gnu: libjpeg-turbo: Replace with 2.0.2 [security fixes].

This fixes CVE-2018-20330 and CVE-2018-19664.

* gnu/packages/image.scm (libjpeg-turbo)[replacement]: New field.
(libjpeg-turbo-2.0.2): New public variable.
This commit is contained in:
Marius Bakke 2019-02-16 19:55:10 +01:00
parent ec92d786be
commit 0296142087
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
1 changed files with 13 additions and 0 deletions

View File

@ -1299,6 +1299,7 @@ PNG, and performs PNG integrity checks and corrections.")
(package (package
(name "libjpeg-turbo") (name "libjpeg-turbo")
(version "2.0.1") (version "2.0.1")
(replacement libjpeg-turbo-2.0.2)
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://sourceforge/libjpeg-turbo/" (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
@ -1328,6 +1329,18 @@ and decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.).")
license:ijg ;the libjpeg library and associated tools license:ijg ;the libjpeg library and associated tools
license:zlib)))) ;the libjpeg-turbo SIMD extensions license:zlib)))) ;the libjpeg-turbo SIMD extensions
(define-public libjpeg-turbo-2.0.2
(package
(inherit libjpeg-turbo)
(version "2.0.2")
(source (origin
(inherit (package-source libjpeg-turbo))
(uri (string-append "mirror://sourceforge/libjpeg-turbo/"
version "/libjpeg-turbo-" version ".tar.gz"))
(sha256
(base32
"1v9gx1gdzgxf51nd55ncq7rghmj4x9x91rby50ag36irwngmkf5c"))))))
(define-public niftilib (define-public niftilib
(package (package
(name "niftilib") (name "niftilib")