From c73a00a3763aef0045dd30c252d93ce4d12e76f8 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 19 Jan 2018 18:06:08 -0800
Subject: gnu: libsndfile: Fix CVE-2017-12562.

* gnu/packages/patches/libsndfile-CVE-2017-12562.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/pulseaudio.scm (libsndfile)[replacement]: New field.
(libsndfile/fixed): New variable.
---
 gnu/packages/pulseaudio.scm | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'gnu/packages/pulseaudio.scm')

diff --git a/gnu/packages/pulseaudio.scm b/gnu/packages/pulseaudio.scm
index ba288aa441..39f54437cb 100644
--- a/gnu/packages/pulseaudio.scm
+++ b/gnu/packages/pulseaudio.scm
@@ -47,6 +47,7 @@
 (define-public libsndfile
   (package
     (name "libsndfile")
+    (replacement libsndfile/fixed)
     (version "1.0.28")
     (source (origin
              (method url-fetch)
@@ -80,6 +81,15 @@ SPARC.  Hopefully the design of the library will also make it easy to extend
 for reading and writing new sound file formats.")
     (license l:gpl2+)))
 
+(define libsndfile/fixed
+  (package
+    (inherit libsndfile)
+    (source (origin
+              (inherit (package-source libsndfile))
+              (patches (append
+                         (origin-patches (package-source libsndfile))
+                         (search-patches "libsndfile-CVE-2017-12562.patch")))))))
+
 (define-public libsamplerate
   (package
     (name "libsamplerate")                     ; aka. Secret Rabbit Code (SRC)
-- 
cgit v1.2.3