From 23f33de151368f52832fd96048b342bd1a6e8c74 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Tue, 3 Mar 2020 09:21:17 +0200 Subject: gnu: librsvg: Fix CVE-2019-20446. * gnu/packages/gnome.scm (librsvg)[replacement]: New field. (librsvg/fixed): New private variable. --- gnu/packages/gnome.scm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index ff262d1fa8..7cfe35d3f0 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -2074,6 +2074,7 @@ dealing with different structured file formats.") (define-public librsvg (package + (replacement "librsvg/fixed") (name "librsvg") (version "2.40.20") (source (origin @@ -2138,6 +2139,20 @@ dealing with different structured file formats.") library.") (license license:lgpl2.0+))) +(define librsvg/fixed + (package + (inherit librsvg) + (name "librsvg") + (version "2.40.21") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnome/sources/" name "/" + (version-major+minor version) "/" + name "-" version ".tar.xz")) + (sha256 + (base32 + "1fljkag2gr7c4k5mn798lgf9903xslz8h51bgvl89nnay42qjqpp")))))) + (define* (computed-origin-method gexp-promise hash-algo hash #:optional (name "source") #:key (system (%current-system)) -- cgit v1.2.3