summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2022-03-28 00:03:35 -0400
committerLeo Famulari <leo@famulari.name>2023-01-04 12:54:39 -0500
commitc2c93abd18c37f438006cded8124ff0a32a0e4a7 (patch)
tree25c71001c018e9e0a49a6cd85e0c5e19af969657
parent5fd9d3ba82faddf8393027655d4a10a1562dac47 (diff)
downloadguix-c2c93abd18c37f438006cded8124ff0a32a0e4a7.tar.gz
gnu: zlib: Update to 1.2.12 [fixes CVE-2018-25032].
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://seclists.org/oss-sec/2022/q1/191

* gnu/packages/compression.scm (zlib)[replacement]: New field.
(zlib-1.2.12): New variable.
-rw-r--r--gnu/packages/compression.scm16
1 files changed, 16 insertions, 0 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 82b93e23b2..223283eeb4 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -103,6 +103,7 @@
 (define-public zlib
   (package
     (name "zlib")
+    (replacement zlib-1.2.12)
     (version "1.2.11")
     (source
      (origin
@@ -164,6 +165,21 @@ independent of the input data and can be reduced, if necessary, at some cost
 in compression.")
     (license license:zlib)))
 
+(define-public zlib-1.2.12
+  (package
+    (inherit zlib)
+    (version "1.2.12")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (list (string-append "http://zlib.net/zlib-"
+                                 version ".tar.gz")
+                 (string-append "mirror://sourceforge/libpng/zlib/"
+                                version "/zlib-" version ".tar.gz")))
+      (sha256
+       (base32
+        "1n9na4fq4wagw1nzsfjr6wyly960jfa94460ncbf6p1fac44i14i"))))))
+
 (define-public minizip
   (package
     (name "minizip")