From 10b40489742bdaa0d193c00dff1446b11c081f6a Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Thu, 6 Aug 2020 09:43:40 +0300 Subject: gnu: json-c: Fix CVE-2020-12762. * gnu/packages/web.scm (json-c)[replacement]: New field. (json-c-0.13, json-c-0.12)[source]: Add patch. (json-c/fixed): New variable. * gnu/packages/patches/json-c-CVE-2020-12762.patch, gnu/packages/patches/json-c--0.13-CVE-2020-12762.patch, gnu/packages/patches/json-c--0.12-CVE-2020-12762.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. --- gnu/packages/web.scm | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'gnu/packages/web.scm') diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm index b9c3b7fc43..c846bef21c 100644 --- a/gnu/packages/web.scm +++ b/gnu/packages/web.scm @@ -770,6 +770,7 @@ data.") (define-public json-c (package + (replacement json-c/fixed) (name "json-c") (version "0.14") (source (origin @@ -790,6 +791,15 @@ parse JSON-formatted strings back into the C representation of JSON objects. It aims to conform to RFC 7159.") (license license:x11))) +(define json-c/fixed + (package + (inherit json-c) + (name "json-c") + (version "0.14") + (source (origin + (inherit (package-source json-c)) + (patches (search-patches "json-c-CVE-2020-12762.patch")))))) + ;; TODO: Remove these old versions when all dependents have been updated. (define-public json-c-0.13 (package @@ -802,6 +812,7 @@ It aims to conform to RFC 7159.") version ".tar.gz")) (sha256 (base32 "0ws8dz9nk8q2c0gbf66kg2r6mrkl7kamd3gpdv9zsyrz9n6n0zmq")) + (patches (search-patches "json-c-0.13-CVE-2020-12762.patch")) (modules '((guix build utils))) (snippet '(begin @@ -824,6 +835,7 @@ It aims to conform to RFC 7159.") version ".tar.gz")) (sha256 (base32 "08qibrq29a5v7g23wi5icy6l4fbfw90h9ccps6vq0bcklx8n84ra")) + (patches (search-patches "json-c-0.12-CVE-2020-12762.patch")) (modules '((guix build utils))) (snippet '(begin -- cgit v1.2.3