gnu: librsvg: Fix CVE-2019-20446.

* gnu/packages/gnome.scm (librsvg)[replacement]: New field. (librsvg/fixed): New private variable.
2020-03-03 09:21:17 +02:00 · 2020-03-03 09:21:17 +02:00 · 23f33de151
parent 3276e12392
commit 23f33de151
1 changed files with 15 additions and 0 deletions
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@ -2074,6 +2074,7 @@ (define-public libgsf

 (define-public librsvg
  (package
+    (replacement "librsvg/fixed")
    (name "librsvg")
    (version "2.40.20")
    (source (origin
@ -2138,6 +2139,20 @@ (define-public librsvg
 library.")
    (license license:lgpl2.0+)))

+(define librsvg/fixed
+  (package
+    (inherit librsvg)
+    (name "librsvg")
+    (version "2.40.21")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version)  "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1fljkag2gr7c4k5mn798lgf9903xslz8h51bgvl89nnay42qjqpp"))))))
+
 (define* (computed-origin-method gexp-promise hash-algo hash
                                 #:optional (name "source")
                                 #:key (system (%current-system))