summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-11-18 17:47:17 -0500
committerMark H Weaver <mhw@netris.org>2015-11-18 17:47:17 -0500
commit21ef9843e4d0ea665acd2070ef589c3c4d0bd1b0 (patch)
treed50e758d4a7101353b3d4d691d8ba948b32c08b8
parentc797fabe79619832ec1189294b2bc22397c54457 (diff)
downloadguix-21ef9843e4d0ea665acd2070ef589c3c4d0bd1b0.tar.gz
Revert "gnu: libpng: Use 1.5.24 as a replacement [fixes CVE-2015-8126]."
This reverts commit 1b076e630f4a7245d14634b047e1d1a91ee2659e.
-rw-r--r--gnu/packages/image.scm29
1 files changed, 7 insertions, 22 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 979d144ca4..1577bccfd0 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -47,28 +47,23 @@
   #:use-module (guix build-system cmake)
   #:use-module (srfi srfi-1))
 
-(define (libpng-urls version)
-  "Return a list of URLs for libpng VERSION."
-  ;; Note: upstream removes older tarballs.
-  (list (string-append "mirror://sourceforge/libpng/libpng15/"
-                       version "/libpng-" version ".tar.xz")
-        (string-append
-         "ftp://ftp.simplesystems.org/pub/libpng/png/src"
-         "/libpng15/libpng-" version ".tar.xz")))
-
 (define-public libpng
   (package
    (name "libpng")
    (version "1.5.21")
    (source (origin
             (method url-fetch)
-            (uri (libpng-urls version))
+
+            ;; Note: upstream removes older tarballs.
+            (uri (list (string-append "mirror://sourceforge/libpng/libpng15/"
+                                      version "/libpng-" version ".tar.xz")
+                       (string-append
+                        "ftp://ftp.simplesystems.org/pub/libpng/png/src"
+                        "/libpng15/libpng-" version ".tar.xz")))
             (sha256
              (base32 "19yvzw6sf9gf7v25ha9bla8bw1nijh82wj8ag6brjj3hpij1q5dm"))))
    (build-system gnu-build-system)
 
-   (replacement libpng-1.5.24)                    ;CVE-2015-8126
-
    ;; libpng.la says "-lz", so propagate it.
    (propagated-inputs `(("zlib" ,zlib)))
 
@@ -79,16 +74,6 @@ library.  It supports almost all PNG features and is extensible.")
    (license license:zlib)
    (home-page "http://www.libpng.org/pub/png/libpng.html")))
 
-(define libpng-1.5.24
-  (package
-    (inherit libpng)
-    (source (origin
-              (method url-fetch)
-              (uri (libpng-urls "1.5.24"))
-              (sha256
-               (base32
-                "1qhvfk1ypsaf6q6xkspyqqzmghpbahhq54ms8fa5ssqkyds38bmr"))))))
-
 (define-public libjpeg
   (package
    (name "libjpeg")