guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

10/12: gnu: libwebp: Replace with 1.3.1. [fixes CVE-2023-1999]

From: guix-commits
Subject: 10/12: gnu: libwebp: Replace with 1.3.1. [fixes CVE-2023-1999]
Date: Wed, 16 Aug 2023 17:16:41 -0400 (EDT) 
civodul pushed a commit to branch master
in repository guix.

commit 63cf5a2a4eb64c31f5811b77e182965fd3320af0
Author: Hilton Chain <hako@ultrarare.space>
AuthorDate: Mon Jul 17 15:29:03 2023 +0800

    gnu: libwebp: Replace with 1.3.1. [fixes CVE-2023-1999]
    
    * gnu/packages/image.scm (libwebp/fixed): New variable.
    (libwebp)[replacement]: Assign it to new field.
    
    Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
 gnu/packages/image.scm | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index d0867d738b..75f9e3c691 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1432,6 +1432,7 @@ language bindings to VIGRA.")
   (package
     (name "libwebp")
     (version "1.2.4")
+    (replacement libwebp/fixed)
     (source
      (origin
        ;; No tarballs are provided for >0.6.1.
@@ -1470,6 +1471,22 @@ to PNG when lossy compression is acceptable for the 
red/green/blue color
 channels.")
     (license license:bsd-3)))
 
+(define libwebp/fixed
+  (package
+    (inherit libwebp)
+    (name "libwebp")
+    (version "1.3.1")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://chromium.googlesource.com/webm/libwebp";)
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "1aas6gwy7kfcq34cil781kcsl286khh9grwcx7k4d2n1g7zcpl3m"))))))
+
 (define-public libmng
   (package
     (name "libmng")
reply via email to
[Prev in Thread] Current Thread [Next in Thread]