From 4d93a76138246ba1f9d6f81da4039e89e14570be Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 31 May 2016 13:23:17 -0400 Subject: gnu: graphicsmagick: Update to 1.3.24 [security update]. Fixes CVE-2016-{2317, 2318, 5118} and many other security issues described in 'NEWS.txt'. * gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it. * gnu/packages/imagemagick.scm (graphicsmagick): Update to 1.3.24. [source]: Remove patch. --- gnu/local.mk | 1 - gnu/packages/imagemagick.scm | 6 +++--- .../patches/graphicsmagick-CVE-2016-5118.patch | 19 ------------------- 3 files changed, 3 insertions(+), 23 deletions(-) delete mode 100644 gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 6e2d765159..f669167091 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -524,7 +524,6 @@ dist_patch_DATA = \ %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \ %D%/packages/patches/gobject-introspection-cc.patch \ %D%/packages/patches/gobject-introspection-girepository.patch \ - %D%/packages/patches/graphicsmagick-CVE-2016-5118.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/grub-CVE-2015-8370.patch \ %D%/packages/patches/grub-gets-undeclared.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index f129b16289..dc03ea48a4 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès ;;; Copyright © 2015 Eric Bavier ;;; Copyright © 2015 Ricardo Wurmus +;;; Copyright © 2016 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -154,16 +155,15 @@ (define-public perl-image-magick (define-public graphicsmagick (package (name "graphicsmagick") - (version "1.3.23") + (version "1.3.24") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.graphicsmagick.org/pub/" "GraphicsMagick/" (version-major+minor version) "/GraphicsMagick-" version ".tar.xz")) - (patches (search-patches "graphicsmagick-CVE-2016-5118.patch")) (sha256 (base32 - "03g6l2h8cmf231y1vma0z7x85070jm1ysgs9ppqcd3jj56jka9gx")))) + "1q40w5hcl8rcpszm0r7rpr3a9lj390p39zfvavkvlgxyyk7bmgsj")))) (build-system gnu-build-system) (arguments `(#:configure-flags diff --git a/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch b/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch deleted file mode 100644 index ddd1ce93f4..0000000000 --- a/gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch +++ /dev/null @@ -1,19 +0,0 @@ -Fix CVE-2016-5118 (popen() shell vulnerability via filename). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118 - -Upstream patch copied from the bug announcement: -http://seclists.org/oss-sec/2016/q2/432 -https://marc.info/?l=oss-security&m=146455222600609&w=2 - -diff -r 33200fc645f6 magick/blob.c ---- a/magick/blob.c Sat Nov 07 14:49:16 2015 -0600 -+++ b/magick/blob.c Sun May 29 14:12:57 2016 -0500 -@@ -68,6 +68,7 @@ - */ - #define DefaultBlobQuantum 65541 - -+#undef HAVE_POPEN - - /* - Enum declarations. -- cgit v1.2.3