diff options
author | Marius Bakke <mbakke@fastmail.com> | 2019-04-17 22:36:47 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2019-04-23 19:39:03 +0200 |
commit | a18581a02da0b5ca1c99f2114129513cdf5fa05d (patch) | |
tree | 6e6ff59c3ae7189afc769a29b6443be5afb6eb90 | |
parent | 30023aa670dfa3fb7fb1234d119e6a839f6bd914 (diff) | |
download | patches-a18581a02da0b5ca1c99f2114129513cdf5fa05d.tar patches-a18581a02da0b5ca1c99f2114129513cdf5fa05d.tar.gz |
gnu: libpng: Replace with 1.6.37 [security fixes].
This fixes CVE-2018-14048, CVE-2018-14550, and CVE-2019-7317.
* gnu/packages/image.scm (libpng)[replacement]: New field.
(libpng-1.6.37): New public variable.
-rw-r--r-- | gnu/packages/image.scm | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 4010fd0ace..4443e1c83d 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -87,6 +87,7 @@ (package (name "libpng") (version "1.6.34") + (replacement libpng-1.6.37) (source (origin (method url-fetch) (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" @@ -112,6 +113,25 @@ library. It supports almost all PNG features and is extensible.") (license license:zlib) (home-page "http://www.libpng.org/pub/png/libpng.html"))) +;; This graft exists to fix CVE-2018-14048, CVE-2018-14550, and CVE-2019-7317. +(define-public libpng-1.6.37 + (package + (inherit libpng) + (version "1.6.37") + (source (origin + (method url-fetch) + (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" + version "/libpng-" version ".tar.xz") + (string-append + "ftp://ftp.simplesystems.org/pub/libpng/png/src" + "/libpng16/libpng-" version ".tar.xz") + (string-append + "ftp://ftp.simplesystems.org/pub/libpng/png/src/history" + "/libpng16/libpng-" version ".tar.xz"))) + (sha256 + (base32 + "1jl8in381z0128vgxnvn33nln6hzckl7l7j9nqvkaf1m9n1p0pjh")))))) + ;; libpng-apng should be updated when the APNG patch is released: ;; <https://bugs.gnu.org/27556> (define-public libpng-apng |