summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2020-08-03 16:25:55 -0400
committerMark H Weaver <mhw@netris.org>2020-08-03 17:10:33 -0400
commit4fe1b2e69ee29f707b1b33957c570b515928c783 (patch)
tree522ee2e45648b94dad2bf9c6efc6aab2c4b8273b
parent3883fad295f3e3c387fe3fa540e8a1613cedd9bc (diff)
downloadguix-4fe1b2e69ee29f707b1b33957c570b515928c783.tar.gz
gnu: libjpeg-turbo: Replace with 2.0.5 [fixes CVE-2020-13790].
* gnu/packages/image.scm (libjpeg-turbo/fixed): New variable.
(libjpeg-turbo)[replacement]: New field.
-rw-r--r--gnu/packages/image.scm13
1 files changed, 13 insertions, 0 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 20dcfe1cf1..4d443f820f 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1580,6 +1580,7 @@ is hereby granted."))))
   (package
     (name "libjpeg-turbo")
     (version "2.0.4")
+    (replacement libjpeg-turbo/fixed)
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
@@ -1636,6 +1637,18 @@ and decompress to 32-bit and big-endian pixel buffers (RGBX, XBGR, etc.).")
                    license:ijg          ;the libjpeg library and associated tools
                    license:zlib))))     ;the libjpeg-turbo SIMD extensions
 
+(define libjpeg-turbo/fixed
+  (package
+    (inherit libjpeg-turbo)
+    (version "2.0.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
+                                  version "/libjpeg-turbo-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0pbv6pc97kbj7ib31qcwi7lnmm9xg5y3b11aasmkhfjvf7rgdy0n"))))))
+
 (define-deprecated libjpeg libjpeg-turbo)
 (export libjpeg)