From 0eb0fe2d302028b51185b98ac55e45b483a5ea82 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Wed, 12 Apr 2017 06:19:56 +0300 Subject: gnu: jasper: Fixx CVE-2017-6850. * gnu/packages/image.scm (jasper)[source]: Add patch. * gnu/packages/patches/jasper-CVE-2017-6850.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/packages/image.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index b5b3a7283d..2725c168b6 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -905,7 +905,8 @@ convert, manipulate, filter and display a wide variety of image formats.") "/software/jasper-" version ".tar.gz")) (sha256 (base32 - "1njdbxv7d4anzrd476wjww2qsi96dd8vfnp4hri0srrqxpszl92v")))) + "1njdbxv7d4anzrd476wjww2qsi96dd8vfnp4hri0srrqxpszl92v")) + (patches (search-patches "jasper-CVE-2017-6850.patch")))) (build-system cmake-build-system) (inputs `(("libjpeg" ,libjpeg))) (synopsis "JPEG-2000 library") -- cgit v1.2.3 From 1aa78816f9eeb43f16af5386d6f3fc5c42dd5e06 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 21 Apr 2017 15:33:29 +0200 Subject: gnu: imlib2: Update to 1.4.10. * gnu/packages/image.scm (imlib2): Update to 1.4.10. --- gnu/packages/image.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 2725c168b6..2027395ca6 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -598,7 +598,7 @@ compose, and analyze GIF images.") (define-public imlib2 (package (name "imlib2") - (version "1.4.9") + (version "1.4.10") (source (origin (method url-fetch) (uri (string-append @@ -606,7 +606,7 @@ compose, and analyze GIF images.") "/imlib2-" version ".tar.bz2")) (sha256 (base32 - "08809xxk2555yj6glixzw9a0x3x8cx55imd89kj3r0h152bn8a3x")))) + "0wm2q2xlkbm71k7mw2jyzbxgzylrkcj5yh6nq58w5gybhp98qs9z")))) (build-system gnu-build-system) (native-inputs `(("pkgconfig" ,pkg-config))) -- cgit v1.2.3 From 484f7a886219ed6d7633c6ee71fc802d677d14ed Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sat, 6 May 2017 10:45:57 -0400 Subject: gnu: libtiff: Add fixes several security flaws. Fixes CVE-2017-{7593, 7594, 7595, 7596, 7597, 7598, 7599, 7600, 7601, 7602}. * gnu/packages/patches/libtiff-CVE-2017-7593.patch, gnu/packages/patches/libtiff-CVE-2017-7594.patch, gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/image.scm (libtiff)[replacement]: New field. (libtiff/fixed): New variable. --- gnu/packages/image.scm | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 2027395ca6..1a1108563d 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -13,7 +13,7 @@ ;;; Copyright © 2016 Tobias Geerinckx-Rice ;;; Copyright © 2016 Eric Bavier ;;; Copyright © 2016 Arun Isaac -;;; Copyright © 2016 Kei Kebreau +;;; Copyright © 2016, 2017 Kei Kebreau ;;; Copyright © 2017 ng0 ;;; ;;; This file is part of GNU Guix. @@ -299,6 +299,7 @@ extracting icontainer icon files.") (define-public libtiff (package (name "libtiff") + (replacement libtiff/fixed) (version "4.0.7") (source (origin (method url-fetch) @@ -347,6 +348,19 @@ collection of tools for doing simple manipulations of TIFF images.") "See COPYRIGHT in the distribution.")) (home-page "http://www.simplesystems.org/libtiff/"))) +(define libtiff/fixed + (package + (inherit libtiff) + (source + (origin + (inherit (package-source libtiff)) + (patches + (append + (origin-patches (package-source libtiff)) + (search-patches "libtiff-CVE-2017-7593.patch" + "libtiff-CVE-2017-7594.patch" + "libtiff-multiple-UBSAN-crashes.patch"))))))) + (define-public libwmf (package (name "libwmf") -- cgit v1.2.3 From 2f8b9c4648ef7b52e0bbae040914b007f565f877 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Sun, 7 May 2017 19:23:56 +0200 Subject: gnu: Add pngcrunch. * gnu/packages/image.scm (pngcrunch): New variable. --- gnu/packages/image.scm | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 1a1108563d..de8043d236 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -15,6 +15,7 @@ ;;; Copyright © 2016 Arun Isaac ;;; Copyright © 2016, 2017 Kei Kebreau ;;; Copyright © 2017 ng0 +;;; Copyright © 2017 Hartmut Goebel ;;; ;;; This file is part of GNU Guix. ;;; @@ -155,6 +156,41 @@ APNG patch provides APNG support to libpng.") (sha256 (base32 "1n2lrzjkm5jhfg2bs10q398lkwbbx742fi27zgdgx0x23zhj0ihg")))))) +(define-public pngcrunch + (package + (name "pngcrunch") + (version "1.8.11") + (source (origin + (method url-fetch) + (uri (string-append "mirror://sourceforge/pmt/pngcrush/" + version "/pngcrush-" version ".tar.xz")) + (sha256 (base32 + "1c7m316i91jp3h1dj1ppppdv6zilm2njk1wrpqy2zj0fcll06lwd")))) + (build-system gnu-build-system) + (arguments + '(#:make-flags '("-f" "Makefile-nolib") + #:tests? #f ; no check target + #:phases + (modify-phases %standard-phases + (replace 'configure + (lambda* (#:key inputs outputs #:allow-other-keys) + (substitute* "Makefile-nolib" + (("^(PNG(INC|LIB) = )/usr/local/" line vardef) + (string-append vardef (assoc-ref inputs "libpng") "/")) + (("^(Z(INC|LIB) = )/usr/local/" line vardef) + (string-append vardef (assoc-ref inputs "zlib") "/")) + ;; The Makefile is written by hand and not using $PREFIX + (("\\$\\(DESTDIR\\)/usr/") + (string-append (assoc-ref outputs "out") "/")))))))) + (inputs + `(("libpng" ,libpng) + ("zlib" , zlib))) + (home-page "https://pmt.sourceforge.net/pngcrush") + (synopsis "Utility to compress PNG files") + (description "pngcrusqh is an optimizer for PNG (Portable Network Graphics) +files. It can compress them as much as 40% losslessly.") + (license license:zlib))) + (define-public libjpeg (package (name "libjpeg") -- cgit v1.2.3 From 10cb88f85cb4a967fac756ee76f6dc60d60d7bef Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Sat, 20 May 2017 15:48:11 -0400 Subject: gnu: jbig2dec: Fix CVE-2017-{7885,7975,7976}. * gnu/packages/patches/jbig2dec-CVE-2017-7885.patch, gnu/packages/patches/jbig2dec-CVE-2017-7975.patch, gnu/packages/patches/jbig2dec-CVE-2017-7976.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/image.scm (jbig2dec)[source]: Use them. --- gnu/packages/image.scm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index de8043d236..86902d5680 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -509,7 +509,10 @@ arithmetic ops.") (sha256 (base32 "04akiwab8iy5iy34razcvh9mcja9wy737civ3sbjxk4j143s1b2s")) (patches (search-patches "jbig2dec-ignore-testtest.patch" - "jbig2dec-CVE-2016-9601.patch")))) + "jbig2dec-CVE-2016-9601.patch" + "jbig2dec-CVE-2017-7885.patch" + "jbig2dec-CVE-2017-7975.patch" + "jbig2dec-CVE-2017-7976.patch")))) (build-system gnu-build-system) (synopsis "Decoder of the JBIG2 image compression format") -- cgit v1.2.3