aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-11-16 09:50:33 +0100
committerLudovic Courtès <ludo@gnu.org>2015-11-16 09:51:44 +0100
commit1b076e630f4a7245d14634b047e1d1a91ee2659e (patch)
tree04ae4cc4d5d2efb1628c69fa7426014aad91e031
parentb6bbebbcab34267aaae7dba8170ae453e68c37db (diff)
downloadguix-1b076e630f4a7245d14634b047e1d1a91ee2659e.tar.gz
guix-1b076e630f4a7245d14634b047e1d1a91ee2659e.zip
gnu: libpng: Use 1.5.24 as a replacement [fixes CVE-2015-8126].
Reported by Leo Famulari <leo@famulari.name>. * gnu/packages/image.scm (libpng-urls): New procedure. (libpng)[source]: Use it. [replacement]: New field. (libpng-1.5.24): New variable.
-rw-r--r--gnu/packages/image.scm29
1 files changed, 22 insertions, 7 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index bde327cf91..b7b8eac24b 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -46,23 +46,28 @@
#:use-module (guix build-system cmake)
#:use-module (srfi srfi-1))
+(define (libpng-urls version)
+ "Return a list of URLs for libpng VERSION."
+ ;; Note: upstream removes older tarballs.
+ (list (string-append "mirror://sourceforge/libpng/libpng15/"
+ version "/libpng-" version ".tar.xz")
+ (string-append
+ "ftp://ftp.simplesystems.org/pub/libpng/png/src"
+ "/libpng15/libpng-" version ".tar.xz")))
+
(define-public libpng
(package
(name "libpng")
(version "1.5.21")
(source (origin
(method url-fetch)
-
- ;; Note: upstream removes older tarballs.
- (uri (list (string-append "mirror://sourceforge/libpng/libpng15/"
- version "/libpng-" version ".tar.xz")
- (string-append
- "ftp://ftp.simplesystems.org/pub/libpng/png/src"
- "/libpng15/libpng-" version ".tar.xz")))
+ (uri (libpng-urls version))
(sha256
(base32 "19yvzw6sf9gf7v25ha9bla8bw1nijh82wj8ag6brjj3hpij1q5dm"))))
(build-system gnu-build-system)
+ (replacement libpng-1.5.24) ;CVE-2015-8126
+
;; libpng.la says "-lz", so propagate it.
(propagated-inputs `(("zlib" ,zlib)))
@@ -73,6 +78,16 @@ library. It supports almost all PNG features and is extensible.")
(license license:zlib)
(home-page "http://www.libpng.org/pub/png/libpng.html")))
+(define libpng-1.5.24
+ (package
+ (inherit libpng)
+ (source (origin
+ (method url-fetch)
+ (uri (libpng-urls "1.5.24"))
+ (sha256
+ (base32
+ "1qhvfk1ypsaf6q6xkspyqqzmghpbahhq54ms8fa5ssqkyds38bmr"))))))
+
(define-public libjpeg
(package
(name "libjpeg")