aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2020-08-03 16:25:55 -0400
committerMark H Weaver <mhw@netris.org>2020-08-03 17:10:33 -0400
commit4fe1b2e69ee29f707b1b33957c570b515928c783 (patch)
tree522ee2e45648b94dad2bf9c6efc6aab2c4b8273b
parent3883fad295f3e3c387fe3fa540e8a1613cedd9bc (diff)
downloadguix-4fe1b2e69ee29f707b1b33957c570b515928c783.tar
guix-4fe1b2e69ee29f707b1b33957c570b515928c783.tar.gz
gnu: libjpeg-turbo: Replace with 2.0.5 [fixes CVE-2020-13790].
* gnu/packages/image.scm (libjpeg-turbo/fixed): New variable. (libjpeg-turbo)[replacement]: New field.
-rw-r--r--gnu/packages/image.scm13
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 20dcfe1cf1..4d443f820f 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1580,6 +1580,7 @@ is hereby granted."))))
(package
(name "libjpeg-turbo")
(version "2.0.4")
+ (replacement libjpeg-turbo/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/libjpeg-turbo/"
@@ -1636,6 +1637,18 @@ and decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.).")
license:ijg ;the libjpeg library and associated tools
license:zlib)))) ;the libjpeg-turbo SIMD extensions
+(define libjpeg-turbo/fixed
+ (package
+ (inherit libjpeg-turbo)
+ (version "2.0.5")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
+ version "/libjpeg-turbo-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0pbv6pc97kbj7ib31qcwi7lnmm9xg5y3b11aasmkhfjvf7rgdy0n"))))))
+
(define-deprecated libjpeg libjpeg-turbo)
(export libjpeg)