diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2017-09-18 22:22:27 +0200 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2017-09-18 22:27:40 +0200 |
| commit | ad472397bc5472b463d322e0246d59c8754291c8 (patch) | |
| tree | 5f376e77e9a5048febe2fe3f66ca7c8adb95ee30 /gnu/packages/gtk.scm | |
| parent | dc4ffa6766bfb798bccfdc2860cd029ada31280b (diff) | |
| download | guix-ad472397bc5472b463d322e0246d59c8754291c8.tar guix-ad472397bc5472b463d322e0246d59c8754291c8.tar.gz | |
gnu: gdk-pixbuf: Replace with 2.36.10.
Fixes CVE-2017-2862, CVE-2017-2870 and CVE-2017-6311.
* gnu/packages/gtk.scm (gdk-pixbuf, gdk-pixbuf+svg)[replacement]: New field.
(gdk-pixbuf-2.36.10, gdk-pixbuf+svg-2.36.10): New variables.
Diffstat (limited to 'gnu/packages/gtk.scm')
| -rw-r--r-- | gnu/packages/gtk.scm | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 0d1e76373c..d7c18f90e1 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -427,6 +427,7 @@ highlighting and other features typical of a source code editor.") (define-public gdk-pixbuf (package (name "gdk-pixbuf") + (replacement gdk-pixbuf-2.36.10) (version "2.36.6") (source (origin (method url-fetch) @@ -483,6 +484,7 @@ in the GNOME project.") (define-public gdk-pixbuf+svg (package (inherit gdk-pixbuf) (name "gdk-pixbuf+svg") + (replacement gdk-pixbuf+svg-2.36.10) (inputs `(("librsvg" ,librsvg) ,@(package-inputs gdk-pixbuf))) @@ -506,6 +508,26 @@ in the GNOME project.") (synopsis "GNOME image loading and manipulation library, with SVG support"))) +;; Graft replacement packages to fix these vulnerabilities. +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862 +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870 +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311 +(define-public gdk-pixbuf-2.36.10 + (package (inherit gdk-pixbuf) + (version "2.36.A") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnome/sources/gdk-pixbuf/2.36/" + "gdk-pixbuf-2.36.10.tar.xz")) + (sha256 + (base32 + "1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq")))))) + +(define-public gdk-pixbuf+svg-2.36.10 + (package (inherit gdk-pixbuf+svg) + (version "2.36.A") + (source (origin (inherit (package-source gdk-pixbuf-2.36.10)))))) + (define-public at-spi2-core (package (name "at-spi2-core") |