summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/packages/image.scm30
-rw-r--r--gnu/packages/photo.scm4
2 files changed, 31 insertions, 3 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index ef477fa6f1..fabc2fb2d1 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2017, 2019 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2015, 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015 Alex Kost <alezost@gmail.com>
@@ -1066,6 +1066,34 @@ and XMP metadata of images in various formats.")
     ;;   <https://launchpad.net/ubuntu/precise/+source/exiv2/+copyright>.
     (license license:gpl2+)))
 
+(define-public exiv2-0.26
+  (package
+    (inherit exiv2)
+    (version "0.26")
+    (source (origin
+             (method url-fetch)
+             (uri (list (string-append "https://www.exiv2.org/builds/exiv2-"
+                                       version "-trunk.tar.gz")
+                        (string-append "https://www.exiv2.org/exiv2-"
+                                       version ".tar.gz")
+                        (string-append "https://fossies.org/linux/misc/exiv2-"
+                                       version ".tar.gz")))
+             (patches (search-patches "exiv2-CVE-2017-14860.patch"
+                                      "exiv2-CVE-2017-14859-14862-14864.patch"))
+             (sha256
+              (base32
+               "1yza317qxd8yshvqnay164imm0ks7cvij8y8j86p1gqi1153qpn7"))))
+    (build-system gnu-build-system)
+    (arguments '(#:tests? #f))                    ; no `check' target
+    (propagated-inputs
+     `(("expat" ,expat)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("intltool" ,intltool)))
+
+    ;; People should rely on the newer version, so don't expose it.
+    (properties `((hidden? . #t)))))
+
 (define-public devil
   (package
     (name "devil")
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index b2e3edca18..b8ac1ea1d6 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2017, 2019 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2017 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
@@ -445,7 +445,7 @@ and enhance them.")
     (inputs
      `(("boost" ,boost)
        ("enblend-enfuse" ,enblend-enfuse)
-       ("exiv2" ,exiv2)
+       ("exiv2" ,exiv2-0.26)
        ("fftw" ,fftw)
        ("flann" ,flann)
        ("freeglut" ,freeglut)