aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/ghostscript.scm
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2019-04-07 21:10:26 +0300
committerEfraim Flashner <efraim@flashner.co.il>2019-04-07 21:10:26 +0300
commit8a3bb34c5e9aa4bc2042da8541e6cb74de7066f7 (patch)
treea08fa5b7bf8e3994fd5ff7d27a43c4001d211dbe /gnu/packages/ghostscript.scm
parent71b4974a40347bdc651c3a1f923780733d96ded7 (diff)
downloadguix-8a3bb34c5e9aa4bc2042da8541e6cb74de7066f7.tar
guix-8a3bb34c5e9aa4bc2042da8541e6cb74de7066f7.tar.gz
gnu: lcms: Fix CVE-2018-16435.
* gnu/packages/ghostscript.scm (lcms)[replacement]: New field. (lcms/fixed): New variable. * gnu/packages/patches/lcms-CVE-2018-16435.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
Diffstat (limited to 'gnu/packages/ghostscript.scm')
-rw-r--r--gnu/packages/ghostscript.scm11
1 files changed, 10 insertions, 1 deletions
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index d8c0050513..53a9b60fdb 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -4,7 +4,7 @@
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2013, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
-;;; Copyright © 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
@@ -47,6 +47,7 @@
(define-public lcms
(package
(name "lcms")
+ (replacement lcms/fixed)
(version "2.9")
(source (origin
(method url-fetch)
@@ -67,6 +68,14 @@ Consortium standard (ICC), approved as ISO 15076-1.")
(home-page "http://www.littlecms.com/")
(properties '((cpe-name . "little_cms_color_engine")))))
+(define lcms/fixed
+ (package
+ (inherit lcms)
+ (source
+ (origin
+ (inherit (package-source lcms))
+ (patches (search-patches "lcms-CVE-2018-16435.patch"))))))
+
(define-public libpaper
(package
(name "libpaper")