|
From: | Kei Kebreau |
Subject: | bug#26804: [PATCH] gnu: libtiff: Fix CVE-2017-{7593, 7594, 7595, 7596, 7597, 7598, 7599, 7600, 7601, 7602}. |
Date: | Sat, 06 May 2017 20:11:35 -0400 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Leo Famulari <address@hidden> writes: > On Sat, May 06, 2017 at 10:45:57AM -0400, Kei Kebreau wrote: >> * gnu/packages/patches/libtiff-CVE-2017-7593.patch: New file. >> * gnu/packages/patches/libtiff-CVE-2017-7594.patch: New file. >> * gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Add them. >> * gnu/packages/image.scm (libtiff)[source]: Use them. > > Thank you! Thanks for the tips you gave. > > This change should be grafted, since ~2000 packages will be affected. > > There's a recent example of appending patches in a replacement package: > > + (source > + (origin > + (inherit (package-source libsndfile)) > + (patches > + (append > + (origin-patches (package-source libsndfile)) > + (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch" > + "libsndfile-CVE-2017-8362.patch"))))))) > > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=1c4a500aae53b8cd33d1266eb3809b859ae2555d So the attached patch would be okay to push to the master branch?
0001-gnu-libtiff-Fix-CVE-2017-7593-7594-7595-7596-7597-75.patch
Description: Text document
signature.asc
Description: PGP signature
[Prev in Thread] | Current Thread | [Next in Thread] |