From 9a46e0dd843a2f4c832f74e9a503e7200c934eb7 Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius@gnu.org>
Date: Tue, 2 Jun 2020 23:40:19 +0200
Subject: gnu: dbus: Fix CVE-2020-12049.

* gnu/packages/patches/dbus-CVE-2020-12049.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/glib.scm (dbus/fixed): New variable.
(dbus)[replacement]: New field.
---
 gnu/packages/glib.scm | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'gnu/packages/glib.scm')

diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 12ba6e939b..94dc6adf6f 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -88,6 +88,7 @@
   (package
     (name "dbus")
     (version "1.12.16")
+    (replacement dbus/fixed)
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -164,6 +165,15 @@ or through unencrypted TCP/IP suitable for use behind a firewall with
 shared NFS home directories.")
     (license license:gpl2+)))                     ; or Academic Free License 2.1
 
+;; Replacement package to fix CVE-2020-12049.
+(define dbus/fixed
+  (package
+    (inherit dbus)
+    (source (origin
+              (inherit (package-source dbus))
+              (patches (append (search-patches "dbus-CVE-2020-12049.patch")
+                               (origin-patches (package-source dbus))))))))
+
 (define glib
   (package
    (name "glib")
-- 
cgit v1.2.3