diff options
author | Marius Bakke <mbakke@fastmail.com> | 2019-02-16 19:55:10 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2019-02-17 18:44:19 +0100 |
commit | 0296142087ce22a17ed1cad4ad28661ea02d08fa (patch) | |
tree | 842211a7bf1787a7e9866324d6bdcef3a890a787 | |
parent | ec92d786be1987e38b588a1c2a623676ab9eeed1 (diff) | |
download | guix-0296142087ce22a17ed1cad4ad28661ea02d08fa.tar guix-0296142087ce22a17ed1cad4ad28661ea02d08fa.tar.gz |
gnu: libjpeg-turbo: Replace with 2.0.2 [security fixes].
This fixes CVE-2018-20330 and CVE-2018-19664.
* gnu/packages/image.scm (libjpeg-turbo)[replacement]: New field.
(libjpeg-turbo-2.0.2): New public variable.
-rw-r--r-- | gnu/packages/image.scm | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index a4418d43b1..545fe334d5 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -1299,6 +1299,7 @@ PNG, and performs PNG integrity checks and corrections.") (package (name "libjpeg-turbo") (version "2.0.1") + (replacement libjpeg-turbo-2.0.2) (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/libjpeg-turbo/" @@ -1328,6 +1329,18 @@ and decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.).") license:ijg ;the libjpeg library and associated tools license:zlib)))) ;the libjpeg-turbo SIMD extensions +(define-public libjpeg-turbo-2.0.2 + (package + (inherit libjpeg-turbo) + (version "2.0.2") + (source (origin + (inherit (package-source libjpeg-turbo)) + (uri (string-append "mirror://sourceforge/libjpeg-turbo/" + version "/libjpeg-turbo-" version ".tar.gz")) + (sha256 + (base32 + "1v9gx1gdzgxf51nd55ncq7rghmj4x9x91rby50ag36irwngmkf5c")))))) + (define-public niftilib (package (name "niftilib") |