[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCHES] ImageMagick security updates without grafting
From: |
Mark H Weaver |
Subject: |
Re: [PATCHES] ImageMagick security updates without grafting |
Date: |
Tue, 30 Mar 2021 18:23:00 -0400 |
Mark H Weaver <mhw@netris.org> writes:
> Maxime Devos <maximedevos@telenet.be> writes:
>
>> guix build $PACKAGES
>> # maybe guix build $PACKAGES --no-grafts?
>> guix graph --type=references $PACKAGES
>> # ^ look in output for "imagemagick".
>
> For the record, it seems that this command gives false positives.
Sorry, I was mistaken here. That command appears to be reliable for
this purpose.
> As pointed out in <https://bugs.gnu.org/47479>, the output of that
> command suggests that 'inkscape' retains references to 'imagemagick',
> but that turns out to be false, at least on my system.
It turns out we were talking about two different versions of 'inkscape'.
I was confused by the fact that our 'inkscape' variable points to an
older version of inkscape than "inkscape" selects on the command line.
Anyway, it turns out that inkscape@1.0.2 improperly retains a reference
to its native-input 'imagemagick', but inkscape@0.92.4 does not.
See <https://bugs.gnu.org/47479> for more.
> I suppose the behavior of "guix graph" here makes sense, and is likely
> _not_ a bug, because IIUC "guix graph" does its work without requiring
> 'imagemagick' to be built,
What I wrote is true for many of the graph types supported by "guix
graph", but not when "--type=references" is passed.
Sorry for the confusion.
Mark
- [PATCHES] ImageMagick security updates without grafting, Mark H Weaver, 2021/03/27
- Re: [PATCHES] ImageMagick security updates without grafting, Maxime Devos, 2021/03/27
- Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting), Mark H Weaver, 2021/03/28
- Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting), Maxime Devos, 2021/03/29
- Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting), Ricardo Wurmus, 2021/03/29
- Re: Needed: tooling to detect references to buggy */stable packages, Ludovic Courtès, 2021/03/30