Re: [PATCH] gnu: lcms: Update to 2.8.

Sat, 11 Feb 2017 07:16:52 -0800 

Marius Bakke <mba...@fastmail.com> writes:

> Alex Vong <alexvong1...@gmail.com> writes:
>
>> Hi,
>>
>> This patch update lcms to 2.8:
>
> Thank you for this!
>
Thanks for the review too!

>> Besides, the security bug in which 'lcms-fix-out-of-bounds-read.patch'
>> fixed has been assigned CVE-2016-10165 according to [0], should we
>> change the name of the patch?
>>
>> [0]: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
>
> Good catch. Would you like to do it?
>
> Could you submit this patch against the 'core-updates' branch? LCMS
> causes ~1800 rebuilds which is too much for 'master'. The CVE patch has
> also been 'un-grafted' in core-updates, so the context will be slightly
> different. TIA!

Sure, the patches are here:


From 22b5a7941975d7b1377c65aa096506c38b4efdf8 Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1...@gmail.com>
Date: Sat, 11 Feb 2017 22:45:38 +0800
Subject: [PATCH 1/2] gnu: lcms: Update to 2.8.

* gnu/packages/ghostscript.scm (lcms): Update to 2.8.
---
 gnu/packages/ghostscript.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index dcbed69e3..4b8e62348 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <m...@netris.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rek...@elephly.net>
 ;;; Copyright © 2013, 2015, 2016 Ludovic Courtès <l...@gnu.org>
+;;; Copyright © 2017 Alex Vong <alexvong1...@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,14 +40,14 @@
 (define-public lcms
   (package
    (name "lcms")
-   (version "2.6")
+   (version "2.8")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/lcms/lcms/" version
                                 "/lcms2-" version ".tar.gz"))
             (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
             (sha256 (base32
-                     "1c8lgq8gfs3nyplvbx9k8wzfj6r2bqi3f611vb1m8z3476454wji"))))
+                     "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
    (build-system gnu-build-system)
    (inputs `(("libjpeg-8" ,libjpeg-8)
              ("libtiff" ,libtiff)
-- 
2.11.1

Attachment: 0002-gnu-lcms-Mention-CVE-2016-10165.patch
Description: lcms

Attachment: signature.asc
Description: PGP signature

Reply via email to