~ruther/guix-local: gnu: cups-filters: Fix CVE-2016-{10132,10133} in statically linked mupdf.

8afabb2eca954af6fbba8c6ae37e8f0bc3047840 — Leo Famulari 9 years ago af8c7e1

gnu: cups-filters: Fix CVE-2016-{10132,10133} in statically linked mupdf.

The vulnerabilities are in the MuJS that is bundled with MuPDF.

* gnu/packages/cups.scm (cups-filters)[replacement]: New field.
(mupdf/fixed-instead-of-mupdf), (cups-filters/fixed): New variables.

patch browse .tar.gz

1 files changed, 9 insertions(+), 0 deletions(-)

M gnu/packages/cups.scm

M gnu/packages/cups.scm => gnu/packages/cups.scm +9 -0

@@ 3,6 3,7 @@
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;


@@ 51,6 52,7 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
+    (replacement cups-filters/fixed)
     (version "1.13.1")
     (source(origin
               (method url-fetch)


@@ 133,6 135,13 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
                    license:lgpl2.0+
                    license:expat))))
 
+(define mupdf/fixed-instead-of-mupdf
+  (package-input-rewriting `((,mupdf . ,(@@ (gnu packages pdf) mupdf/fixed)))))
+
+;;; Fix CVE-2016-10132 and CVE-2016-10133. See mupdf/fixed for more information.
+(define cups-filters/fixed
+  (mupdf/fixed-instead-of-mupdf cups-filters))
+
 ;; CUPS on non-MacOS systems requires cups-filters.  Since cups-filters also
 ;; depends on CUPS libraries and binaries, cups-minimal has been added to
 ;; satisfy this dependency.