From a656359de1e7d0a76414888a59c8a0a8782e875f Mon Sep 17 00:00:00 2001
From: Leo Famulari <address@hidden>
Date: Sun, 15 Jan 2017 13:38:48 -0500
Subject: [PATCH 2/2] gnu: cups-filters: Fix CVE-2016-{10132,10133} in
 statically linked mupdf.

The vulnerabilities are the MuJS that is bundled with MuPDF.

* gnu/packages/cups.scm (cups-filters)[replacement]: New field.
(cups-filters/fixed): New variable.
---
 gnu/packages/cups.scm | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index ca1695835..95d57a4f3 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015, 2016 Ludovic Courtès <address@hidden>
 ;;; Copyright © 2015, 2016 Efraim Flashner <address@hidden>
 ;;; Copyright © 2016 Danny Milosavljevic <address@hidden>
+;;; Copyright © 2017 Leo Famulari <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,6 +52,7 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
+    (replacement cups-filters/fixed)
     (version "1.13.1")
     (source(origin
               (method url-fetch)
@@ -133,6 +135,27 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
                    license:lgpl2.0+
                    license:expat))))
 
+(define cups-filters/fixed
+  (package
+    (inherit cups-filters)
+    (inputs
+     `(("avahi"        ,avahi)
+       ("fontconfig"   ,fontconfig)
+       ("freetype"     ,freetype)
+       ("font-dejavu"  ,font-dejavu) ; also needed by test suite
+       ("ghostscript"  ,(force ghostscript/cups))
+       ("ijs"          ,ijs)
+       ("dbus"         ,dbus)
+       ("lcms"         ,lcms)
+       ("libjpeg"      ,libjpeg)
+       ("libpng"       ,libpng)
+       ("libtiff"      ,libtiff)
+       ("mupdf"        ,(@@ (gnu packages pdf) mupdf/fixed))
+       ("glib"         ,glib)
+       ("qpdf"         ,qpdf)
+       ("poppler"      ,poppler)
+       ("cups-minimal" ,cups-minimal)))))
+
 ;; CUPS on non-MacOS systems requires cups-filters.  Since cups-filters also
 ;; depends on CUPS libraries and binaries, cups-minimal has been added to
 ;; satisfy this dependency.
-- 
2.11.0