[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCHES] ImageMagick security updates without grafting
From: |
Mark H Weaver |
Subject: |
[PATCHES] ImageMagick security updates without grafting |
Date: |
Sat, 27 Mar 2021 09:09:27 -0400 |
Hello Guix,
Here's a proposed patch set that will henceforth enable us to freely
update ImageMagick (and dblatex, and gtk-doc) on our 'master' branch
without grafts. This is done by adding variables 'imagemagick/stable',
'dblatex/stable', and 'gtk-doc/stable', which are then used as
'native-inputs' in selected packages.
The idea here is that the overwhelming majority of dependencies on
'imagemagick' are via references to 'gtk-doc' in the 'native-inputs' of
GNOME libraries. The risk of running buggy imagemagick code within Guix
build containers is presumably quite limited, and in any case, grafting
is no better in this regard.
The last 3 commits of this series apply more bug fixes beyond what we
currently have in 'master', including for CVE-2020-27829, as well as a
few other recent upstream commits that look to me potentially security
relevant.
Are there any comments or objections to this approach?
Mark
Note: I haven't yet fully tested these commits.
>From eaecf83224fdae115a533d03b6fe949794835d43 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 27 Mar 2021 07:07:32 -0400
Subject: [PATCH 1/8] gnu: imagemagick: Remove graft.
Note that this commit does *not* integrate the fixes that were previously
applied via the graft. This commit simply discards those fixes. We will
address those security flaws, without grafting, in subsequent commits.
* gnu/packages/imagemagick.scm (imagemagick)[replacement]: Remove field.
(imagemagick/fixed): Remove variable.
---
gnu/packages/imagemagick.scm | 40 ------------------------------------
1 file changed, 40 deletions(-)
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index a3562f2e13..cc5f1de4bf 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -51,7 +51,6 @@
;; maintained. Don't update to 7 until we've made sure that the ImageMagick
;; users are ready for the 7-series API.
(version "6.9.11-48")
- (replacement imagemagick/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://imagemagick/ImageMagick-"
@@ -128,45 +127,6 @@ transform images, adjust image colors, apply various
special effects, or draw
text, lines, polygons, ellipses and Bézier curves.")
(license (license:fsf-free
"http://www.imagemagick.org/script/license.php"))))
-(define-public imagemagick/fixed
- (package
- (inherit imagemagick)
- (name "imagemagick")
- ;; 'g' for 'guix', appended character to retain version length so grafting
- ;; works properly.
- (version "6.9.12-2g")
- (source (origin
- (method url-fetch)
- (uri (string-append "mirror://imagemagick/ImageMagick-"
- ;; Hardcode the version here since we had to
- ;; change it above.
- "6.9.12-2.tar.xz"))
- (sha256
- (base32
- "17da5zihz58qm41y61sbvw626m5xfwr2nzszlikrvxyq1j1q7asa"))))
- (arguments
- (substitute-keyword-arguments (package-arguments imagemagick)
- ((#:phases phases)
- `(modify-phases ,phases
- (add-after 'install 'fix-compat-cheat-rename-so
- (lambda* (#:key outputs #:allow-other-keys)
- (with-directory-excursion
- (string-append (assoc-ref outputs "out")
- "/lib")
- (symlink "libMagick++-6.Q16.so.9.0.0"
- "libMagick++-6.Q16.so.8.0.0")
- (symlink "libMagick++-6.Q16.so.9"
- "libMagick++-6.Q16.so.8")
- (symlink "libMagickCore-6.Q16.so.7.0.0"
- "libMagickCore-6.Q16.so.6.0.0")
- (symlink "libMagickCore-6.Q16.so.7"
- "libMagickCore-6.Q16.so.6")
- (symlink "libMagickWand-6.Q16.so.7.0.0"
- "libMagickWand-6.Q16.so.6.0.0")
- (symlink "libMagickWand-6.Q16.so.7"
- "libMagickWand-6.Q16.so.6"))
- #t))))))))
-
(define-public perl-image-magick
(package
(name "perl-image-magick")
--
2.31.0
>From 370089473506c800cf3480f67a00860400fbed18 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 27 Mar 2021 07:16:23 -0400
Subject: [PATCH 2/8] gnu: imagemagick: Add 'imagemagick/stable' variant.
* gnu/packages/imagemagick.scm (imagemagick/stable): New variable.
(imagemagick): This is now an alias to 'imagemagick/stable'.
---
gnu/packages/imagemagick.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index cc5f1de4bf..6d4649fbac 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -44,7 +44,7 @@
#:use-module (gnu packages xml)
#:use-module (gnu packages xorg))
-(define-public imagemagick
+(define-public imagemagick/stable
(package
(name "imagemagick")
;; The 7 release series has an incompatible API, while the 6 series is
still
@@ -127,6 +127,9 @@ transform images, adjust image colors, apply various
special effects, or draw
text, lines, polygons, ellipses and Bézier curves.")
(license (license:fsf-free
"http://www.imagemagick.org/script/license.php"))))
+(define-public imagemagick
+ imagemagick/stable)
+
(define-public perl-image-magick
(package
(name "perl-image-magick")
--
2.31.0
>From 8a251cdb8e730c364d79fc6f2fba21bafc82302a Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 27 Mar 2021 07:27:25 -0400
Subject: [PATCH 3/8] gnu: dblatex: Add 'dblatex/stable' variant.
* gnu/packages/docbook.scm (dblatex/stable): New variable.
---
gnu/packages/docbook.scm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gnu/packages/docbook.scm b/gnu/packages/docbook.scm
index 012e86f6a5..9b2c70014d 100644
--- a/gnu/packages/docbook.scm
+++ b/gnu/packages/docbook.scm
@@ -5,6 +5,7 @@
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2020 Marius Bakke <marius@gnu.org>
;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2021 Mark H Weaver <mhw@netris.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -33,6 +34,7 @@
#:use-module (guix licenses)
#:use-module (guix packages)
#:use-module (guix download)
+ #:use-module ((guix build utils) #:select (alist-replace))
#:use-module (guix build-system trivial)
#:use-module (guix build-system python))
@@ -460,3 +462,8 @@ process. MathML 2.0 markups are supported too. It started
as a clone of
DB2LaTeX.")
;; lib/contrib/which is under an X11 license
(license gpl2+)))
+
+(define-public dblatex/stable
+ (package/inherit dblatex
+ (inputs (alist-replace "imagemagick" `(,imagemagick/stable)
+ (package-inputs dblatex)))))
--
2.31.0
>From 9de91519a64c3a2fadd8a9730d6fb032d764885b Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 27 Mar 2021 07:28:58 -0400
Subject: [PATCH 4/8] gnu: gtk-doc: Add 'gtk-doc/stable' variant.
* gnu/packages/gtk.scm (gtk-doc/stable): New variable.
---
gnu/packages/gtk.scm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index cf9116214c..0cd1391fa2 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -48,6 +48,7 @@
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module ((guix build utils) #:select (alist-replace))
#:use-module (guix build-system glib-or-gtk)
#:use-module (guix build-system gnu)
#:use-module (guix build-system meson)
@@ -1829,6 +1830,11 @@ typically used to document the public API of GTK+ and
GNOME libraries, but it
can also be used to document application code.")
(license license:gpl2+)))
+(define-public gtk-doc/stable
+ (package/inherit gtk-doc
+ (inputs (alist-replace "dblatex" `(,dblatex/stable)
+ (package-inputs gtk-doc)))))
+
(define-public gtk-engines
(package
(name "gtk-engines")
--
2.31.0
>From 941bcda1cb65d89974ebc775666a6bd432964a78 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 27 Mar 2021 07:34:35 -0400
Subject: [PATCH 5/8] gnu: Use 'gtk-doc/stable' in native-inputs of selected
packages.
* gnu/packages/calendar.scm (libical),
gnu/packages/check.scm (umockdev),
gnu/packages/fontutils.scm (libraqm),
gnu/packages/freedesktop.scm (appstream, farstream, libglib-testing)
(udisks, libfprint, libportal),
gnu/packages/geo.scm (memphis, osm-gps-map),
gnu/packages/glib.scm (template-glib),
gnu/packages/gnome.scm (gupnp-igd, libcloudproviders, libgrss, seed)
(gtx, dee, zeitgeist, phodav, gssdp, gupnp, gupnp-dlna, gupnp-av, rygel)
(libnma, gdl, libnotify, vte-ng, dconf, libxklavier, libsoup, colord)
(geoclue, geocode-glib, amtk, grilo, gvfs, gusb, network-manager)
(network-manager-applet, gfbgraph, libunique, cheese, libhandy)
(gnome-latex, libgda),
gnu/packages/gstreamer.scm (orc),
gnu/packages/gtk.scm (at-spi2-core, goocanvas),
gnu/packages/language.scm (nimf),
gnu/packages/networking.scm (libnice),
gnu/packages/video.scm (schroedinger),
gnu/packages/virtualization.scm (libosinfo),
gnu/packages/webkit.scm (wpewebkit, webkitgtk),
gnu/packages/xml.scm (libxmlb)[native-inputs]: Replace 'gtk-doc' with
'gtk-doc/stable'.
---
gnu/packages/calendar.scm | 2 +-
gnu/packages/check.scm | 2 +-
gnu/packages/fontutils.scm | 2 +-
gnu/packages/freedesktop.scm | 12 +++---
gnu/packages/geo.scm | 4 +-
gnu/packages/glib.scm | 2 +-
gnu/packages/gnome.scm | 70 ++++++++++++++++-----------------
gnu/packages/gstreamer.scm | 2 +-
gnu/packages/gtk.scm | 4 +-
gnu/packages/language.scm | 2 +-
gnu/packages/networking.scm | 2 +-
gnu/packages/video.scm | 2 +-
gnu/packages/virtualization.scm | 2 +-
gnu/packages/webkit.scm | 4 +-
gnu/packages/xml.scm | 2 +-
15 files changed, 57 insertions(+), 57 deletions(-)
diff --git a/gnu/packages/calendar.scm b/gnu/packages/calendar.scm
index 4e1e4f05b6..d473900ac5 100644
--- a/gnu/packages/calendar.scm
+++ b/gnu/packages/calendar.scm
@@ -156,7 +156,7 @@ the <tz.h> library for handling time zones and leap
seconds.")
(native-inputs
`(("docbook-xml" ,docbook-xml-4.3)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("perl" ,perl)
("pkg-config" ,pkg-config)
("vala" ,vala)))
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index 21514d1bc4..a1e44ad81f 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -2732,7 +2732,7 @@ provides a simple way to achieve this.")
(native-inputs
`(("vala" ,vala)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
;; For tests.
diff --git a/gnu/packages/fontutils.scm b/gnu/packages/fontutils.scm
index a4c92f5bea..1d9c81b8a6 100644
--- a/gnu/packages/fontutils.scm
+++ b/gnu/packages/fontutils.scm
@@ -965,7 +965,7 @@ Unicode Charts. It was developed for use with DejaVu Fonts
project.")
(arguments
`(#:configure-flags (list "--disable-static")))
(native-inputs
- `(("gtk-doc" ,gtk-doc)
+ `(("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("python" ,python-wrapper)))
(inputs
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 4105dd7ca0..a9e96c9928 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -173,7 +173,7 @@
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
("gperf" ,gperf)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
("xsltproc" ,libxslt)))
@@ -261,7 +261,7 @@ application-centers for distributions.")
("docbook-xml" ,docbook-xml-4.1.2)
("docbook-xsl" ,docbook-xsl)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("libtool" ,libtool)
("perl" ,perl)
("pkg-config" ,pkg-config)
@@ -313,7 +313,7 @@ for videoconferencing.")
`(("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
- ("gtk-doc" ,gtk-doc)))
+ ("gtk-doc" ,gtk-doc/stable)))
(inputs
`(("dbus" ,dbus)
("glib" ,glib)))
@@ -1202,7 +1202,7 @@ Analysis and Reporting Technology) functionality.")
("glib:bin" ,glib "bin") ; for glib-mkenums
("gnome-common" ,gnome-common) ; TODO: Why is this needed?
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)
("pkg-config" ,pkg-config)
("xsltproc" ,libxslt)))
@@ -1598,7 +1598,7 @@ wish to perform colour calibration.")
`(("eudev" ,eudev)
("glib:bin" ,glib "bin") ; for {glib-,}mkenums
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc) ; for 88 KiB of API documentation
+ ("gtk-doc" ,gtk-doc/stable) ; for 88 KiB of API
documentation
("pkg-config" ,pkg-config)))
(inputs
`(("glib" ,glib)
@@ -2197,7 +2197,7 @@ fallback to generic Systray support if none of those are
available.")
#t))))))
(native-inputs
`(("pkg-config" ,pkg-config)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("docbook-xsl" ,docbook-xsl)
("docbook-xml" ,docbook-xml)
("libxml2" ,libxml2)
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index c988d6b114..97fa83b86b 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -151,7 +151,7 @@
("automake" ,automake)
("docbook-xml" ,docbook-xml-4.3)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("libtool" ,libtool)
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
@@ -1138,7 +1138,7 @@ OpenStreetMap data files.")
(build-system gnu-build-system)
(native-inputs
`(("gnome-common" ,gnome-common)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(inputs
`(("cairo" ,cairo)
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index 9c3cd75624..c04bd334e9 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -1165,7 +1165,7 @@ other API remains the same.")
`(("bison" ,bison)
("flex" ,flex)
("glib:bin" ,glib "bin") ;; For glib-mkenums
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("vala" ,vala)))
(home-page "https://gitlab.gnome.org/GNOME/template-glib")
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 7607db27f1..ce8a5e8f02 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -263,7 +263,7 @@
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(propagated-inputs
`(("glib" ,glib)
@@ -366,7 +366,7 @@ features to enable users to create their discs easily and
quickly.")
(native-inputs
`(("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("vala" ,vala)))
(inputs
@@ -415,7 +415,7 @@ services.")
(native-inputs
`(("docbook-xml" ,docbook-xml-4.1.2)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(propagated-inputs
`(("glib" ,glib)
@@ -512,7 +512,7 @@ bindings.")
("docbook-xml" ,docbook-xml-4.1.2)
("gettext" ,gettext-minimal)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)
("libtool" ,libtool)
("pkg-config" ,pkg-config)))
@@ -622,7 +622,7 @@ It is written in C using GObject and libsoup.")
"/share/gtk-doc/html"))))
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(propagated-inputs
`(("glib" ,glib)))
@@ -692,7 +692,7 @@ of writing test cases for asynchronous interactions.")
("dbus-test-runner" ,dbus-test-runner)
("docbook-xml" ,docbook-xml-4.3)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
;; Would only be required by configure flag "--enable-extended-tests".
;("gtx" ,gtx)
("pkg-config" ,pkg-config)
@@ -768,7 +768,7 @@ of known objects without needing a central registrar.")
("docbook-xml" ,docbook-xml-4.3)
("gettext" ,gettext-minimal)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("libtool" ,libtool)
("pkg-config" ,pkg-config)
("vala" ,vala)
@@ -1177,7 +1177,7 @@ Library reference documentation.")
`(("docbook-xml" ,docbook-xml-4.3)
("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(inputs
`(("avahi" ,avahi)
@@ -1295,7 +1295,7 @@ It has miners for Facebook, Flickr, Google, ownCloud and
SkyDrive.")
`(("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("vala" ,vala)))
(inputs
@@ -1326,7 +1326,7 @@ a debugging tool, @command{gssdp-device-sniffer}.")
`(("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("vala" ,vala)))
(inputs
@@ -1357,7 +1357,7 @@ for creating UPnP devices and control points, written in
C using
`(("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("libxml" ,libxml2)
("pkg-config" ,pkg-config)
("vala" ,vala)))
@@ -1391,7 +1391,7 @@ given profile, etc. DLNA is a subset of UPnP A/V.")
`(("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("libxml" ,libxml2)
("pkg-config" ,pkg-config)))
(inputs
@@ -1607,7 +1607,7 @@ preview files on the GNOME desktop.")
(native-inputs
`(("gettext" ,gettext-minimal)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("vala" ,vala)))
(inputs
@@ -1669,7 +1669,7 @@ client devices can handle.")
`(("docbook-xml" ,docbook-xml-4.3)
("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
("vala" ,vala)))
@@ -2417,7 +2417,7 @@ GNOME Desktop.")
("automake" ,automake)
("glib" ,glib "bin") ; for glib-genmarshal, etc.
("gnome-common" ,gnome-common)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)
("pkg-config" ,pkg-config)
("libtool" ,libtool)
@@ -3057,7 +3057,7 @@ configuring CUPS.")
("gobject-introspection" ,gobject-introspection)
;; For the documentation.
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("xsltproc" ,libxslt)
("docbook-xsl" ,docbook-xsl)))
(home-page "https://developer-next.gnome.org/libnotify/")
@@ -4503,7 +4503,7 @@ editors, IDEs, etc.")
"0rnm5c6m3abbm81jsfdas0y80z299ny54gr4syn4bfrms3s4g19l"))))
(build-system meson-build-system)
(native-inputs
- `(("gtk-doc" ,gtk-doc)
+ `(("gtk-doc" ,gtk-doc/stable)
,@(package-native-inputs vte)))
(arguments
`(#:configure-flags '("-Ddocs=true")))
@@ -4621,7 +4621,7 @@ and RDP protocols.")
("docbook-xml" ,docbook-xml-4.2)
("docbook-xsl" ,docbook-xsl)
("glib:bin" ,glib "bin")
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("vala" ,vala)))
(arguments
@@ -4689,7 +4689,7 @@ and objects.")
`(("glib:bin" ,glib "bin") ; for glib-mkenums, etc.
("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)
("which" ,which)
("autoconf" ,autoconf)
@@ -4912,7 +4912,7 @@ libxml to ease remote use of the RESTful API.")
`(("docbook-xml" ,docbook-xml-4.1.2)
("glib:bin" ,glib "bin") ; for glib-mkenums
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
@@ -5279,7 +5279,7 @@ keyboard shortcuts.")
`(("glib:bin" ,glib "bin") ; for glib-compile-resources, etc.
("gettext" ,gettext-minimal)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("vala" ,vala)))
(propagated-inputs
@@ -5324,7 +5324,7 @@ output devices.")
("gobject-introspection" ,gobject-introspection)
("modem-manager" ,modem-manager)
("libnotify" ,libnotify)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)))
(inputs
`(("avahi" ,avahi)
@@ -5369,7 +5369,7 @@ permission from user.")
("glibc-locales" ,glibc-locales) ; for tests
("gettext" ,gettext-minimal)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("json-glib" ,json-glib)))
(propagated-inputs
@@ -5675,7 +5675,7 @@ which are easy to play with the aid of a mouse.")
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
("glib:bin" ,glib "bin") ; for glib-mkenums
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(inputs
`(("glib" ,glib)
@@ -6092,7 +6092,7 @@ as possible!")
("intltool" ,intltool)
("pkg-config" ,pkg-config)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("vala" ,vala)))
(inputs
`(("cyrus-sasl" ,cyrus-sasl)
@@ -6526,7 +6526,7 @@ part of udev-extras, then udev, then systemd. It's now a
project on its own.")
(native-inputs
`(("glib:bin" ,glib "bin") ; for glib-genmarshal, etc.
("gettext" ,gettext-minimal)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("xsltproc" ,libxslt)))
(inputs
@@ -6591,7 +6591,7 @@ DAV, and others.")
`(("gobject-introspection" ,gobject-introspection)
("pkg-config" ,pkg-config)
("vala" ,vala)
- ("gtk-doc" ,gtk-doc)))
+ ("gtk-doc" ,gtk-doc/stable)))
(propagated-inputs
;; Both of these are required by gusb.pc.
`(("glib" ,glib)
@@ -7795,7 +7795,7 @@ users.")
`(("glib" ,glib)))
(native-inputs
`(("glib:bin" ,glib "bin") ; for gdbus-codegen
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("gobject-introspection" ,gobject-introspection)
("docbook-xml" ,docbook-xml)
("docbook-xsl" ,docbook-xsl)
@@ -8052,7 +8052,7 @@ Cisco's AnyConnect SSL VPN.")
`(("intltool" ,intltool)
("glib:bin" ,glib "bin") ; for glib-compile-resources, etc.
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(propagated-inputs
;; libnm-gtk.pc refers to all these.
@@ -9800,7 +9800,7 @@ compiled.")
"--enable-introspection")))
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
;; The 0.2.4 ‘release’ tarball isn't bootstrapped.
@@ -9872,7 +9872,7 @@ environment, which can notably display keyboard layouts.")
`(("pkg-config" ,pkg-config)
("gobject-introspection" ,gobject-introspection)
("glib:bin" ,glib "bin")
- ("gtk-doc" ,gtk-doc)))
+ ("gtk-doc" ,gtk-doc/stable)))
(propagated-inputs
;; Referred to in .h files and .pc.
`(("gtk+" ,gtk+)))
@@ -10457,7 +10457,7 @@ photo-booth-like software, such as Cheese.")
("docbook-xml" ,docbook-xml-4.3)
("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("itstool" ,itstool)
("libxml2" ,libxml2)
("libxslt" ,libxslt)
@@ -10996,7 +10996,7 @@ tabs, and it supports drag and drop re-ordering of
terminals.")
`(("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection) ; for g-ir-scanner
("vala" ,vala)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("gettext" ,gettext-minimal)
@@ -11531,7 +11531,7 @@ card sheets that you’ll find at most office supply
stores.")
`(("gettext" ,gettext-minimal)
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)
("itstool" ,itstool)
("pkg-config" ,pkg-config)
@@ -12123,7 +12123,7 @@ developed with the aim of being used with the Librem 5
phone.")
("glib:bin" ,glib "bin")
("gnome-common" ,gnome-common)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)
("libtool" ,libtool)
("pkg-config" ,pkg-config)
diff --git a/gnu/packages/gstreamer.scm b/gnu/packages/gstreamer.scm
index 1c7ba98a86..6a4e14167d 100644
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@@ -384,7 +384,7 @@ http://www.tux.org/~ricdude/overview.html")
"if (error) return 77;"))
#t)))))
(native-inputs
- `(("gtk-doc" ,gtk-doc)))
+ `(("gtk-doc" ,gtk-doc/stable)))
(home-page "https://gstreamer.freedesktop.org/modules/orc.html")
(synopsis "Oil runtime compiler")
(description
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 0cd1391fa2..fdc946ca20 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -723,7 +723,7 @@ in the GNOME project.")
(native-inputs
`(("gettext" ,gettext-minimal)
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("glib" ,glib "bin")
("pkg-config" ,pkg-config)))
(synopsis "Assistive Technology Service Provider Interface, core
components")
@@ -2241,7 +2241,7 @@ popovers.")
`(("gettext" ,gettext-minimal)
("glib-bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)
("python" ,python)))
(inputs
diff --git a/gnu/packages/language.scm b/gnu/packages/language.scm
index d4b9b8d4cb..5325445a24 100644
--- a/gnu/packages/language.scm
+++ b/gnu/packages/language.scm
@@ -170,7 +170,7 @@
("gobject-introspection" ,gobject-introspection)
("gtk+-2:bin" ,gtk+-2 "bin")
("gtk+:bin" ,gtk+ "bin")
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("intltool" ,intltool)
("libtool" ,libtool)
("perl" ,perl)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index ea3e3f67e7..ecc6f57f4e 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -302,7 +302,7 @@ Android, and ChromeOS.")
(native-inputs
`(("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(inputs
`(("gstreamer" ,gstreamer)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index a17708c7dd..4853884d05 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -381,7 +381,7 @@ video decode, encode and filtering on Intel's Gen graphics
hardware platforms.")
#t))))))
(native-inputs
`(("dash" ,dash)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(inputs
`(("glew" ,glew)
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index fabac5b984..96347adf7c 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -984,7 +984,7 @@ Debian or a derivative using @command{debootstrap}.")
(native-inputs
`(("glib" ,glib "bin") ; glib-mkenums, etc.
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("vala" ,vala)
("intltool" ,intltool)
("pkg-config" ,pkg-config)
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 89eee74def..d8378354bd 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -174,7 +174,7 @@ engine that uses Wayland for graphics output.")
("docbook-xsl" ,docbook-xsl)
("glib:bin" ,glib "bin")
("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("perl" ,perl)
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
@@ -301,7 +301,7 @@ acceleration in mind, leveraging common 3D graphics APIs
for best performance.")
("perl" ,perl)
("pkg-config" ,pkg-config)
("python" ,python-wrapper)
- ("gtk-doc" ,gtk-doc) ; For documentation generation
+ ("gtk-doc" ,gtk-doc/stable) ; For documentation generation
("docbook-xml" ,docbook-xml) ; For documentation generation
("ruby" ,ruby)))
(propagated-inputs
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index d05d326f5b..defc0323e6 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -99,7 +99,7 @@
`(#:glib-or-gtk? #t))
(native-inputs
`(("gobject-introspection" ,gobject-introspection)
- ("gtk-doc" ,gtk-doc)
+ ("gtk-doc" ,gtk-doc/stable)
("pkg-config" ,pkg-config)))
(inputs
`(("appstream-glib" ,appstream-glib)
--
2.31.0
>From 5f144be02171e93613184793e254a25c674e232e Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 27 Mar 2021 07:48:37 -0400
Subject: [PATCH 6/8] gnu: imagemagick: Update to 6.9.12-4.
* gnu/packages/imagemagick.scm (imagemagick): Update to 6.9.12-4.
---
gnu/packages/imagemagick.scm | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 6d4649fbac..4200ed1daf 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016, 2021 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com>
@@ -128,7 +128,19 @@ text, lines, polygons, ellipses and Bézier curves.")
(license (license:fsf-free
"http://www.imagemagick.org/script/license.php"))))
(define-public imagemagick
- imagemagick/stable)
+ (package
+ (inherit imagemagick/stable)
+ ;; The 7 release series has an incompatible API, while the 6 series is
still
+ ;; maintained. Don't update to 7 until we've made sure that the ImageMagick
+ ;; users are ready for the 7-series API.
+ (version "6.9.12-4")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://imagemagick/ImageMagick-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b"))))))
(define-public perl-image-magick
(package
--
2.31.0
>From 986fa9c54db10e597f3b7d5db859e28b1c0f9317 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 27 Mar 2021 08:08:10 -0400
Subject: [PATCH 7/8] gnu: imagemagick: Fix CVE-2020-27829.
* gnu/packages/patches/imagemagick-CVE-2020-27829.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/imagemagick.scm (source): Add patch.
---
gnu/local.mk | 1 +
gnu/packages/imagemagick.scm | 4 ++-
.../patches/imagemagick-CVE-2020-27829.patch | 27 +++++++++++++++++++
3 files changed, 31 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/imagemagick-CVE-2020-27829.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 0aec66414e..18799bac7f 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1221,6 +1221,7 @@ dist_patch_DATA =
\
%D%/packages/patches/id3lib-UTF16-writing-bug.patch \
%D%/packages/patches/idris-disable-test.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
+ %D%/packages/patches/imagemagick-CVE-2020-27829.patch \
%D%/packages/patches/inetutils-hurd.patch \
%D%/packages/patches/inkscape-poppler-0.76.patch \
%D%/packages/patches/intel-xed-fix-nondeterminism.patch \
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 4200ed1daf..44598fbb73 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -140,7 +140,9 @@ text, lines, polygons, ellipses and Bézier curves.")
version ".tar.xz"))
(sha256
(base32
- "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b"))))))
+ "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b"))
+ (patches
+ (search-patches "imagemagick-CVE-2020-27829.patch"))))))
(define-public perl-image-magick
(package
diff --git a/gnu/packages/patches/imagemagick-CVE-2020-27829.patch
b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch
new file mode 100644
index 0000000000..b15c1d0879
--- /dev/null
+++ b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch
@@ -0,0 +1,27 @@
+We omit the ChangeLog changes below, since they do not apply cleanly.
+
+
+From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Mon, 30 Nov 2020 16:26:59 +0000
+Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by
+ Hardik Shah)
+
+---
+ ChangeLog | 6 ++++++
+ coders/tiff.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index e98f927ab..1eecf17ae 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
+ extent+=image->columns*sizeof(uint32);
+ #endif
+ strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
+- sizeof(*strip_pixels));
++ 2*sizeof(*strip_pixels));
+ if (strip_pixels == (unsigned char *) NULL)
+ ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
+ (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels));
--
2.31.0
>From 66713ce145d4594f317d05ab1c89fcb051e9eb72 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 27 Mar 2021 07:01:10 -0400
Subject: [PATCH 8/8] gnu: imagemagick: Add more upstream fixes.
* gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch,
gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch,
gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/imagemagick.scm (source): Add patches.
---
gnu/local.mk | 3 ++
gnu/packages/imagemagick.scm | 5 ++-
.../imagemagick-ReadDCMImage-fix.patch | 26 ++++++++++++++
.../imagemagick-ReadDCMPixels-fix.patch | 35 +++++++++++++++++++
.../imagemagick-WriteTHUMBNAILImage-fix.patch | 25 +++++++++++++
5 files changed, 93 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch
create mode 100644 gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch
create mode 100644
gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 18799bac7f..bea6b8a569 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1222,6 +1222,9 @@ dist_patch_DATA =
\
%D%/packages/patches/idris-disable-test.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
%D%/packages/patches/imagemagick-CVE-2020-27829.patch \
+ %D%/packages/patches/imagemagick-ReadDCMImage-fix.patch \
+ %D%/packages/patches/imagemagick-ReadDCMPixels-fix.patch \
+ %D%/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch \
%D%/packages/patches/inetutils-hurd.patch \
%D%/packages/patches/inkscape-poppler-0.76.patch \
%D%/packages/patches/intel-xed-fix-nondeterminism.patch \
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 44598fbb73..f4cc488c43 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -142,7 +142,10 @@ text, lines, polygons, ellipses and Bézier curves.")
(base32
"1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b"))
(patches
- (search-patches "imagemagick-CVE-2020-27829.patch"))))))
+ (search-patches "imagemagick-ReadDCMImage-fix.patch"
+ "imagemagick-ReadDCMPixels-fix.patch"
+ "imagemagick-WriteTHUMBNAILImage-fix.patch"
+ "imagemagick-CVE-2020-27829.patch"))))))
(define-public perl-image-magick
(package
diff --git a/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch
b/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch
new file mode 100644
index 0000000000..42ece43682
--- /dev/null
+++ b/gnu/packages/patches/imagemagick-ReadDCMImage-fix.patch
@@ -0,0 +1,26 @@
+From 512668dfd92b20d0d08b91d62b422d8262573281 Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <dirk@lemstra.org>
+Date: Wed, 24 Mar 2021 20:37:15 +0100
+Subject: [PATCH] Throw exception when no exception was raised but status was
+ false (#3432).
+
+---
+ coders/dcm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/coders/dcm.c b/coders/dcm.c
+index 7a68ed6e8..ed17c9567 100644
+--- a/coders/dcm.c
++++ b/coders/dcm.c
+@@ -3989,6 +3989,8 @@ static Image *ReadDCMImage(const ImageInfo
*image_info,ExceptionInfo *exception)
+ if (redmap != (int *) NULL)
+ redmap=(int *) RelinquishMagickMemory(redmap);
+ image=DestroyImageList(image);
++ if ((status == MagickFalse) && (exception->severity < ErrorException))
++ ThrowReaderException(CorruptImageError,"CorruptImage");
+ return(GetFirstImageInList(images));
+ }
+ if (info.depth != (1UL*MAGICKCORE_QUANTUM_DEPTH))
+--
+2.31.0
+
diff --git a/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch
b/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch
new file mode 100644
index 0000000000..a91999186b
--- /dev/null
+++ b/gnu/packages/patches/imagemagick-ReadDCMPixels-fix.patch
@@ -0,0 +1,35 @@
+From c8f25953ad1dd38a8b2d92738f0f742ad7e0bce7 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Sun, 21 Mar 2021 21:21:15 -0400
+Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32322
+
+---
+ coders/dcm.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/coders/dcm.c b/coders/dcm.c
+index 29eed9618..7a68ed6e8 100644
+--- a/coders/dcm.c
++++ b/coders/dcm.c
+@@ -2984,12 +2984,12 @@ static MagickBooleanType ReadDCMPixels(Image
*image,DCMInfo *info,
+ }
+ else
+ {
+- SetPixelRed(q,(Quantum) (((ssize_t) pixel.red) |
+- (((ssize_t) GetPixelRed(q)) << 8)));
+- SetPixelGreen(q,(Quantum) (((ssize_t) pixel.green) |
+- (((ssize_t) GetPixelGreen(q)) << 8)));
+- SetPixelBlue(q,(Quantum) (((ssize_t) pixel.blue) |
+- (((ssize_t) GetPixelBlue(q)) << 8)));
++ SetPixelRed(q,(Quantum) (((size_t) pixel.red) |
++ (((size_t) GetPixelRed(q)) << 8)));
++ SetPixelGreen(q,(Quantum) (((size_t) pixel.green) |
++ (((size_t) GetPixelGreen(q)) << 8)));
++ SetPixelBlue(q,(Quantum) (((size_t) pixel.blue) |
++ (((size_t) GetPixelBlue(q)) << 8)));
+ }
+ q++;
+ }
+--
+2.31.0
+
diff --git a/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch
b/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch
new file mode 100644
index 0000000000..f38a45b800
--- /dev/null
+++ b/gnu/packages/patches/imagemagick-WriteTHUMBNAILImage-fix.patch
@@ -0,0 +1,25 @@
+From 6a5d3575487487f2703383338bd17c8c25068f19 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 25 Mar 2021 08:58:18 -0400
+Subject: [PATCH] eliminate compiler warning
+
+---
+ coders/thumbnail.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/thumbnail.c b/coders/thumbnail.c
+index 3833341b0..1e2bfe8c2 100644
+--- a/coders/thumbnail.c
++++ b/coders/thumbnail.c
+@@ -199,7 +199,7 @@ static MagickBooleanType WriteTHUMBNAILImage(const
ImageInfo *image_info,
+ q++;
+ }
+ if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) ||
+- (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q)))
++ ((ssize_t) length >
(GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q)))
+ ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
+ thumbnail_image=BlobToImage(image_info,q,length,&image->exception);
+ if (thumbnail_image == (Image *) NULL)
+--
+2.31.0
+
--
2.31.0
- [PATCHES] ImageMagick security updates without grafting,
Mark H Weaver <=
- Re: [PATCHES] ImageMagick security updates without grafting, Maxime Devos, 2021/03/27
- Re: [PATCHES] ImageMagick security updates without grafting, Mark H Weaver, 2021/03/27
- Re: [PATCHES] ImageMagick security updates without grafting, Maxime Devos, 2021/03/28
- Re: [PATCHES] ImageMagick security updates without grafting, Mark H Weaver, 2021/03/28
- Re: [PATCHES] ImageMagick security updates without grafting, Maxime Devos, 2021/03/28
- Re: [PATCHES] ImageMagick security updates without grafting, Mark H Weaver, 2021/03/29
- Re: [PATCHES] ImageMagick security updates without grafting, Mark H Weaver, 2021/03/30
- Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting), Mark H Weaver, 2021/03/28
- Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting), Maxime Devos, 2021/03/29
- Re: Needed: tooling to detect references to buggy */stable packages (was: Re: [PATCHES] ImageMagick security updates without grafting), Ricardo Wurmus, 2021/03/29