guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#26804: [PATCH] gnu: libtiff: Fix CVE-2017-{7593, 7594, 7595, 7596, 7

From: Kei Kebreau
Subject: bug#26804: [PATCH] gnu: libtiff: Fix CVE-2017-{7593, 7594, 7595, 7596, 7597, 7598, 7599, 7600, 7601, 7602}.
Date: Sat, 06 May 2017 20:11:35 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) 
Leo Famulari <address@hidden> writes:

> On Sat, May 06, 2017 at 10:45:57AM -0400, Kei Kebreau wrote:
>> * gnu/packages/patches/libtiff-CVE-2017-7593.patch: New file.
>> * gnu/packages/patches/libtiff-CVE-2017-7594.patch: New file.
>> * gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add them.
>> * gnu/packages/image.scm (libtiff)[source]: Use them.
>
> Thank you!

Thanks for the tips you gave.

>
> This change should be grafted, since ~2000 packages will be affected.
>
> There's a recent example of appending patches in a replacement package:
>
> +    (source
> +      (origin
> +        (inherit (package-source libsndfile))
> +        (patches
> +          (append
> +            (origin-patches (package-source libsndfile))
> +            (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
> +                            "libsndfile-CVE-2017-8362.patch")))))))
>
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=1c4a500aae53b8cd33d1266eb3809b859ae2555d

So the attached patch would be okay to push to the master branch?

Attachment: 0001-gnu-libtiff-Fix-CVE-2017-7593-7594-7595-7596-7597-75.patch
Description: Text document

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]