From 5c46e1dda8535f239a5d136d48e85bcf7210f339 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Mon, 22 Apr 2019 23:55:52 +0200 Subject: gnu: gifsicle: Update to 1.92. * gnu/packages/image.scm (gifsicle): Update to 1.92. --- gnu/packages/image.scm | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 3b2bb23252..dd6b2711a8 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -1505,15 +1505,14 @@ in-memory raw vectors.") (define-public gifsicle (package (name "gifsicle") - (version "1.91") + (version "1.92") (source (origin (method url-fetch) (uri (string-append "http://www.lcdf.org/gifsicle/gifsicle-" version ".tar.gz")) (sha256 - (base32 - "00586z1yz86qcblgmf16yly39n4lkjrscl52hvfxqk14m81fckha")))) + (base32 "0rffpzxcak19k6cngpxn73khvm3z1gswrqs90ycdzzb53p05ddas")))) (build-system gnu-build-system) (arguments '(#:phases @@ -1528,7 +1527,7 @@ in-memory raw vectors.") (("/bin/rm") (which "rm"))) #t))))) - (native-inputs `(("perl" ,perl))) ; Only for tests. + (native-inputs `(("perl" ,perl))) ; only for tests (inputs `(("libx11" ,libx11))) (home-page "http://www.lcdf.org/gifsicle/") (synopsis "Edit GIF images and animations") -- cgit v1.2.3 From 645b6c7fc72cf15b549de6a01b63174df18622d3 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Mon, 22 Apr 2019 23:56:38 +0200 Subject: gnu: gifsicle: Use HTTPS. * gnu/packages/image.scm (gifsicle)[source, home-page]: Use HTTPS. --- gnu/packages/image.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index dd6b2711a8..78e155fa39 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -1509,7 +1509,7 @@ in-memory raw vectors.") (source (origin (method url-fetch) - (uri (string-append "http://www.lcdf.org/gifsicle/gifsicle-" + (uri (string-append "https://www.lcdf.org/gifsicle/gifsicle-" version ".tar.gz")) (sha256 (base32 "0rffpzxcak19k6cngpxn73khvm3z1gswrqs90ycdzzb53p05ddas")))) @@ -1529,7 +1529,7 @@ in-memory raw vectors.") #t))))) (native-inputs `(("perl" ,perl))) ; only for tests (inputs `(("libx11" ,libx11))) - (home-page "http://www.lcdf.org/gifsicle/") + (home-page "https://www.lcdf.org/gifsicle/") (synopsis "Edit GIF images and animations") (description "Gifsicle is a command-line GIF image manipulation tool that: -- cgit v1.2.3 From be59c48d15ccfdec2d935801e632e2c5dcf11d07 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 23 Apr 2019 00:22:41 +0200 Subject: gnu: perceptualdiff: Don't use unstable tarball. It's still broken by freeimage, unfortunately. * gnu/packages/image.scm (perceptualdiff)[source]: Use GIT-FETCH and GIT-FILE-NAME. --- gnu/packages/image.scm | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 78e155fa39..4010fd0ace 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -1153,13 +1153,13 @@ the programmer.") (version "1.3") (source (origin - (method url-fetch) - (uri (string-append "https://github.com/myint/perceptualdiff/archive/v" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (sha256 - (base32 - "0zl6xmp971fffg7fzcz2fbgxg5x2w7l8qa65c008i4kbkc9016ps")))) + (method git-fetch) + (uri (git-reference + (url "https://github.com/myint/perceptualdiff.git") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "0yys55f9i9g3wjjg0j2m0p0k21zwnid8520a8lrr30khm4k5gibp")))) (build-system cmake-build-system) (inputs `(("freeimage" ,freeimage))) (arguments -- cgit v1.2.3 From a18581a02da0b5ca1c99f2114129513cdf5fa05d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Wed, 17 Apr 2019 22:36:47 +0200 Subject: gnu: libpng: Replace with 1.6.37 [security fixes]. This fixes CVE-2018-14048, CVE-2018-14550, and CVE-2019-7317. * gnu/packages/image.scm (libpng)[replacement]: New field. (libpng-1.6.37): New public variable. --- gnu/packages/image.scm | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'gnu/packages/image.scm') diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 4010fd0ace..4443e1c83d 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -87,6 +87,7 @@ (package (name "libpng") (version "1.6.34") + (replacement libpng-1.6.37) (source (origin (method url-fetch) (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" @@ -112,6 +113,25 @@ library. It supports almost all PNG features and is extensible.") (license license:zlib) (home-page "http://www.libpng.org/pub/png/libpng.html"))) +;; This graft exists to fix CVE-2018-14048, CVE-2018-14550, and CVE-2019-7317. +(define-public libpng-1.6.37 + (package + (inherit libpng) + (version "1.6.37") + (source (origin + (method url-fetch) + (uri (list (string-append "mirror://sourceforge/libpng/libpng16/" + version "/libpng-" version ".tar.xz") + (string-append + "ftp://ftp.simplesystems.org/pub/libpng/png/src" + "/libpng16/libpng-" version ".tar.xz") + (string-append + "ftp://ftp.simplesystems.org/pub/libpng/png/src/history" + "/libpng16/libpng-" version ".tar.xz"))) + (sha256 + (base32 + "1jl8in381z0128vgxnvn33nln6hzckl7l7j9nqvkaf1m9n1p0pjh")))))) + ;; libpng-apng should be updated when the APNG patch is released: ;; (define-public libpng-apng -- cgit v1.2.3