GNU bug report logs - #49357
[PATCH] gnu darktable update to 3.6.0

Previous Next

Package: guix-patches;

Reported by: John Kehayias <john.kehayias <at> protonmail.com>

Date: Sat, 3 Jul 2021 16:18:02 UTC

Severity: normal

Tags: patch

Done: Nicolas Goaziou <mail <at> nicolasgoaziou.fr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Vinicius Monego <monego <at> posteo.net>
To: 49357 <at> debbugs.gnu.org
Subject: [bug#49357] [PATCH] gnu darktable update to 3.6.0
Date: Tue, 06 Jul 2021 00:03:33 +0000

> It seems like moving to openexr 3 should be done to address security
> issues: https://issues.guix.gnu.org/47509This looks like it may
> involve patching many of the dependent packages, based on what I see
> in Arch (which only has openexr 3 and numerous small patches, though
> looked easy enough).

I left a comment on that issue. OpenEXR addressed those vulnerabilities
in version 2.5.4, while we're at 2.5.5.

> So I think this update to Darktable is okay, but we should move to
> openexr 3 for everything due to #47509.

Looking at the releases page for openexr, it seems that both versions 2
and 3 are being actively maintained. We can have both, and IMO we
should. But there's no need to work on it immediately.

I built the package and executed darktable --version and also see that
openexr support is enabled. This patch LGTM then. I will now wait for a
committer to review.

Thanks,

Vinicius
This bug report was last modified 3 years and 317 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.