aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2019-02-16 19:55:10 +0100
committerMarius Bakke <mbakke@fastmail.com>2019-02-17 18:44:19 +0100
commit0296142087ce22a17ed1cad4ad28661ea02d08fa (patch)
tree842211a7bf1787a7e9866324d6bdcef3a890a787
parentec92d786be1987e38b588a1c2a623676ab9eeed1 (diff)
downloadguix-0296142087ce22a17ed1cad4ad28661ea02d08fa.tar
guix-0296142087ce22a17ed1cad4ad28661ea02d08fa.tar.gz
gnu: libjpeg-turbo: Replace with 2.0.2 [security fixes].
This fixes CVE-2018-20330 and CVE-2018-19664. * gnu/packages/image.scm (libjpeg-turbo)[replacement]: New field. (libjpeg-turbo-2.0.2): New public variable.
-rw-r--r--gnu/packages/image.scm13
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index a4418d43b1..545fe334d5 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1299,6 +1299,7 @@ PNG, and performs PNG integrity checks and corrections.")
(package
(name "libjpeg-turbo")
(version "2.0.1")
+ (replacement libjpeg-turbo-2.0.2)
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/libjpeg-turbo/"
@@ -1328,6 +1329,18 @@ and decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.).")
license:ijg ;the libjpeg library and associated tools
license:zlib)))) ;the libjpeg-turbo SIMD extensions
+(define-public libjpeg-turbo-2.0.2
+ (package
+ (inherit libjpeg-turbo)
+ (version "2.0.2")
+ (source (origin
+ (inherit (package-source libjpeg-turbo))
+ (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
+ version "/libjpeg-turbo-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1v9gx1gdzgxf51nd55ncq7rghmj4x9x91rby50ag36irwngmkf5c"))))))
+
(define-public niftilib
(package
(name "niftilib")