all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [PATCH] gnu: lcms: Update to 2.8.
@ 2017-02-09 12:00 Alex Vong
  2017-02-09 14:13 ` Marius Bakke
  0 siblings, 1 reply; 4+ messages in thread
From: Alex Vong @ 2017-02-09 12:00 UTC (permalink / raw)
  To: guix-devel


[-- Attachment #1.1: Type: text/plain, Size: 37 bytes --]

Hi,

This patch update lcms to 2.8:


[-- Attachment #1.2: 0001-gnu-lcms-Update-to-2.8.patch --]
[-- Type: text/x-diff, Size: 1493 bytes --]

From 5f70defc2a1867aa557d5ddc5fbae9456df035df Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Thu, 9 Feb 2017 19:48:14 +0800
Subject: [PATCH] gnu: lcms: Update to 2.8.

* gnu/packages/ghostscript.scm (lcms): Update to 2.8.
---
 gnu/packages/ghostscript.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index a00448a8c..c64b76c4b 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -40,13 +41,13 @@
   (package
    (name "lcms")
    (replacement lcms/fixed)
-   (version "2.6")
+   (version "2.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/lcms/lcms/" version
                                 "/lcms2-" version ".tar.gz"))
             (sha256 (base32
-                     "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
+                     "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
    (build-system gnu-build-system)
    (inputs `(("libjpeg-8" ,libjpeg-8)
              ("libtiff" ,libtiff)
-- 
2.11.1


[-- Attachment #1.3: Type: text/plain, Size: 241 bytes --]


Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
fixed has been assigned CVE-2016-10165 according to [0], should we
change the name of the patch?

[0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357

Cheers,
Alex

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] gnu: lcms: Update to 2.8.
  2017-02-09 12:00 [PATCH] gnu: lcms: Update to 2.8 Alex Vong
@ 2017-02-09 14:13 ` Marius Bakke
  2017-02-11 15:16   ` Alex Vong
  0 siblings, 1 reply; 4+ messages in thread
From: Marius Bakke @ 2017-02-09 14:13 UTC (permalink / raw)
  To: Alex Vong, guix-devel

[-- Attachment #1: Type: text/plain, Size: 609 bytes --]

Alex Vong <alexvong1995@gmail.com> writes:

> Hi,
>
> This patch update lcms to 2.8:

Thank you for this!

> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
> fixed has been assigned CVE-2016-10165 according to [0], should we
> change the name of the patch?
>
> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357

Good catch. Would you like to do it?

Could you submit this patch against the 'core-updates' branch? LCMS
causes ~1800 rebuilds which is too much for 'master'. The CVE patch has
also been 'un-grafted' in core-updates, so the context will be slightly
different. TIA!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] gnu: lcms: Update to 2.8.
  2017-02-09 14:13 ` Marius Bakke
@ 2017-02-11 15:16   ` Alex Vong
  2017-02-12 21:32     ` Marius Bakke
  0 siblings, 1 reply; 4+ messages in thread
From: Alex Vong @ 2017-02-11 15:16 UTC (permalink / raw)
  To: Marius Bakke; +Cc: guix-devel


[-- Attachment #1.1: Type: text/plain, Size: 738 bytes --]

Marius Bakke <mbakke@fastmail.com> writes:

> Alex Vong <alexvong1995@gmail.com> writes:
>
>> Hi,
>>
>> This patch update lcms to 2.8:
>
> Thank you for this!
>
Thanks for the review too!

>> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
>> fixed has been assigned CVE-2016-10165 according to [0], should we
>> change the name of the patch?
>>
>> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
>
> Good catch. Would you like to do it?
>
> Could you submit this patch against the 'core-updates' branch? LCMS
> causes ~1800 rebuilds which is too much for 'master'. The CVE patch has
> also been 'un-grafted' in core-updates, so the context will be slightly
> different. TIA!

Sure, the patches are here:


[-- Attachment #1.2: 0001-gnu-lcms-Update-to-2.8.patch --]
[-- Type: text/x-diff, Size: 1567 bytes --]

From 22b5a7941975d7b1377c65aa096506c38b4efdf8 Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Sat, 11 Feb 2017 22:45:38 +0800
Subject: [PATCH 1/2] gnu: lcms: Update to 2.8.

* gnu/packages/ghostscript.scm (lcms): Update to 2.8.
---
 gnu/packages/ghostscript.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index dcbed69e3..4b8e62348 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,14 +40,14 @@
 (define-public lcms
   (package
    (name "lcms")
-   (version "2.6")
+   (version "2.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/lcms/lcms/" version
                                 "/lcms2-" version ".tar.gz"))
             (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
             (sha256 (base32
-                     "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
+                     "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
    (build-system gnu-build-system)
    (inputs `(("libjpeg-8" ,libjpeg-8)
              ("libtiff" ,libtiff)
-- 
2.11.1


[-- Attachment #1.3: 0002-gnu-lcms-Mention-CVE-2016-10165.patch --]
[-- Type: lcms, Size: 3323 bytes --]

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] gnu: lcms: Update to 2.8.
  2017-02-11 15:16   ` Alex Vong
@ 2017-02-12 21:32     ` Marius Bakke
  0 siblings, 0 replies; 4+ messages in thread
From: Marius Bakke @ 2017-02-12 21:32 UTC (permalink / raw)
  To: Alex Vong; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 628 bytes --]

Alex Vong <alexvong1995@gmail.com> writes:

>>> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
>>> fixed has been assigned CVE-2016-10165 according to [0], should we
>>> change the name of the patch?
>>>
>>> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
>>
>> Good catch. Would you like to do it?
>>
>> Could you submit this patch against the 'core-updates' branch? LCMS
>> causes ~1800 rebuilds which is too much for 'master'. The CVE patch has
>> also been 'un-grafted' in core-updates, so the context will be slightly
>> different. TIA!
>
> Sure, the patches are here:

Applied, thank you!

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-02-12 21:33 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-09 12:00 [PATCH] gnu: lcms: Update to 2.8 Alex Vong
2017-02-09 14:13 ` Marius Bakke
2017-02-11 15:16   ` Alex Vong
2017-02-12 21:32     ` Marius Bakke

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.