GNU bug report logs - #73683
[PATCH] gnu: vips: Update to 8.15.3. [security fixes]

Previous Next

Package: guix-patches;

Reported by: Nicolas Graves <ngraves <at> ngraves.fr>

Date: Mon, 7 Oct 2024 22:07:02 UTC

Severity: normal

Tags: patch

Done: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Zheng Junjie <zhengjunjie <at> iscas.ac.cn>
To: 73683 <at> debbugs.gnu.org
Cc: 73683-done <at> debbugs.gnu.org, Nicolas Graves <ngraves <at> ngraves.fr>
Subject: [bug#73683] [PATCH] gnu: vips: Update to 8.15.3. [security fixes]
Date: Mon, 14 Oct 2024 10:20:29 +0800

[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:

> This fixes CVE-2023-40032.
>
> * gnu/packages/image-processing.scm (vips): Update to 8.15.3.
>   [build-system]: Switch to meson-build-system.
>   [inputs]: Add glib:bin.
> ---
>  gnu/packages/image-processing.scm | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/gnu/packages/image-processing.scm b/gnu/packages/image-processing.scm
> index 033e006d06..1a24837ac8 100644
> --- a/gnu/packages/image-processing.scm
> +++ b/gnu/packages/image-processing.scm
> @@ -23,6 +23,7 @@
>  ;;; Copyright © 2022 Tomasz Jeneralczyk <tj <at> schwi.pl>
>  ;;; Copyright © 2022 Paul A. Patience <paul <at> apatience.com>
>  ;;; Copyright © 2023 Cairn <cairn <at> pm.me>
> +;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -49,6 +50,7 @@ (define-module (gnu packages image-processing)
>    #:use-module (guix build-system qt)
>    #:use-module (guix build-system cmake)
>    #:use-module (guix build-system gnu)
> +  #:use-module (guix build-system meson)
>    #:use-module (guix build-system python)
>    #:use-module (guix build-system pyproject)
>    #:use-module (gnu packages)
> @@ -776,16 +778,16 @@ (define-public opencv
>  (define-public vips
>    (package
>      (name "vips")
> -    (version "8.13.1")
> +    (version "8.15.3")
>      (source
>       (origin
>         (method url-fetch)
>         (uri (string-append
>               "https://github.com/libvips/libvips/releases/download/v"
> -             version "/vips-" version ".tar.gz"))
> +             version "/vips-" version ".tar.xz"))
>         (sha256
> -        (base32 "00kp3439jcqv9l2gcjg88xzvlq8clv54z1m3x66i3chvarz7ndxd"))))
> -    (build-system gnu-build-system)
> +        (base32 "182j20dw38f1nyfx8cf7cjsr0k4nl7lfk3wm2d0ddypa6vsxj9ry"))))
> +    (build-system meson-build-system)
>      (native-inputs
>       (list gobject-introspection pkg-config))
>      (inputs
> @@ -793,6 +795,7 @@ (define-public vips
>             fftw
>             giflib
>             glib
> +           (list glib "bin")
>             hdf5
>             imagemagick
>             lcms

push, and add commit to fetch sources from git.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 276 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.