GNU bug report logs -
#26804
[PATCH] gnu: libtiff: Fix CVE-2017-{7593, 7594, 7595, 7596, 7597, 7598, 7599, 7600, 7601, 7602}.
Previous Next
Reported by: Kei Kebreau <kei <at> openmailbox.org>
Date: Sat, 6 May 2017 14:47:01 UTC
Severity: normal
Tags: patch
Done: Kei Kebreau <kei <at> openmailbox.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Leo Famulari <leo <at> famulari.name> writes:
> On Sat, May 06, 2017 at 10:45:57AM -0400, Kei Kebreau wrote:
>> * gnu/packages/patches/libtiff-CVE-2017-7593.patch: New file.
>> * gnu/packages/patches/libtiff-CVE-2017-7594.patch: New file.
>> * gnu/packages/patches/libtiff-multiple-UBSAN-crashes.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Add them.
>> * gnu/packages/image.scm (libtiff)[source]: Use them.
>
> Thank you!
Thanks for the tips you gave.
>
> This change should be grafted, since ~2000 packages will be affected.
>
> There's a recent example of appending patches in a replacement package:
>
> + (source
> + (origin
> + (inherit (package-source libsndfile))
> + (patches
> + (append
> + (origin-patches (package-source libsndfile))
> + (search-patches "libsndfile-CVE-2017-8361-8363-8365.patch"
> + "libsndfile-CVE-2017-8362.patch")))))))
>
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=1c4a500aae53b8cd33d1266eb3809b859ae2555d
So the attached patch would be okay to push to the master branch?
[0001-gnu-libtiff-Fix-CVE-2017-7593-7594-7595-7596-7597-75.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 8 years and 103 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.