aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-09-18 22:22:27 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-09-18 22:27:40 +0200
commitad472397bc5472b463d322e0246d59c8754291c8 (patch)
tree5f376e77e9a5048febe2fe3f66ca7c8adb95ee30
parentdc4ffa6766bfb798bccfdc2860cd029ada31280b (diff)
downloadgnu-guix-ad472397bc5472b463d322e0246d59c8754291c8.tar
gnu-guix-ad472397bc5472b463d322e0246d59c8754291c8.tar.gz
gnu: gdk-pixbuf: Replace with 2.36.10.
Fixes CVE-2017-2862, CVE-2017-2870 and CVE-2017-6311. * gnu/packages/gtk.scm (gdk-pixbuf, gdk-pixbuf+svg)[replacement]: New field. (gdk-pixbuf-2.36.10, gdk-pixbuf+svg-2.36.10): New variables.
-rw-r--r--gnu/packages/gtk.scm22
1 files changed, 22 insertions, 0 deletions
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 0d1e76373c..d7c18f90e1 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -427,6 +427,7 @@ highlighting and other features typical of a source code editor.")
(define-public gdk-pixbuf
(package
(name "gdk-pixbuf")
+ (replacement gdk-pixbuf-2.36.10)
(version "2.36.6")
(source (origin
(method url-fetch)
@@ -483,6 +484,7 @@ in the GNOME project.")
(define-public gdk-pixbuf+svg
(package (inherit gdk-pixbuf)
(name "gdk-pixbuf+svg")
+ (replacement gdk-pixbuf+svg-2.36.10)
(inputs
`(("librsvg" ,librsvg)
,@(package-inputs gdk-pixbuf)))
@@ -506,6 +508,26 @@ in the GNOME project.")
(synopsis
"GNOME image loading and manipulation library, with SVG support")))
+;; Graft replacement packages to fix these vulnerabilities.
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311
+(define-public gdk-pixbuf-2.36.10
+ (package (inherit gdk-pixbuf)
+ (version "2.36.A")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://gnome/sources/gdk-pixbuf/2.36/"
+ "gdk-pixbuf-2.36.10.tar.xz"))
+ (sha256
+ (base32
+ "1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq"))))))
+
+(define-public gdk-pixbuf+svg-2.36.10
+ (package (inherit gdk-pixbuf+svg)
+ (version "2.36.A")
+ (source (origin (inherit (package-source gdk-pixbuf-2.36.10))))))
+
(define-public at-spi2-core
(package
(name "at-spi2-core")