GNU bug report logs -
#73683
[PATCH] gnu: vips: Update to 8.15.3. [security fixes]
Previous Next
Reported by: Nicolas Graves <ngraves <at> ngraves.fr>
Date: Mon, 7 Oct 2024 22:07:02 UTC
Severity: normal
Tags: patch
Done: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 73683 in the body.
You can then email your comments to 73683 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#73683; Package
guix-patches.
(Mon, 07 Oct 2024 22:07:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 07 Oct 2024 22:07:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2023-40032.
* gnu/packages/image-processing.scm (vips): Update to 8.15.3.
[build-system]: Switch to meson-build-system.
[inputs]: Add glib:bin.
---
gnu/packages/image-processing.scm | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
index 033e006d06..1a24837ac8 100644
--- a/gnu/packages/image-processing.scm
+++ b/gnu/packages/image-processing.scm
@@ -23,6 +23,7 @@
;;; Copyright © 2022 Tomasz Jeneralczyk <tj <at> schwi.pl>
;;; Copyright © 2022 Paul A. Patience <paul <at> apatience.com>
;;; Copyright © 2023 Cairn <cairn <at> pm.me>
+;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -49,6 +50,7 @@ (define-module (gnu packages image-processing)
#:use-module (guix build-system qt)
#:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
+ #:use-module (guix build-system meson)
#:use-module (guix build-system python)
#:use-module (guix build-system pyproject)
#:use-module (gnu packages)
@@ -776,16 +778,16 @@ (define-public opencv
(define-public vips
(package
(name "vips")
- (version "8.13.1")
+ (version "8.15.3")
(source
(origin
(method url-fetch)
(uri (string-append
"https://github.com/libvips/libvips/releases/download/v"
- version "/vips-" version ".tar.gz"))
+ version "/vips-" version ".tar.xz"))
(sha256
- (base32 "00kp3439jcqv9l2gcjg88xzvlq8clv54z1m3x66i3chvarz7ndxd"))))
- (build-system gnu-build-system)
+ (base32 "182j20dw38f1nyfx8cf7cjsr0k4nl7lfk3wm2d0ddypa6vsxj9ry"))))
+ (build-system meson-build-system)
(native-inputs
(list gobject-introspection pkg-config))
(inputs
@@ -793,6 +795,7 @@ (define-public vips
fftw
giflib
glib
+ (list glib "bin")
hdf5
imagemagick
lcms
--
2.46.0
Reply sent
to
Zheng Junjie <zhengjunjie <at> iscas.ac.cn>:
You have taken responsibility.
(Mon, 14 Oct 2024 02:22:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
bug acknowledged by developer.
(Mon, 14 Oct 2024 02:22:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 73683-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2023-40032.
>
> * gnu/packages/image-processing.scm (vips): Update to 8.15.3.
> [build-system]: Switch to meson-build-system.
> [inputs]: Add glib:bin.
> ---
> gnu/packages/image-processing.scm | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
> index 033e006d06..1a24837ac8 100644
> --- a/gnu/packages/image-processing.scm
> +++ b/gnu/packages/image-processing.scm
> @@ -23,6 +23,7 @@
> ;;; Copyright © 2022 Tomasz Jeneralczyk <tj <at> schwi.pl>
> ;;; Copyright © 2022 Paul A. Patience <paul <at> apatience.com>
> ;;; Copyright © 2023 Cairn <cairn <at> pm.me>
> +;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> @@ -49,6 +50,7 @@ (define-module (gnu packages image-processing)
> #:use-module (guix build-system qt)
> #:use-module (guix build-system cmake)
> #:use-module (guix build-system gnu)
> + #:use-module (guix build-system meson)
> #:use-module (guix build-system python)
> #:use-module (guix build-system pyproject)
> #:use-module (gnu packages)
> @@ -776,16 +778,16 @@ (define-public opencv
> (define-public vips
> (package
> (name "vips")
> - (version "8.13.1")
> + (version "8.15.3")
> (source
> (origin
> (method url-fetch)
> (uri (string-append
> "https://github.com/libvips/libvips/releases/download/v"
> - version "/vips-" version ".tar.gz"))
> + version "/vips-" version ".tar.xz"))
> (sha256
> - (base32 "00kp3439jcqv9l2gcjg88xzvlq8clv54z1m3x66i3chvarz7ndxd"))))
> - (build-system gnu-build-system)
> + (base32 "182j20dw38f1nyfx8cf7cjsr0k4nl7lfk3wm2d0ddypa6vsxj9ry"))))
> + (build-system meson-build-system)
> (native-inputs
> (list gobject-introspection pkg-config))
> (inputs
> @@ -793,6 +795,7 @@ (define-public vips
> fftw
> giflib
> glib
> + (list glib "bin")
> hdf5
> imagemagick
> lcms
push, and add commit to fetch sources from git.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#73683; Package
guix-patches.
(Mon, 14 Oct 2024 02:24:01 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 11 Nov 2024 12:24:13 GMT)
Full text and
rfc822 format available.
This bug report was last modified 272 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.