[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/05: gnu: libpng: Replace with 1.6.37 [security fixes].
|
From: |
guix-commits |
|
Subject: |
02/05: gnu: libpng: Replace with 1.6.37 [security fixes]. |
|
Date: |
Tue, 23 Apr 2019 13:45:01 -0400 (EDT) |
mbakke pushed a commit to branch master
in repository guix.
commit a18581a02da0b5ca1c99f2114129513cdf5fa05d
Author: Marius Bakke <address@hidden>
Date: Wed Apr 17 22:36:47 2019 +0200
gnu: libpng: Replace with 1.6.37 [security fixes].
This fixes CVE-2018-14048, CVE-2018-14550, and CVE-2019-7317.
* gnu/packages/image.scm (libpng)[replacement]: New field.
(libpng-1.6.37): New public variable.
---
gnu/packages/image.scm | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 4010fd0..4443e1c 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -87,6 +87,7 @@
(package
(name "libpng")
(version "1.6.34")
+ (replacement libpng-1.6.37)
(source (origin
(method url-fetch)
(uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
@@ -112,6 +113,25 @@ library. It supports almost all PNG features and is
extensible.")
(license license:zlib)
(home-page "http://www.libpng.org/pub/png/libpng.html";)))
+;; This graft exists to fix CVE-2018-14048, CVE-2018-14550, and CVE-2019-7317.
+(define-public libpng-1.6.37
+ (package
+ (inherit libpng)
+ (version "1.6.37")
+ (source (origin
+ (method url-fetch)
+ (uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
+ version "/libpng-" version ".tar.xz")
+ (string-append
+ "ftp://ftp.simplesystems.org/pub/libpng/png/src";
+ "/libpng16/libpng-" version ".tar.xz")
+ (string-append
+
"ftp://ftp.simplesystems.org/pub/libpng/png/src/history";
+ "/libpng16/libpng-" version ".tar.xz")))
+ (sha256
+ (base32
+ "1jl8in381z0128vgxnvn33nln6hzckl7l7j9nqvkaf1m9n1p0pjh"))))))
+
;; libpng-apng should be updated when the APNG patch is released:
;; <https://bugs.gnu.org/27556>
(define-public libpng-apng