From 924a78b1148e8a433178c6e9737e0029691b0022 Mon Sep 17 00:00:00 2001
From: Marius Bakke <marius@gnu.org>
Date: Wed, 10 Aug 2022 09:50:02 +0200
Subject: gnu: aspell: Fix CVE-2019-25051 with a graft.

This partially reverts commit 468c95e9415bc303cfa36c9b67bbd2ce0abe904b in
order to prevent rebuilding 2k+ packages via 'inkscape'.

* gnu/packages/aspell.scm (aspell)[replacement]: New field.
[source](patches): Remove "aspell-CVE-2019-25051.patch".
(aspell/replacement): New private variable.
---
 gnu/packages/aspell.scm | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'gnu/packages')

diff --git a/gnu/packages/aspell.scm b/gnu/packages/aspell.scm
index d2737ee79a..ec0dafbc7a 100644
--- a/gnu/packages/aspell.scm
+++ b/gnu/packages/aspell.scm
@@ -47,6 +47,7 @@
   (package
     (name "aspell")
     (version "0.60.8")
+    (replacement aspell/replacement)
     (source
      (origin
       (method url-fetch)
@@ -55,8 +56,7 @@
       (sha256
        (base32
         "1wi60ankalmh8ds7nplz434jd7j94gdvbahdwsr539rlad8pxdzr"))
-      (patches (search-patches "aspell-default-dict-dir.patch"
-                               "aspell-CVE-2019-25051.patch"))))
+      (patches (search-patches "aspell-default-dict-dir.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -93,6 +93,16 @@ documents written in the UTF-8 encoding and its ability to use multiple
 dictionaries, including personal ones.")
     (license lgpl2.1+)))
 
+;; Replacement package with security fixes.
+(define aspell/replacement
+  (package
+    (inherit aspell)
+    (source
+     (origin
+       (inherit (package-source aspell))
+       (patches (append (origin-patches (package-source aspell))
+                        (search-patches "aspell-CVE-2019-25051.patch")))))))
+
 ;;;
 ;;; Dictionaries.
 ;;;
-- 
cgit v1.2.3