From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37109) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d74rD-0003Zr-Ne for guix-patches@gnu.org; Sat, 06 May 2017 14:55:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d74r9-0002EV-1G for guix-patches@gnu.org; Sat, 06 May 2017 14:55:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60358) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1d74r8-0002EN-Tp for guix-patches@gnu.org; Sat, 06 May 2017 14:55:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1d74r8-0007co-Ig for guix-patches@gnu.org; Sat, 06 May 2017 14:55:02 -0400 Subject: bug#26804: [PATCH] gnu: libtiff: Fix CVE-2017-{7593, 7594, 7595, 7596, 7597, 7598, 7599, 7600, 7601, 7602}. Resent-Message-ID: Date: Sat, 6 May 2017 14:54:50 -0400 From: Leo Famulari Message-ID: <20170506185450.GB22485@jasmine> References: <20170506144557.28785-1-kei@openmailbox.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="St7VIuEGZ6dlpu13" Content-Disposition: inline In-Reply-To: <20170506144557.28785-1-kei@openmailbox.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Kei Kebreau Cc: 26804@debbugs.gnu.org --St7VIuEGZ6dlpu13 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, May 06, 2017 at 10:45:57AM -0400, Kei Kebreau wrote: > * gnu/packages/patches/libtiff-CVE-2017-7593.patch: New file. > * gnu/packages/patches/libtiff-CVE-2017-7594.patch: New file. > * gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add them. > * gnu/packages/image.scm (libtiff)[source]: Use them. Thank you! This change should be grafted, since ~2000 packages will be affected. There's a recent example of appending patches in a replacement package: + (source + (origin + (inherit (package-source libsndfile)) + (patches + (append + (origin-patches (package-source libsndfile)) + (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch" + "libsndfile-CVE-2017-8362.patch"))))))) https://git.savannah.gnu.org/cgit/guix.git/commit/?id=1c4a500aae53b8cd33d1266eb3809b859ae2555d --St7VIuEGZ6dlpu13 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlkOG/kACgkQJkb6MLrK fwiO7RAA1EYo6ozvR3ZBaC1HQwv873w0armmyeQJ+laOh7bTXEJh6RWwHH90Xap7 bfhdHWFhF8EhW49LHuMOFl5pflFTnmW9Losie0FkQM9w/yk2577owWuqrIFvbkkr JGkZ/e0q8QM/tAxgTmQwE4CVPTi1USBYj7+GlrDBw0v5N5tr09+DekhFqOrJcvh5 SI+zTdN7C+FEY0sfHjFT82Zn8/fK6hJmi4JJ9Q5yuyCZ8FBqm5Vk/DEnFfE5FsP/ JvJwQkV3JD9Sv5B0b5edzSmlNawVJ7Ub3x3F71lwV5liKiSkDOKuKGXk6GWh++QS z2sS7Nn+g6pBAeN6DeSQmKKvLYfjHY3zCh+hj7de3eeEqp761r8MCHYU/Ay2r/N0 e4hy5A/GO5431DD+dfqBuAXIB3F9cKlpuTa8ADB1t8pzzUa1Zo+F5GhwD8M0w7WL usXx8GMI3nWl9ZoxQXTwI+Kh+hBuNfo9DvPcXJseizAyOnReGy1lUS4BBUxQdXzr IAjJPiDR9kD+6tzHw/Gkzf5sYIw7tqrWkgAd4KcD6t/gjtpKNSFZx7e0badHRw1r y+z9f49KsxAVIiICN0ip9sGMW6Yuu29k7FsBWheX1CWMzEfSIHbd3pdGZd+ZVQSh 9I4NkGRkQ5EVbW5sWlu4wvgUIosdfA4SHp5k9MLzU4ofPvi+huM= =0PJD -----END PGP SIGNATURE----- --St7VIuEGZ6dlpu13--