[PATCH] gnu: libwebp: Replace with 1.3.1. [fixes CVE-2023-1999]

Hilton Chain wrote on 17 Jul 2023 09:29

Recipients:(address . guix-patches@gnu.org)(name . Hilton Chain)(address . hako@ultrarare.space)

Message-ID:2f4a01203e0875f1a17857d73d41f30f20eb9a96.1689578899.git.hako@ultrarare.space

* gnu/packages/image.scm (libwebp/fixed): New variable.
(libwebp)[replacement]: Assign it to new field.
---
 gnu/packages/image.scm | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

Toggle diff (39 lines)diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 50af2001ad..d4390fe3f3 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1432,6 +1432,7 @@ (define-public libwebp
   (package
     (name "libwebp")
     (version "1.2.4")
+    (replacement libwebp/fixed)
     (source
      (origin
        ;; No tarballs are provided for >0.6.1.
@@ -1470,6 +1471,22 @@ (define-public libwebp
 channels.")
     (license license:bsd-3)))
 
+(define libwebp/fixed
+  (package
+    (inherit libwebp)
+    (name "libwebp")
+    (version "1.3.1")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://chromium.googlesource.com/webm/libwebp")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "1aas6gwy7kfcq34cil781kcsl286khh9grwcx7k4d2n1g7zcpl3m"))))))
+
 (define-public libmng
   (package
     (name "libmng")

base-commit: 3755941f038ec66fba568fa88d6b2d295e196723
-- 
2.41.0

Ludovic Courtès wrote on 16 Aug 2023 22:52

Recipients:(name . Hilton Chain)(address . hako@ultrarare.space)(address . 64676-done@debbugs.gnu.org)

Message-ID:87jztu3e1j.fsf@gnu.org

Hilton Chain <hako@ultrarare.space> skribis:

Toggle quote (3 lines)

> * gnu/packages/image.scm (libwebp/fixed): New variable.

> (libwebp)[replacement]: Assign it to new field.

Hi! Finally applied, thanks!

Ludo’.

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 64676@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 64676

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date