02/02: gnu: gdk-pixbuf: Replace with 2.36.10.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: gnu: gdk-pixbuf: Replace with 2.36.10.

From:	Marius Bakke
Subject:	02/02: gnu: gdk-pixbuf: Replace with 2.36.10.
Date:	Mon, 18 Sep 2017 16:28:08 -0400 (EDT)

mbakke pushed a commit to branch master
in repository guix.

commit ad472397bc5472b463d322e0246d59c8754291c8
Author: Marius Bakke <address@hidden>
Date:   Mon Sep 18 22:22:27 2017 +0200

    gnu: gdk-pixbuf: Replace with 2.36.10.
    
    Fixes CVE-2017-2862, CVE-2017-2870 and CVE-2017-6311.
    
    * gnu/packages/gtk.scm (gdk-pixbuf, gdk-pixbuf+svg)[replacement]: New field.
    (gdk-pixbuf-2.36.10, gdk-pixbuf+svg-2.36.10): New variables.
---
 gnu/packages/gtk.scm | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 0d1e763..d7c18f9 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -427,6 +427,7 @@ highlighting and other features typical of a source code 
editor.")
 (define-public gdk-pixbuf
   (package
    (name "gdk-pixbuf")
+   (replacement gdk-pixbuf-2.36.10)
    (version "2.36.6")
    (source (origin
             (method url-fetch)
@@ -483,6 +484,7 @@ in the GNOME project.")
 (define-public gdk-pixbuf+svg
   (package (inherit gdk-pixbuf)
     (name "gdk-pixbuf+svg")
+    (replacement gdk-pixbuf+svg-2.36.10)
     (inputs
      `(("librsvg" ,librsvg)
        ,@(package-inputs gdk-pixbuf)))
@@ -506,6 +508,26 @@ in the GNOME project.")
     (synopsis
      "GNOME image loading and manipulation library, with SVG support")))
 
+;; Graft replacement packages to fix these vulnerabilities.
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311
+(define-public gdk-pixbuf-2.36.10
+  (package (inherit gdk-pixbuf)
+           (version "2.36.A")
+           (source (origin
+                     (method url-fetch)
+                     (uri (string-append 
"mirror://gnome/sources/gdk-pixbuf/2.36/"
+                                         "gdk-pixbuf-2.36.10.tar.xz"))
+                     (sha256
+                      (base32
+                       
"1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq"))))))
+
+(define-public gdk-pixbuf+svg-2.36.10
+  (package (inherit gdk-pixbuf+svg)
+           (version "2.36.A")
+           (source (origin (inherit (package-source gdk-pixbuf-2.36.10))))))
+
 (define-public at-spi2-core
   (package
    (name "at-spi2-core")

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (bbcfd80 -> ad47239), Marius Bakke, 2017/09/18
- 01/02: gnu: freexl: Update to 1.0.4 [fixes CVE-2017-2923 and CVE-2017-2924]., Marius Bakke, 2017/09/18
- 02/02: gnu: gdk-pixbuf: Replace with 2.36.10., Marius Bakke <=

Prev by Date: branch master updated (bbcfd80 -> ad47239)
Next by Date: branch master updated (ad47239 -> 2cb396e)
Previous by thread: 01/02: gnu: freexl: Update to 1.0.4 [fixes CVE-2017-2923 and CVE-2017-2924].
Next by thread: branch master updated (ad47239 -> 2cb396e)
Index(es):
- Date
- Thread