* [PATCH] gnu: lcms: Update to 2.8.
@ 2017-02-09 12:00 Alex Vong
2017-02-09 14:13 ` Marius Bakke
0 siblings, 1 reply; 4+ messages in thread
From: Alex Vong @ 2017-02-09 12:00 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1.1: Type: text/plain, Size: 37 bytes --]
Hi,
This patch update lcms to 2.8:
[-- Attachment #1.2: 0001-gnu-lcms-Update-to-2.8.patch --]
[-- Type: text/x-diff, Size: 1493 bytes --]
From 5f70defc2a1867aa557d5ddc5fbae9456df035df Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Thu, 9 Feb 2017 19:48:14 +0800
Subject: [PATCH] gnu: lcms: Update to 2.8.
* gnu/packages/ghostscript.scm (lcms): Update to 2.8.
---
gnu/packages/ghostscript.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index a00448a8c..c64b76c4b 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -40,13 +41,13 @@
(package
(name "lcms")
(replacement lcms/fixed)
- (version "2.6")
+ (version "2.8")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/lcms/lcms/" version
"/lcms2-" version ".tar.gz"))
(sha256 (base32
- "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
+ "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
(build-system gnu-build-system)
(inputs `(("libjpeg-8" ,libjpeg-8)
("libtiff" ,libtiff)
--
2.11.1
[-- Attachment #1.3: Type: text/plain, Size: 241 bytes --]
Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
fixed has been assigned CVE-2016-10165 according to [0], should we
change the name of the patch?
[0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
Cheers,
Alex
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] gnu: lcms: Update to 2.8.
2017-02-09 12:00 [PATCH] gnu: lcms: Update to 2.8 Alex Vong
@ 2017-02-09 14:13 ` Marius Bakke
2017-02-11 15:16 ` Alex Vong
0 siblings, 1 reply; 4+ messages in thread
From: Marius Bakke @ 2017-02-09 14:13 UTC (permalink / raw)
To: Alex Vong, guix-devel
[-- Attachment #1: Type: text/plain, Size: 609 bytes --]
Alex Vong <alexvong1995@gmail.com> writes:
> Hi,
>
> This patch update lcms to 2.8:
Thank you for this!
> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
> fixed has been assigned CVE-2016-10165 according to [0], should we
> change the name of the patch?
>
> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
Good catch. Would you like to do it?
Could you submit this patch against the 'core-updates' branch? LCMS
causes ~1800 rebuilds which is too much for 'master'. The CVE patch has
also been 'un-grafted' in core-updates, so the context will be slightly
different. TIA!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] gnu: lcms: Update to 2.8.
2017-02-09 14:13 ` Marius Bakke
@ 2017-02-11 15:16 ` Alex Vong
2017-02-12 21:32 ` Marius Bakke
0 siblings, 1 reply; 4+ messages in thread
From: Alex Vong @ 2017-02-11 15:16 UTC (permalink / raw)
To: Marius Bakke; +Cc: guix-devel
[-- Attachment #1.1: Type: text/plain, Size: 738 bytes --]
Marius Bakke <mbakke@fastmail.com> writes:
> Alex Vong <alexvong1995@gmail.com> writes:
>
>> Hi,
>>
>> This patch update lcms to 2.8:
>
> Thank you for this!
>
Thanks for the review too!
>> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
>> fixed has been assigned CVE-2016-10165 according to [0], should we
>> change the name of the patch?
>>
>> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
>
> Good catch. Would you like to do it?
>
> Could you submit this patch against the 'core-updates' branch? LCMS
> causes ~1800 rebuilds which is too much for 'master'. The CVE patch has
> also been 'un-grafted' in core-updates, so the context will be slightly
> different. TIA!
Sure, the patches are here:
[-- Attachment #1.2: 0001-gnu-lcms-Update-to-2.8.patch --]
[-- Type: text/x-diff, Size: 1567 bytes --]
From 22b5a7941975d7b1377c65aa096506c38b4efdf8 Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Sat, 11 Feb 2017 22:45:38 +0800
Subject: [PATCH 1/2] gnu: lcms: Update to 2.8.
* gnu/packages/ghostscript.scm (lcms): Update to 2.8.
---
gnu/packages/ghostscript.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index dcbed69e3..4b8e62348 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -39,14 +40,14 @@
(define-public lcms
(package
(name "lcms")
- (version "2.6")
+ (version "2.8")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/lcms/lcms/" version
"/lcms2-" version ".tar.gz"))
(patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
(sha256 (base32
- "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
+ "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
(build-system gnu-build-system)
(inputs `(("libjpeg-8" ,libjpeg-8)
("libtiff" ,libtiff)
--
2.11.1
[-- Attachment #1.3: 0002-gnu-lcms-Mention-CVE-2016-10165.patch --]
[-- Type: lcms, Size: 3323 bytes --]
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-02-12 21:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-09 12:00 [PATCH] gnu: lcms: Update to 2.8 Alex Vong
2017-02-09 14:13 ` Marius Bakke
2017-02-11 15:16 ` Alex Vong
2017-02-12 21:32 ` Marius Bakke
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).