~ruther/guix-local: gnu: graphicsmagick: Update to 1.3.24 [security update].

3 files changed, 3 insertions(+), 23 deletions(-)

M gnu/local.mk
M gnu/packages/imagemagick.scm
D gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch

M gnu/local.mk => gnu/local.mk +0 -1

@@ 524,7 524,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
-  %D%/packages/patches/graphicsmagick-CVE-2016-5118.patch	\
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
   %D%/packages/patches/grub-CVE-2015-8370.patch			\
   %D%/packages/patches/grub-gets-undeclared.patch		\

M gnu/packages/imagemagick.scm => gnu/packages/imagemagick.scm +3 -3

@@ 2,6 2,7 @@
 ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;


@@ 154,16 155,15 @@ script.")
 (define-public graphicsmagick
   (package
     (name "graphicsmagick")
-    (version "1.3.23")
+    (version "1.3.24")
     (source (origin
              (method url-fetch)
              (uri (string-append "ftp://ftp.graphicsmagick.org/pub/"
                                  "GraphicsMagick/" (version-major+minor version)
                                  "/GraphicsMagick-" version ".tar.xz"))
-             (patches (search-patches "graphicsmagick-CVE-2016-5118.patch"))
              (sha256
               (base32
-               "03g6l2h8cmf231y1vma0z7x85070jm1ysgs9ppqcd3jj56jka9gx"))))
+               "1q40w5hcl8rcpszm0r7rpr3a9lj390p39zfvavkvlgxyyk7bmgsj"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags

D gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch => gnu/packages/patches/graphicsmagick-CVE-2016-5118.patch +0 -19

@@ 1,19 0,0 @@
-Fix CVE-2016-5118 (popen() shell vulnerability via filename).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5118
-
-Upstream patch copied from the bug announcement:
-http://seclists.org/oss-sec/2016/q2/432
-https://marc.info/?l=oss-security&m=146455222600609&w=2
-
-diff -r 33200fc645f6 magick/blob.c
---- a/magick/blob.c	Sat Nov 07 14:49:16 2015 -0600
-+++ b/magick/blob.c	Sun May 29 14:12:57 2016 -0500
-@@ -68,6 +68,7 @@
- */
- #define DefaultBlobQuantum  65541
- 
-+#undef HAVE_POPEN
- 
- /*
-   Enum declarations.