diff options
Diffstat (limited to 'gnu/packages/image.scm')
-rw-r--r-- | gnu/packages/image.scm | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 731a1e8aed..71bd381cef 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -19,7 +19,7 @@ ;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com> ;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com> ;;; Copyright © 2018 Pierre Neidhardt <mail@ambrevar.xyz> -;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com> +;;; Copyright © 2018, 2019 Marius Bakke <mbakke@fastmail.com> ;;; Copyright © 2018 Pierre-Antoine Rouby <contact@parouby.fr> ;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com> ;;; Copyright © 2018 Rutger Helling <rhelling@mykolab.com> @@ -1489,6 +1489,7 @@ is hereby granted.")))) (package (name "libjpeg-turbo") (version "2.0.2") + (replacement libjpeg-turbo/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://sourceforge/libjpeg-turbo/" @@ -1518,6 +1519,20 @@ and decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.).") license:ijg ;the libjpeg library and associated tools license:zlib)))) ;the libjpeg-turbo SIMD extensions +;; Replacement package to fix CVE-2019-13960 and CVE-2019-2201. +(define libjpeg-turbo/fixed + (package + (inherit libjpeg-turbo) + (version "2.0.3") + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/libjpeg-turbo/" + version "/libjpeg-turbo-" version ".tar.gz")) + (sha256 + (base32 + "1ds16bnj17v6hzd43w8pzijz3imd9am4hw75ir0fxm240m8dwij2")) + (patches (search-patches "libjpeg-turbo-CVE-2019-2201.patch")))))) + (define-public niftilib (package (name "niftilib") |