gnu: graphicsmagick: Update to 1.3.24 [security update].
Fixes CVE-2016-{2317, 2318, 5118} and many other security issues
described in 'NEWS.txt'.
* gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/imagemagick.scm (graphicsmagick): Update to 1.3.24.
[source]: Remove patch.
This commit is contained in:
Leo Famulari
parent
151afd84dc
commit
4d93a76138
|
|
@ -524,7 +524,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
|
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
|
||||||
%D%/packages/patches/gobject-introspection-cc.patch \
|
%D%/packages/patches/gobject-introspection-cc.patch \
|
||||||
%D%/packages/patches/gobject-introspection-girepository.patch \
|
%D%/packages/patches/gobject-introspection-girepository.patch \
|
||||||
%D%/packages/patches/graphicsmagick-CVE-2016-5118.patch \
|
|
||||||
%D%/packages/patches/grep-timing-sensitive-test.patch \
|
%D%/packages/patches/grep-timing-sensitive-test.patch \
|
||||||
%D%/packages/patches/grub-CVE-2015-8370.patch \
|
%D%/packages/patches/grub-CVE-2015-8370.patch \
|
||||||
%D%/packages/patches/grub-gets-undeclared.patch \
|
%D%/packages/patches/grub-gets-undeclared.patch \
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
|
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
|
||||||
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
|
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
|
||||||
|
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
|
@ -154,16 +155,15 @@ script.")
|
||||||
(define-public graphicsmagick
|
(define-public graphicsmagick
|
||||||
(package
|
(package
|
||||||
(name "graphicsmagick")
|
(name "graphicsmagick")
|
||||||
(version "1.3.23")
|
(version "1.3.24")
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "ftp://ftp.graphicsmagick.org/pub/"
|
(uri (string-append "ftp://ftp.graphicsmagick.org/pub/"
|
||||||
"GraphicsMagick/" (version-major+minor version)
|
"GraphicsMagick/" (version-major+minor version)
|
||||||
"/GraphicsMagick-" version ".tar.xz"))
|
"/GraphicsMagick-" version ".tar.xz"))
|
||||||
(patches (search-patches "graphicsmagick-CVE-2016-5118.patch"))
|
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"03g6l2h8cmf231y1vma0z7x85070jm1ysgs9ppqcd3jj56jka9gx"))))
|
"1q40w5hcl8rcpszm0r7rpr3a9lj390p39zfvavkvlgxyyk7bmgsj"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
`(#:configure-flags
|
`(#:configure-flags
|
||||||
|
|
|
||||||
|
|
@ -1,19 +0,0 @@
|
||||||
Fix CVE-2016-5118 (popen() shell vulnerability via filename).
|
|
||||||
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
|
|
||||||
|
|
||||||
Upstream patch copied from the bug announcement:
|
|
||||||
http://seclists.org/oss-sec/2016/q2/432
|
|
||||||
https://marc.info/?l=oss-security&m=146455222600609&w=2
|
|
||||||
|
|
||||||
diff -r 33200fc645f6 magick/blob.c
|
|
||||||
--- a/magick/blob.c Sat Nov 07 14:49:16 2015 -0600
|
|
||||||
+++ b/magick/blob.c Sun May 29 14:12:57 2016 -0500
|
|
||||||
@@ -68,6 +68,7 @@
|
|
||||||
*/
|
|
||||||
#define DefaultBlobQuantum 65541
|
|
||||||
|
|
||||||
+#undef HAVE_POPEN
|
|
||||||
|
|
||||||
/*
|
|
||||||
Enum declarations.
|
|
||||||
Loading…
Reference in New Issue