gnu: cups-filters: Fix CVE-2016-{10132,10133} in statically linked mupdf.
The vulnerabilities are in the MuJS that is bundled with MuPDF. * gnu/packages/cups.scm (cups-filters)[replacement]: New field. (mupdf/fixed-instead-of-mupdf), (cups-filters/fixed): New variables.
This commit is contained in:
parent
af8c7e1014
commit
8afabb2eca
|
@ -3,6 +3,7 @@
|
||||||
;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
|
;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
|
||||||
;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
|
;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
|
||||||
|
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -51,6 +52,7 @@
|
||||||
(define-public cups-filters
|
(define-public cups-filters
|
||||||
(package
|
(package
|
||||||
(name "cups-filters")
|
(name "cups-filters")
|
||||||
|
(replacement cups-filters/fixed)
|
||||||
(version "1.13.1")
|
(version "1.13.1")
|
||||||
(source(origin
|
(source(origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
|
@ -133,6 +135,13 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
|
||||||
license:lgpl2.0+
|
license:lgpl2.0+
|
||||||
license:expat))))
|
license:expat))))
|
||||||
|
|
||||||
|
(define mupdf/fixed-instead-of-mupdf
|
||||||
|
(package-input-rewriting `((,mupdf . ,(@@ (gnu packages pdf) mupdf/fixed)))))
|
||||||
|
|
||||||
|
;;; Fix CVE-2016-10132 and CVE-2016-10133. See mupdf/fixed for more information.
|
||||||
|
(define cups-filters/fixed
|
||||||
|
(mupdf/fixed-instead-of-mupdf cups-filters))
|
||||||
|
|
||||||
;; CUPS on non-MacOS systems requires cups-filters. Since cups-filters also
|
;; CUPS on non-MacOS systems requires cups-filters. Since cups-filters also
|
||||||
;; depends on CUPS libraries and binaries, cups-minimal has been added to
|
;; depends on CUPS libraries and binaries, cups-minimal has been added to
|
||||||
;; satisfy this dependency.
|
;; satisfy this dependency.
|
||||||
|
|
Loading…
Reference in New Issue