Nicolas Graves via Guix-patches via writes: > This fixes CVE-2023-40032. > > * gnu/packages/image-processing.scm (vips): Update to 8.15.3. > [build-system]: Switch to meson-build-system. > [inputs]: Add glib:bin. > --- > gnu/packages/image-processing.scm | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm > index 033e006d06..1a24837ac8 100644 > --- a/gnu/packages/image-processing.scm > +++ b/gnu/packages/image-processing.scm > @@ -23,6 +23,7 @@ > ;;; Copyright © 2022 Tomasz Jeneralczyk > ;;; Copyright © 2022 Paul A. Patience > ;;; Copyright © 2023 Cairn > +;;; Copyright © 2024 Nicolas Graves > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -49,6 +50,7 @@ (define-module (gnu packages image-processing) > #:use-module (guix build-system qt) > #:use-module (guix build-system cmake) > #:use-module (guix build-system gnu) > + #:use-module (guix build-system meson) > #:use-module (guix build-system python) > #:use-module (guix build-system pyproject) > #:use-module (gnu packages) > @@ -776,16 +778,16 @@ (define-public opencv > (define-public vips > (package > (name "vips") > - (version "8.13.1") > + (version "8.15.3") > (source > (origin > (method url-fetch) > (uri (string-append > "https://github.com/libvips/libvips/releases/download/v" > - version "/vips-" version ".tar.gz")) > + version "/vips-" version ".tar.xz")) > (sha256 > - (base32 "00kp3439jcqv9l2gcjg88xzvlq8clv54z1m3x66i3chvarz7ndxd")))) > - (build-system gnu-build-system) > + (base32 "182j20dw38f1nyfx8cf7cjsr0k4nl7lfk3wm2d0ddypa6vsxj9ry")))) > + (build-system meson-build-system) > (native-inputs > (list gobject-introspection pkg-config)) > (inputs > @@ -793,6 +795,7 @@ (define-public vips > fftw > giflib > glib > + (list glib "bin") > hdf5 > imagemagick > lcms push, and add commit to fetch sources from git.