From 8a3bb34c5e9aa4bc2042da8541e6cb74de7066f7 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sun, 7 Apr 2019 21:10:26 +0300 Subject: gnu: lcms: Fix CVE-2018-16435. * gnu/packages/ghostscript.scm (lcms)[replacement]: New field. (lcms/fixed): New variable. * gnu/packages/patches/lcms-CVE-2018-16435.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/packages/ghostscript.scm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'gnu/packages/ghostscript.scm') diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm index d8c0050513..53a9b60fdb 100644 --- a/gnu/packages/ghostscript.scm +++ b/gnu/packages/ghostscript.scm @@ -4,7 +4,7 @@ ;;; Copyright © 2015 Ricardo Wurmus ;;; Copyright © 2013, 2015, 2016, 2017 Ludovic Courtès ;;; Copyright © 2017 Alex Vong -;;; Copyright © 2017, 2018 Efraim Flashner +;;; Copyright © 2017, 2018, 2019 Efraim Flashner ;;; Copyright © 2017 Leo Famulari ;;; Copyright © 2018 Tobias Geerinckx-Rice ;;; Copyright © 2018 Marius Bakke @@ -47,6 +47,7 @@ (define-public lcms (package (name "lcms") + (replacement lcms/fixed) (version "2.9") (source (origin (method url-fetch) @@ -67,6 +68,14 @@ Consortium standard (ICC), approved as ISO 15076-1.") (home-page "http://www.littlecms.com/") (properties '((cpe-name . "little_cms_color_engine"))))) +(define lcms/fixed + (package + (inherit lcms) + (source + (origin + (inherit (package-source lcms)) + (patches (search-patches "lcms-CVE-2018-16435.patch")))))) + (define-public libpaper (package (name "libpaper") -- cgit v1.2.3