From af8c7e10147acd105fe33f60baab2d1d21f38f7b Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 12 Jan 2017 19:06:55 +0100 Subject: gnu: mupdf: Fix CVE-2016-{10132,10133} in bundled mujs. * gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch, gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/pdf.scm (mupdf)[replacement]: New field. (mupdf/fixed): New variable. Co-authored-by: Leo Famulari --- gnu/packages/pdf.scm | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 9b3571e67b..5e1c0db51e 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -6,10 +6,11 @@ ;;; Copyright © 2016 Roel Janssen ;;; Coypright © 2016 ng0 ;;; Coypright © 2016 Efraim Flashner -;;; Coypright © 2016 Marius Bakke +;;; Coypright © 2016, 2017 Marius Bakke ;;; Coypright © 2016 Ludovic Courtès ;;; Coypright © 2016 Julien Lepiller ;;; Copyright © 2016 Arun Isaac +;;; Copyright © 2017 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -480,6 +481,7 @@ extracting content or merging files.") (define-public mupdf (package (name "mupdf") + (replacement mupdf/fixed) (version "1.10a") (source (origin @@ -538,6 +540,18 @@ line tools for batch rendering (pdfdraw), rewriting files (pdfclean), and examining the file structure (pdfshow).") (license license:agpl3+))) +(define mupdf/fixed + (package + (inherit mupdf) + (source + (origin + (inherit (package-source mupdf)) + (patches + (append + (origin-patches (package-source mupdf)) + (search-patches "mupdf-mujs-CVE-2016-10132.patch" + "mupdf-mujs-CVE-2016-10133.patch"))))))) + (define-public qpdf (package (name "qpdf") -- cgit v1.2.3 From 623feb452ad89727e0aa19d49baabd11e84ac6ef Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 16 Jan 2017 10:15:00 +0100 Subject: gnu: zathura: Update to 0.3.7. * gnu/packages/pdf.scm (zathura): Update to 0.3.7. --- gnu/packages/pdf.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 5e1c0db51e..e967203730 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -399,7 +399,7 @@ by using the poppler rendering engine.") (define-public zathura (package (name "zathura") - (version "0.3.6") + (version "0.3.7") (source (origin (method url-fetch) (uri @@ -407,7 +407,7 @@ by using the poppler rendering engine.") version ".tar.gz")) (sha256 (base32 - "0fyb5hak0knqvg90rmdavwcmilhnrwgg1s5ykx9wd3skbpi8nsh8")) + "1w0g74dq4z2vl3f99s2gkaqrb5pskgzig10qhbxj4gq9yj4zzbr2")) (patches (search-patches "zathura-plugindir-environment-variable.patch")))) (native-inputs `(("pkg-config" ,pkg-config) -- cgit v1.2.3 From 4df3dc419d7160cc3b6d56eb513b4b1a4e1fcb78 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 16 Jan 2017 10:16:59 +0100 Subject: gnu: zathura-cb: Update to 0.1.6. * gnu/packages/pdf.scm (zathura-cb): Update to 0.1.6. --- gnu/packages/pdf.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index e967203730..e930a19f8e 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -272,7 +272,7 @@ reading and editing of existing PDF files.") (define-public zathura-cb (package (name "zathura-cb") - (version "0.1.5") + (version "0.1.6") (source (origin (method url-fetch) (uri @@ -280,7 +280,7 @@ reading and editing of existing PDF files.") version ".tar.gz")) (sha256 (base32 - "1zbazysdjwwnzw01qlnzyixwmsi8rqskc76mp81qcr3rpl96jprp")))) + "1fim4mpm8l2g3msj1vg70ks3c9lrwllv3yh4jv8l9f8k3r19b3l8")))) (native-inputs `(("pkg-config" ,pkg-config))) (propagated-inputs `(("girara" ,girara))) (inputs `(("libarchive" ,libarchive) -- cgit v1.2.3 From fe5fe355fd13daa1a17d0bb447a0317978436116 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 16 Jan 2017 10:18:47 +0100 Subject: gnu: zathura-ps: Update to 0.2.4. * gnu/packages/pdf.scm (zathura-ps): Update to 0.2.4. --- gnu/packages/pdf.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index e930a19f8e..73b0e0fa3a 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -303,7 +303,7 @@ using libarchive.") (define-public zathura-ps (package (name "zathura-ps") - (version "0.2.3") + (version "0.2.4") (source (origin (method url-fetch) (uri @@ -311,7 +311,7 @@ using libarchive.") version ".tar.gz")) (sha256 (base32 - "18wsfy8pqficdgj8wy2aws7j4fy8z78157rhqk17mj5f295zgvm9")))) + "1nxbl0glnzpan78fhdfzhkcd0cikcvrkzf9m56mb0pvnwzlwg7zv")))) (native-inputs `(("pkg-config" ,pkg-config))) (propagated-inputs `(("girara" ,girara))) (inputs `(("libspectre" ,libspectre) -- cgit v1.2.3 From 16a9f83fe03b9ab671c192d83a635f7beca82919 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 16 Jan 2017 10:20:15 +0100 Subject: gnu: zathura-djvu: Update to 0.2.6. * gnu/packages/pdf.scm (zathura-djvu): Update to 0.2.6. --- gnu/packages/pdf.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 73b0e0fa3a..80199496b6 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -334,7 +334,7 @@ using libspectre.") (define-public zathura-djvu (package (name "zathura-djvu") - (version "0.2.5") + (version "0.2.6") (source (origin (method url-fetch) (uri @@ -342,7 +342,7 @@ using libspectre.") version ".tar.gz")) (sha256 (base32 - "03cw54d2fipvbrnbqy0xccqkx6s77dyhyymx479aj5ryy4513dq8")))) + "0py0ra44f65cg064xzds0qr6vnglj2a5bwhnbwa0dyh2nyizdzmf")))) (native-inputs `(("pkg-config" ,pkg-config))) (propagated-inputs `(("girara" ,girara))) (inputs -- cgit v1.2.3 From 4ec840917c781faa4179c79258b91776a4e2444c Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 16 Jan 2017 10:21:46 +0100 Subject: gnu: zathura-pdf-poppler: Update to 0.2.7. * gnu/packages/pdf.scm (zathura-pdf-poppler): Update to 0.2.7. --- gnu/packages/pdf.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/pdf.scm') diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index 80199496b6..2ea48e5999 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -366,7 +366,7 @@ using the DjVuLibre library.") (define-public zathura-pdf-poppler (package (name "zathura-pdf-poppler") - (version "0.2.6") + (version "0.2.7") (source (origin (method url-fetch) (uri @@ -374,7 +374,7 @@ using the DjVuLibre library.") version ".tar.gz")) (sha256 (base32 - "1maqiv7yv8d8hymlffa688c5z71v85kbzmx2j88i8z349xx0rsyi")))) + "1h43sgxpsbrsnn5z19661642plzhpv6b0y3f4kyzshv1rr6lwplq")))) (native-inputs `(("pkg-config" ,pkg-config))) (propagated-inputs `(("girara" ,girara))) (inputs -- cgit v1.2.3