Re: [PATCH] gnu: lcms: Update to 2.8.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: lcms: Update to 2.8.

From:	Alex Vong
Subject:	Re: [PATCH] gnu: lcms: Update to 2.8.
Date:	Sat, 11 Feb 2017 23:16:09 +0800
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Marius Bakke <address@hidden> writes:

> Alex Vong <address@hidden> writes:
>
>> Hi,
>>
>> This patch update lcms to 2.8:
>
> Thank you for this!
>
Thanks for the review too!

>> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
>> fixed has been assigned CVE-2016-10165 according to [0], should we
>> change the name of the patch?
>>
>> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
>
> Good catch. Would you like to do it?
>
> Could you submit this patch against the 'core-updates' branch? LCMS
> causes ~1800 rebuilds which is too much for 'master'. The CVE patch has
> also been 'un-grafted' in core-updates, so the context will be slightly
> different. TIA!

Sure, the patches are here:

From 22b5a7941975d7b1377c65aa096506c38b4efdf8 Mon Sep 17 00:00:00 2001
From: Alex Vong <address@hidden>
Date: Sat, 11 Feb 2017 22:45:38 +0800
Subject: [PATCH 1/2] gnu: lcms: Update to 2.8.

* gnu/packages/ghostscript.scm (lcms): Update to 2.8.
---
 gnu/packages/ghostscript.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index dcbed69e3..4b8e62348 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <address@hidden>
 ;;; Copyright © 2015 Ricardo Wurmus <address@hidden>
 ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <address@hidden>
+;;; Copyright © 2017 Alex Vong <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,14 +40,14 @@
 (define-public lcms
   (package
    (name "lcms")
-   (version "2.6")
+   (version "2.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/lcms/lcms/" version
                                 "/lcms2-" version ".tar.gz"))
             (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
             (sha256 (base32
-                     "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
+                     "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
    (build-system gnu-build-system)
    (inputs `(("libjpeg-8" ,libjpeg-8)
              ("libtiff" ,libtiff)
-- 
2.11.1

0002-gnu-lcms-Mention-CVE-2016-10165.patch
Description: lcms

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] gnu: lcms: Update to 2.8., Alex Vong, 2017/02/09
- Re: [PATCH] gnu: lcms: Update to 2.8., Marius Bakke, 2017/02/09
  - Re: [PATCH] gnu: lcms: Update to 2.8., Alex Vong <=
    - Re: [PATCH] gnu: lcms: Update to 2.8., Marius Bakke, 2017/02/12

Prev by Date: Re: Add murmur.
Next by Date: Re: [PATCH 5/6] gnu: gcc: Force Aarch64 to use /lib.
Previous by thread: Re: [PATCH] gnu: lcms: Update to 2.8.
Next by thread: Re: [PATCH] gnu: lcms: Update to 2.8.
Index(es):
- Date
- Thread