[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
19/28: gnu: libjpeg-turbo: Update to 2.0.4.
From: |
guix-commits |
Subject: |
19/28: gnu: libjpeg-turbo: Update to 2.0.4. |
Date: |
Wed, 8 Jan 2020 15:58:48 -0500 (EST) |
mbakke pushed a commit to branch core-updates
in repository guix.
commit ceaf180526a81c025554717feb9d63080e550d19
Author: Marius Bakke <address@hidden>
AuthorDate: Wed Jan 8 16:55:04 2020 +0100
gnu: libjpeg-turbo: Update to 2.0.4.
* gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/image.scm (libjpeg-turbo): Update to 2.0.4.
[source](patches): Remove.
---
gnu/local.mk | 1 -
gnu/packages/image.scm | 5 ++--
.../patches/libjpeg-turbo-CVE-2019-2201.patch | 31 ----------------------
3 files changed, 2 insertions(+), 35 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 63f84ab..60b3b65 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1086,7 +1086,6 @@ dist_patch_DATA =
\
%D%/packages/patches/libgnome-encoding.patch \
%D%/packages/patches/libgnomeui-utf8.patch \
%D%/packages/patches/libgpg-error-gawk-compat.patch \
- %D%/packages/patches/libjpeg-turbo-CVE-2019-2201.patch \
%D%/packages/patches/libjxr-fix-function-signature.patch \
%D%/packages/patches/libjxr-fix-typos.patch \
%D%/packages/patches/libotr-test-auth-fix.patch \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index c433429..c70a605 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1487,15 +1487,14 @@ is hereby granted."))))
(define-public libjpeg-turbo
(package
(name "libjpeg-turbo")
- (version "2.0.3")
+ (version "2.0.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/libjpeg-turbo/"
version "/libjpeg-turbo-" version ".tar.gz"))
- (patches (search-patches "libjpeg-turbo-CVE-2019-2201.patch"))
(sha256
(base32
- "1ds16bnj17v6hzd43w8pzijz3imd9am4hw75ir0fxm240m8dwij2"))))
+ "01ill8bgjyk582wipx7sh7gj2nidylpbzvwhx0wkcm6mxx3qbp9k"))))
(build-system cmake-build-system)
(native-inputs
`(("nasm" ,nasm)))
diff --git a/gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch
b/gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch
deleted file mode 100644
index 35f2bf5..0000000
--- a/gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix integer overflow which can potentially lead to RCE.
-
-https://www.openwall.com/lists/oss-security/2019/11/11/1
-https://nvd.nist.gov/vuln/detail/CVE-2019-2201
-
-The problem was partially fixed in 2.0.3. This patch is a follow-up.
-https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
-https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad
-
-diff --git a/tjbench.c b/tjbench.c
-index a7d397318..13a5bde62 100644
---- a/tjbench.c
-+++ b/tjbench.c
-@@ -171,7 +171,7 @@ static int decomp(unsigned char *srcBuf, unsigned char
**jpegBuf,
- }
- /* Set the destination buffer to gray so we know whether the decompressor
- attempted to write to it */
-- memset(dstBuf, 127, pitch * scaledh);
-+ memset(dstBuf, 127, (size_t)pitch * scaledh);
-
- if (doYUV) {
- int width = doTile ? tilew : scaledw;
-@@ -193,7 +193,7 @@ static int decomp(unsigned char *srcBuf, unsigned char
**jpegBuf,
- double start = getTime();
-
- for (row = 0, dstPtr = dstBuf; row < ntilesh;
-- row++, dstPtr += pitch * tileh) {
-+ row++, dstPtr += (size_t)pitch * tileh) {
- for (col = 0, dstPtr2 = dstPtr; col < ntilesw;
- col++, tile++, dstPtr2 += ps * tilew) {
- int width = doTile ? min(tilew, w - col * tilew) : scaledw;
- 05/28: gnu: dconf: Fix build failure with Meson 0.52., (continued)
- 05/28: gnu: dconf: Fix build failure with Meson 0.52., guix-commits, 2020/01/08
- 03/28: gnu: python-pyopenssl: Fix test failure., guix-commits, 2020/01/08
- 06/28: gnu: network-manager: Fix build with glibc 2.30., guix-commits, 2020/01/08
- 04/28: gnu: WebkitGTK: Fix build failure with ICU 65., guix-commits, 2020/01/08
- 15/28: gnu: cURL: Update to 7.68.0., guix-commits, 2020/01/08
- 13/28: gnu: libXpm: Update to 3.5.13., guix-commits, 2020/01/08
- 14/28: gnu: CMake: Update to 3.16.2., guix-commits, 2020/01/08
- 18/28: gnu: libarchive: Update to 3.4.1., guix-commits, 2020/01/08
- 21/28: gnu: RHash: Do not use unstable source tarball., guix-commits, 2020/01/08
- 20/28: gnu: meson: Update to 0.53.0., guix-commits, 2020/01/08
- 19/28: gnu: libjpeg-turbo: Update to 2.0.4.,
guix-commits <=
- 24/28: gnu: libpaper: Do not build the static library., guix-commits, 2020/01/08
- 25/28: gnu: teckit: Do not build the static library., guix-commits, 2020/01/08
- 26/28: gnu: Boost: Update to 1.72.0., guix-commits, 2020/01/08
- 17/28: gnu: mit-krb5: Update to 1.17.1., guix-commits, 2020/01/08
- 16/28: gnu: fribidi: Update to 1.0.8., guix-commits, 2020/01/08
- 23/28: gnu: doxygen: Update to 1.8.17., guix-commits, 2020/01/08
- 27/28: gnu: Boost: Use Python 3 by default., guix-commits, 2020/01/08
- 28/28: gnu: vigra: Build with Python 3., guix-commits, 2020/01/08
- 22/28: gnu: RHash: Update to 1.3.9., guix-commits, 2020/01/08