all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Leo Famulari <leo@famulari.name>
To: 31322@debbugs.gnu.org
Subject: [bug#31322] [PATCH 4/6] gnu: gegl: Update to 0.4.
Date: Mon, 30 Apr 2018 16:38:36 -0400	[thread overview]
Message-ID: <fd69352670cf4198f8c62f5200b6d62c0fbde7fd.1525120717.git.leo@famulari.name> (raw)
In-Reply-To: <0a0b7de7e941986f0d1d6ce65c6ea7aaaa8d5952.1525120717.git.leo@famulari.name>
In-Reply-To: <0a0b7de7e941986f0d1d6ce65c6ea7aaaa8d5952.1525120717.git.leo@famulari.name>

* gnu/packages/gimp.scm (gegl): Update to 0.4.
[inputs]: Move babl and glib to propagated-inputs.
[propagated-inputs]: Add json-glib.
[arguments]: Re-enable the tests and remove the obsolete 'pre-build'
phase.
[source]: Use HTTPS URL.
* gnu/packages/patches/gegl-CVE-2012-4433.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                  |   1 -
 gnu/packages/gimp.scm                         |  36 ++----
 gnu/packages/patches/gegl-CVE-2012-4433.patch | 117 ------------------
 3 files changed, 9 insertions(+), 145 deletions(-)
 delete mode 100644 gnu/packages/patches/gegl-CVE-2012-4433.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index ec11b2663..78358d983 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -696,7 +696,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gd-CVE-2018-5711.patch			\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
   %D%/packages/patches/gd-freetype-test-failure.patch		\
-  %D%/packages/patches/gegl-CVE-2012-4433.patch			\
   %D%/packages/patches/gemma-intel-compat.patch			\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/ghc-8.0-fall-back-to-madv_dontneed.patch \
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index 9b63d56e0..8bd7bd845 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -77,43 +77,25 @@ provided, as well as a framework to add new color models and data types.")
 (define-public gegl
   (package
     (name "gegl")
-    (version "0.2.0")
+    (version "0.4.0")
     (source (origin
               (method url-fetch)
-              (uri (list (string-append "http://download.gimp.org/pub/gegl/"
+              (uri (list (string-append "https://download.gimp.org/pub/gegl/"
                                         (string-take version 3)
                                         "/" name "-" version ".tar.bz2")))
               (sha256
                (base32
-                "09nlv06li9nrn74ifpm7223mxpg0s7cii702z72cpbwrjh6nlbnz"))
-              (patches (search-patches "gegl-CVE-2012-4433.patch"))))
+                "1ighk4z8nlqrzyj8w97s140hzj59564l3xv6fpzbr97m1zx2nkfh"))))
     (build-system gnu-build-system)
     (arguments
-     '(;; More than just the one test disabled below now fails; disable them
-       ;; all according to the rationale given below.
-       #:tests? #f
-       #:configure-flags '("LDFLAGS=-lm")
-       #:phases
-       (modify-phases %standard-phases
-         (add-before 'build 'pre-build
-           (lambda _
-             ;; This test program seems to crash on exit. Specifically, whilst
-             ;; g_object_unreffing bufferA and bufferB - This seems to be a bug
-             ;; in the destructor.  This is just a test program so will not have
-             ;; any wider effect, although might be hiding another problem.
-             ;; According to advice received on irc.gimp.org#gegl although 0.2.0
-             ;; is the latest released version, any bug reports against it will
-             ;; be ignored.  So we are on our own.
-             (substitute* "tools/img_cmp.c"
-               (("g_object_unref \\(buffer.\\);") ""))
-
-             (substitute* "tests/compositions/Makefile"
-               (("/bin/sh") (which "sh")))
-             #t)))))
-    (inputs
+     '(#:configure-flags '("LDFLAGS=-lm")))
+    ;; These are propagated to satisfy 'gegl-0.4.pc'.
+    (propagated-inputs
      `(("babl" ,babl)
        ("glib" ,glib)
-       ("cairo" ,cairo)
+       ("json-glib" ,json-glib)))
+    (inputs
+     `(("cairo" ,cairo)
        ("pango" ,pango)
        ("libpng" ,libpng)
        ("libjpeg" ,libjpeg-8)))
diff --git a/gnu/packages/patches/gegl-CVE-2012-4433.patch b/gnu/packages/patches/gegl-CVE-2012-4433.patch
deleted file mode 100644
index 7352b78db..000000000
--- a/gnu/packages/patches/gegl-CVE-2012-4433.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From: Michael Gilbert <mgilbert@debian.org>
-Date: Mon, 9 Sep 2013 17:34:32 +0200
-Subject: Fix_CVE-2012-4433
-
-Multiple buffer overflow issues.
-
-Closes: #692435
----
- operations/external/ppm-load.c | 62 ++++++++++++++++++++++++++++++++++++------
- 1 file changed, 53 insertions(+), 9 deletions(-)
-
-diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
-index efe6d56..465096d 100644
---- a/operations/external/ppm-load.c
-+++ b/operations/external/ppm-load.c
-@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load."))
- #include "gegl-chant.h"
- #include <stdio.h>
- #include <stdlib.h>
-+#include <errno.h>
- 
- typedef enum {
-   PIXMAP_ASCII  = 51,
-@@ -44,8 +45,8 @@ typedef enum {
- 
- typedef struct {
- 	map_type   type;
--	gint       width;
--	gint       height;
-+	glong      width;
-+	glong      height;
-         gsize      numsamples; /* width * height * channels */
-         gsize      bpc;        /* bytes per channel */
- 	guchar    *data;
-@@ -82,12 +83,33 @@ ppm_load_read_header(FILE       *fp,
-       }
- 
-     /* Get Width and Height */
--    img->width  = strtol (header,&ptr,0);
--    img->height = atoi (ptr);
--    img->numsamples = img->width * img->height * CHANNEL_COUNT;
-+    errno = 0;
-+    img->width  = strtol (header,&ptr,10);
-+    if (errno)
-+      {
-+        g_warning ("Error reading width: %s", strerror(errno));
-+        return FALSE;
-+      }
-+    else if (img->width < 0)
-+      {
-+        g_warning ("Error: width is negative");
-+        return FALSE;
-+      }
-+
-+    img->height = strtol (ptr,&ptr,10);
-+    if (errno)
-+      {
-+        g_warning ("Error reading height: %s", strerror(errno));
-+        return FALSE;
-+      }
-+    else if (img->width < 0)
-+      {
-+        g_warning ("Error: height is negative");
-+        return FALSE;
-+      }
- 
-     fgets (header,MAX_CHARS_IN_ROW,fp);
--    maxval = strtol (header,&ptr,0);
-+    maxval = strtol (header,&ptr,10);
- 
-     if ((maxval != 255) && (maxval != 65535))
-       {
-@@ -109,6 +131,16 @@ ppm_load_read_header(FILE       *fp,
-       g_warning ("%s: Programmer stupidity error", G_STRLOC);
-     }
- 
-+    /* Later on, img->numsamples is multiplied with img->bpc to allocate
-+     * memory. Ensure it doesn't overflow. */
-+    if (!img->width || !img->height ||
-+        G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc)
-+      {
-+        g_warning ("Illegal width/height: %ld/%ld", img->width, img->height);
-+        return FALSE;
-+      }
-+    img->numsamples = img->width * img->height * CHANNEL_COUNT;
-+
-     return TRUE;
- }
- 
-@@ -229,12 +261,24 @@ process (GeglOperation       *operation,
-   if (!ppm_load_read_header (fp, &img))
-     goto out;
- 
--  rect.height = img.height;
--  rect.width = img.width;
--
-   /* Allocating Array Size */
-+
-+  /* Should use g_try_malloc(), but this causes crashes elsewhere because the
-+   * error signalled by returning FALSE isn't properly acted upon. Therefore
-+   * g_malloc() is used here which aborts if the requested memory size can't be
-+   * allocated causing a controlled crash. */
-   img.data = (guchar*) g_malloc (img.numsamples * img.bpc);
- 
-+  /* No-op without g_try_malloc(), see above. */
-+  if (! img.data)
-+    {
-+      g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc));
-+      goto out;
-+    }
-+
-+  rect.height = img.height;
-+  rect.width = img.width;
-+
-   switch (img.bpc)
-     {
-     case 1:
-- 
2.17.0

  parent reply	other threads:[~2018-04-30 20:39 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-30 20:37 [bug#31322] GIMP 2.10.0 update Leo Famulari
2018-04-30 20:38 ` [bug#31322] [PATCH 1/6] gnu: Add libmypaint Leo Famulari
2018-04-30 20:38   ` [bug#31322] [PATCH 2/6] gnu: Add mypaint-brushes Leo Famulari
2018-04-30 22:20     ` Marius Bakke
2018-04-30 20:38   ` [bug#31322] [PATCH 3/6] gnu: Add poppler-data Leo Famulari
2018-04-30 22:40     ` Marius Bakke
2018-05-01  0:55       ` Leo Famulari
2018-04-30 20:38   ` Leo Famulari [this message]
2018-04-30 20:38   ` [bug#31322] [PATCH 5/6] gnu: babl: Update to 0.1.46 Leo Famulari
2018-04-30 20:38   ` [bug#31322] [PATCH 6/6] gnu: gimp: Update to 2.10.0 Leo Famulari
2018-04-30 22:19   ` [bug#31322] [PATCH 1/6] gnu: Add libmypaint Marius Bakke
2018-04-30 20:45 ` [bug#31322] GIMP 2.10.0 update Leo Famulari
2018-04-30 22:44 ` Marius Bakke
2018-05-01  1:49   ` bug#31322: " Leo Famulari

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fd69352670cf4198f8c62f5200b6d62c0fbde7fd.1525120717.git.leo@famulari.name \
    --to=leo@famulari.name \
    --cc=31322@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.