gnu: gdk-pixbuf: Replace with 2.36.10.
Fixes CVE-2017-2862, CVE-2017-2870 and CVE-2017-6311. * gnu/packages/gtk.scm (gdk-pixbuf, gdk-pixbuf+svg)[replacement]: New field. (gdk-pixbuf-2.36.10, gdk-pixbuf+svg-2.36.10): New variables.master
parent
dc4ffa6766
commit
ad472397bc
|
@ -427,6 +427,7 @@ highlighting and other features typical of a source code editor.")
|
|||
(define-public gdk-pixbuf
|
||||
(package
|
||||
(name "gdk-pixbuf")
|
||||
(replacement gdk-pixbuf-2.36.10)
|
||||
(version "2.36.6")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
|
@ -483,6 +484,7 @@ in the GNOME project.")
|
|||
(define-public gdk-pixbuf+svg
|
||||
(package (inherit gdk-pixbuf)
|
||||
(name "gdk-pixbuf+svg")
|
||||
(replacement gdk-pixbuf+svg-2.36.10)
|
||||
(inputs
|
||||
`(("librsvg" ,librsvg)
|
||||
,@(package-inputs gdk-pixbuf)))
|
||||
|
@ -506,6 +508,26 @@ in the GNOME project.")
|
|||
(synopsis
|
||||
"GNOME image loading and manipulation library, with SVG support")))
|
||||
|
||||
;; Graft replacement packages to fix these vulnerabilities.
|
||||
;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862
|
||||
;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870
|
||||
;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311
|
||||
(define-public gdk-pixbuf-2.36.10
|
||||
(package (inherit gdk-pixbuf)
|
||||
(version "2.36.A")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://gnome/sources/gdk-pixbuf/2.36/"
|
||||
"gdk-pixbuf-2.36.10.tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"1klsjkdbashd8yb8xjsc9ff3bz32n2id5s79nrrmqiw9df4zmxpq"))))))
|
||||
|
||||
(define-public gdk-pixbuf+svg-2.36.10
|
||||
(package (inherit gdk-pixbuf+svg)
|
||||
(version "2.36.A")
|
||||
(source (origin (inherit (package-source gdk-pixbuf-2.36.10))))))
|
||||
|
||||
(define-public at-spi2-core
|
||||
(package
|
||||
(name "at-spi2-core")
|
||||
|
|
Reference in New Issue