Leo Famulari writes: > On Thu, Jul 06, 2017 at 07:40:38PM -0400, Leo Famulari wrote: >> On Fri, Jul 07, 2017 at 06:31:36AM +0800, Alex Vong wrote: >> > * gnu/packages/patches/libtiff-CVE-2017-9936.patch, >> > gnu/packages/patches/libtiff-CVE-2017-10688.patch: New files. >> > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Add patches. >> > * gnu/local.mk (dist_patch_DATA): Add them. >> >> > +Patch lifted from upstream source repository (the changes to 'ChangeLog' >> > +don't apply to the libtiff 4.0.8 release tarball): >> > + >> > +https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 >> >> This is actually not the upstream source repository. It's a 3rd party >> unofficial mirror. >> Ahhh, I blindly used the links from debian security tracker. Should have been more careful. I wonder why they use links from an unofficial mirror. >> To the chagrin of young packagers everywhere, libtiff is still using >> CVS. Unless somebody beats me to it, I'll extract the patches from their >> CVS repo later tonight. > :) > I pushed this as dab536fe1ae5a8775a2b50fa50556445b6ac7818. Thanks for > getting it started Alex! You're welcomed!