From 1c4a500aae53b8cd33d1266eb3809b859ae2555d Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Mon, 1 May 2017 14:24:50 -0400
Subject: gnu: libsndfile: Fix CVE-2017-{8361,8362,8363,8365}.

* gnu/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch,
gnu/packages/patches/libsndfile-CVE-2017-8362.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
(libsndfile/fixed): New variable.
---
 gnu/packages/pulseaudio.scm | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'gnu/packages/pulseaudio.scm')

diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index c52f265cc1..92ebe6f3eb 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -45,6 +45,7 @@
 (define-public libsndfile
   (package
     (name "libsndfile")
+    (replacement libsndfile/fixed)
     (version "1.0.28")
     (source (origin
              (method url-fetch)
@@ -76,6 +77,18 @@ SPARC.  Hopefully the design of the library will also make it easy to extend
 for reading and writing new sound file formats.")
     (license l:gpl2+)))
 
+(define libsndfile/fixed
+  (package
+    (inherit libsndfile)
+    (source
+      (origin
+        (inherit (package-source libsndfile))
+        (patches
+          (append
+            (origin-patches (package-source libsndfile))
+            (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
+                            "libsndfile-CVE-2017-8362.patch")))))))
+
 (define-public libsamplerate
   (package
     (name "libsamplerate")                     ; aka. Secret Rabbit Code (SRC)
-- 
cgit v1.2.3