From 097b80e1801165e18539eedad9df8a311897ae40 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 12 Sep 2017 03:40:46 +0200 Subject: gnu: gtksourceview: Update to 3.24.4. * gnu/packages/gtk.scm (gtksourceview): Update to 3.24.4. --- gnu/packages/gtk.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/gtk.scm') diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 1ea051bfb0..0d1e76373c 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -379,7 +379,7 @@ printing and other features typical of a source code editor.") (define-public gtksourceview (package (name "gtksourceview") - (version "3.24.2") + (version "3.24.4") (source (origin (method url-fetch) (uri (string-append "mirror://gnome/sources/" name "/" @@ -387,7 +387,7 @@ printing and other features typical of a source code editor.") name "-" version ".tar.xz")) (sha256 (base32 - "17xqrnh2v9gba57ij2m9kngxwh19fzsqkx1rfasnv4zaqvqqhv69")))) + "14x738xrz9q8qz13xd7dys748ryxyq2srbqyaa9r7n47h2av2zr0")))) (build-system gnu-build-system) (arguments '(#:phases -- cgit v1.2.3 From ad472397bc5472b463d322e0246d59c8754291c8 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 18 Sep 2017 22:22:27 +0200 Subject: gnu: gdk-pixbuf: Replace with 2.36.10. Fixes CVE-2017-2862, CVE-2017-2870 and CVE-2017-6311. * gnu/packages/gtk.scm (gdk-pixbuf, gdk-pixbuf+svg)[replacement]: New field. (gdk-pixbuf-2.36.10, gdk-pixbuf+svg-2.36.10): New variables. --- gnu/packages/gtk.scm | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'gnu/packages/gtk.scm') diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm index 0d1e76373c..d7c18f90e1 100644 --- a/gnu/packages/gtk.scm +++ b/gnu/packages/gtk.scm @@ -427,6 +427,7 @@ highlighting and other features typical of a source code editor.") (define-public gdk-pixbuf (package (name "gdk-pixbuf") + (replacement gdk-pixbuf-2.36.10) (version "2.36.6") (source (origin (method url-fetch) @@ -483,6 +484,7 @@ in the GNOME project.") (define-public gdk-pixbuf+svg (package (inherit gdk-pixbuf) (name "gdk-pixbuf+svg") + (replacement gdk-pixbuf+svg-2.36.10) (inputs `(("librsvg" ,librsvg) ,@(package-inputs gdk-pixbuf))) @@ -506,6 +508,26 @@ in the GNOME project.") (synopsis "GNOME image loading and manipulation library, with SVG support"))) +;; Graft replacement packages to fix these vulnerabilities. +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862 +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870 +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311 +(define-public gdk-pixbuf-2.36.10 + (package (inherit gdk-pixbuf) + (version "2.36.A") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnome/sources/gdk-pixbuf/2.36/" + "gdk-pixbuf-2.36.10.tar.xz")) + (sha256 + (base32 + "1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq")))))) + +(define-public gdk-pixbuf+svg-2.36.10 + (package (inherit gdk-pixbuf+svg) + (version "2.36.A") + (source (origin (inherit (package-source gdk-pixbuf-2.36.10)))))) + (define-public at-spi2-core (package (name "at-spi2-core") -- cgit v1.2.3