +69,7 @@ (package (name "freetype") (version "2.10.1") + (replacement freetype/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://savannah/freetype/freetype-" @@ -97,6 +98,19 @@ anti-aliased glyph bitmap generation with 256 gray levels.") (license license:freetype) ; some files have other licenses (home-page "https://www.freetype.org/"))) +(define freetype/fixed + ;; Security fix for CVE-2020-15999. + (package + (inherit freetype) + (version "2.10.4") + (source + (origin + (method url-fetch) + (uri (string-append "mirror://savannah/freetype/freetype-" + version ".tar.xz")) + (sha256 + (base32 "112pyy215chg7f7fmp2l9374chhhpihbh8wgpj5nj6avj3c59a46")))))) + (define-public ttfautohint (package (name "ttfautohint") -- cgit v1.2.3