From 8e28d22c914122aa7bfb70847370d8ae0f070688 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Tue, 16 Jun 2015 00:59:15 -0400
Subject: gnu: libtiff: Add fixes for several CVEs.

* gnu/packages/patches/libtiff-CVE-2012-4564.patch,
  gnu/packages/patches/libtiff-CVE-2013-1960.patch,
  gnu/packages/patches/libtiff-CVE-2013-1961.patch,
  gnu/packages/patches/libtiff-CVE-2013-4231.patch,
  gnu/packages/patches/libtiff-CVE-2013-4232.patch,
  gnu/packages/patches/libtiff-CVE-2013-4243.patch,
  gnu/packages/patches/libtiff-CVE-2013-4244.patch,
  gnu/packages/patches/libtiff-CVE-2014-8127-pt1.patch,
  gnu/packages/patches/libtiff-CVE-2014-8127-pt2.patch,
  gnu/packages/patches/libtiff-CVE-2014-8127-pt3.patch,
  gnu/packages/patches/libtiff-CVE-2014-8127-pt4.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt1.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt2.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt3.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt4.patch,
  gnu/packages/patches/libtiff-CVE-2014-8128-pt5.patch,
  gnu/packages/patches/libtiff-CVE-2014-8129.patch,
  gnu/packages/patches/libtiff-CVE-2014-9330.patch,
  gnu/packages/patches/libtiff-CVE-2014-9655.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/image.scm (libtiff)[source]: Add patches.
---
 gnu/packages/image.scm | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'gnu/packages/image.scm')

diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 89590cc5ad..a7483ba94a 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -112,7 +112,26 @@ (define-public libtiff
             (uri (string-append "ftp://ftp.remotesensing.org/pub/libtiff/tiff-"
                    version ".tar.gz"))
             (sha256 (base32
-                     "0wj8d1iwk9vnpax2h29xqc2hwknxg3s0ay2d5pxkg59ihbifn6pa"))))
+                     "0wj8d1iwk9vnpax2h29xqc2hwknxg3s0ay2d5pxkg59ihbifn6pa"))
+            (patches (map search-patch '("libtiff-CVE-2012-4564.patch"
+                                         "libtiff-CVE-2013-1960.patch"
+                                         "libtiff-CVE-2013-1961.patch"
+                                         "libtiff-CVE-2013-4231.patch"
+                                         "libtiff-CVE-2013-4232.patch"
+                                         "libtiff-CVE-2013-4244.patch"
+                                         "libtiff-CVE-2013-4243.patch"
+                                         "libtiff-CVE-2014-9330.patch"
+                                         "libtiff-CVE-2014-8127-pt1.patch"
+                                         "libtiff-CVE-2014-8127-pt2.patch"
+                                         "libtiff-CVE-2014-8127-pt3.patch"
+                                         "libtiff-CVE-2014-8127-pt4.patch"
+                                         "libtiff-CVE-2014-8128-pt1.patch"
+                                         "libtiff-CVE-2014-8128-pt2.patch"
+                                         "libtiff-CVE-2014-8128-pt3.patch"
+                                         "libtiff-CVE-2014-8129.patch"
+                                         "libtiff-CVE-2014-9655.patch"
+                                         "libtiff-CVE-2014-8128-pt4.patch"
+                                         "libtiff-CVE-2014-8128-pt5.patch")))))
    (build-system gnu-build-system)
    (inputs `(("zlib" ,zlib)
              ("libjpeg-8" ,libjpeg-8)))
-- 
cgit v1.2.3