summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/gnome.scm9
-rw-r--r--gnu/packages/patches/libgxps-CVE-2017-11590.patch48
3 files changed, 4 insertions, 54 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 71aa115621..1c48fd3d6e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -883,7 +883,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libgnome-encoding.patch			\
   %D%/packages/patches/libgnomeui-utf8.patch			\
   %D%/packages/patches/libgpg-error-aarch64-logging-fix.patch	\
-  %D%/packages/patches/libgxps-CVE-2017-11590.patch		\
   %D%/packages/patches/libffi-3.2.1-complex-alpha.patch		\
   %D%/packages/patches/libjxr-fix-function-signature.patch	\
   %D%/packages/patches/libjxr-fix-typos.patch			\
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 4251d5cf8f..7d2742f08d 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -397,23 +397,22 @@ access the common Google services, and has full asynchronous support.")
 (define-public libgxps
   (package
     (name "libgxps")
-    (version "0.2.5")
+    (version "0.3.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
                                   (version-major+minor version) "/"
                                   name "-" version ".tar.xz"))
-              (patches (search-patches "libgxps-CVE-2017-11590.patch"))
               (sha256
                (base32
-                "184r06s8g20cfigg7m169n42jjsc9wmzzlycr4g1fxxhr72r8x9y"))))
-    (build-system gnu-build-system)
+                "1bhgrpb6ndlp11qwr95g9piklmjcsca7bi04f8gy9ziipm1i6as1"))))
+    (build-system meson-build-system)
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("gtk+" ,gtk+)
-       ("libjpeg" ,libjpeg)
+       ("libjpeg" ,libjpeg-turbo)
        ("lcms" ,lcms)
        ("libtiff" ,libtiff)
        ("nettle" ,nettle)))
diff --git a/gnu/packages/patches/libgxps-CVE-2017-11590.patch b/gnu/packages/patches/libgxps-CVE-2017-11590.patch
deleted file mode 100644
index 9caa79b6f0..0000000000
--- a/gnu/packages/patches/libgxps-CVE-2017-11590.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Fix CVE-2017-11590:
-
-https://bugzilla.gnome.org/show_bug.cgi?id=785479
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11590
-
-Patch copied from upstream source repository:
-
-https://git.gnome.org/browse/libgxps/commit/?id=9d5d292055250ed298f3b89dc332d6db4003a031
-
-From 9d5d292055250ed298f3b89dc332d6db4003a031 Mon Sep 17 00:00:00 2001
-From: Marek Kasik <mkasik@redhat.com>
-Date: Wed, 26 Jul 2017 16:23:37 +0200
-Subject: archive: Check for pathname being NULL before dereferencing
-
-Check whether "archive_entry_pathname ()" returns a non-NULL pathname
-before using it to avoid a NULL pointer being dereferenced.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=785479
----
- libgxps/gxps-archive.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
-index acf8d7d..e763773 100644
---- a/libgxps/gxps-archive.c
-+++ b/libgxps/gxps-archive.c
-@@ -257,6 +257,7 @@ gxps_archive_initable_init (GInitable     *initable,
- 	GXPSArchive          *archive;
- 	ZipArchive           *zip;
- 	struct archive_entry *entry;
-+	const gchar          *pathname;
- 
- 	archive = GXPS_ARCHIVE (initable);
- 
-@@ -281,7 +282,9 @@ gxps_archive_initable_init (GInitable     *initable,
- 
-         while (gxps_zip_archive_iter_next (zip, &entry)) {
-                 /* FIXME: We can ignore directories here */
--                g_hash_table_add (archive->entries, g_strdup (archive_entry_pathname (entry)));
-+                pathname = archive_entry_pathname (entry);
-+                if (pathname != NULL)
-+                        g_hash_table_add (archive->entries, g_strdup (pathname));
-                 archive_read_data_skip (zip->archive);
-         }
- 
--- 
-cgit v0.12
-