From a6cd85742dd2254bc9ea3744fd47e4465203113c Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sat, 10 Dec 2016 20:59:19 +0200 Subject: gnu: jasper: Update to 2.0.6. * gnu/packages/image.scm (jasper): Update to 2.0.6. --- gnu/packages/image.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 35abe9e911..36c07cb9bc 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -879,14 +879,14 @@ convert, manipulate, filter and display a wide variety of image formats.") (define-public jasper (package (name "jasper") - (version "2.0.0") + (version "2.0.6") (source (origin (method url-fetch) (uri (string-append "https://www.ece.uvic.ca/~frodo/jasper" "/software/jasper-" version ".tar.gz")) (sha256 (base32 - "1kg5yrdwgazhbczybyx4548m0ijssabcp8hl5l87w78z833vikks")))) + "0g6fl8rrbspa9vpswixmpxrg71l19kqgc2b5cak7vmwxphj01wbk")))) (build-system cmake-build-system) (inputs `(("libjpeg" ,libjpeg))) (synopsis "JPEG-2000 library") -- cgit v1.2.3 From a304b6c362dcfadfaa2cfe2a67f5e948f247fd51 Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Sat, 10 Dec 2016 21:45:29 +0200 Subject: gnu: openjpeg: Add fixes for CVE-2016-{9850,9851}. * gnu/packages/image.scm (openjpeg)[replacement]: New field. (openjpeg/fixed): New variable, patch against CVE-2016-9850, CVE-2016-9851. * gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. --- gnu/packages/image.scm | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 36c07cb9bc..b9669ce177 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -444,6 +444,7 @@ work.") (define-public openjpeg (package (name "openjpeg") + (replacement openjpeg/fixed) (version "2.1.1") (source (origin @@ -480,9 +481,21 @@ error-resilience, a Java-viewer for j2k-images, ...") (home-page "https://github.com/uclouvain/openjpeg") (license license:bsd-2))) +(define openjpeg/fixed + (package + (inherit openjpeg) + (source + (origin + (inherit (package-source openjpeg)) + (patches + (append + (origin-patches (package-source openjpeg)) + (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"))))))) + (define-public openjpeg-1 (package (inherit openjpeg) (name "openjpeg") + (replacement #f) (version "1.5.2") (source (origin -- cgit v1.2.3