From ad57da29ecef51179eab9b5d9a4b1a995711b1c5 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Tue, 8 Oct 2019 18:50:21 +0200
Subject: gnu: libwebp: Remove obsolete phase.
* gnu/packages/image.scm (libwebp)[arguments]: Remove <#:phases>.
---
gnu/packages/image.scm | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
(limited to 'gnu/packages/image.scm')
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 0026e99f59..51b76162ef 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1131,11 +1131,7 @@ (define-public libwebp
(arguments
'(#:configure-flags '("--enable-libwebpmux"
"--enable-libwebpdemux"
- "--enable-libwebpdecoder")
- #:phases (modify-phases %standard-phases
- (add-after 'unpack 'bootstrap
- (lambda _
- (invoke "autoreconf" "-vif"))))))
+ "--enable-libwebpdecoder")))
(home-page "https://developers.google.com/speed/webp/")
(synopsis "Lossless and lossy image compression")
(description
--
cgit v1.2.3
From 115ace6ba515bcd3057ecb61c77785bd57c20ffe Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Sun, 24 Nov 2019 16:13:56 +0200
Subject: gnu: imlib2: Update to 1.6.0.
* gnu/packages/image.scm (imlib2): Update to 1.6.0.
[inputs]: Add libwebp, libid3tag.
---
gnu/packages/image.scm | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
(limited to 'gnu/packages/image.scm')
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 1ef702795d..b96f2cd934 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -8,7 +8,7 @@
;;; Copyright © 2015 Amirouche Boubekki <amirouche@hypermove.net>
;;; Copyright © 2014, 2017 John Darrington <jmd@gnu.org>
;;; Copyright © 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016, 2017, 2018 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017, 2018, 2019 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016, 2017 Arun Isaac <arunisaac@systemreboot.net>
@@ -63,6 +63,7 @@ (define-module (gnu packages image)
#:use-module (gnu packages man)
#:use-module (gnu packages maths)
#:use-module (gnu packages mcrypt)
+ #:use-module (gnu packages mp3)
#:use-module (gnu packages perl)
#:use-module (gnu packages photo)
#:use-module (gnu packages pkg-config)
@@ -853,7 +854,7 @@ (define-public libungif
(define-public imlib2
(package
(name "imlib2")
- (version "1.5.1")
+ (version "1.6.0")
(source (origin
(method url-fetch)
(uri (string-append
@@ -861,7 +862,7 @@ (define-public imlib2
"/imlib2-" version ".tar.bz2"))
(sha256
(base32
- "1bms2iwmvnvpz5jqq3r52glarqkafif47zbh1ykz8hw85d2mfkps"))))
+ "07b9v3ycwhici35fnczvpyjpgkc7gbcdhajpl9dwhpzdzbfl1i6g"))))
(build-system gnu-build-system)
(native-inputs
`(("pkgconfig" ,pkg-config)))
@@ -873,6 +874,8 @@ (define-public imlib2
("libpng" ,libpng)
("libtiff" ,libtiff)
("giflib" ,giflib)
+ ("libwebp" ,libwebp)
+ ("libid3tag" ,libid3tag)
("bzip2" ,bzip2)))
(home-page "https://sourceforge.net/projects/enlightenment/")
(synopsis
--
cgit v1.2.3
From e56d02a0e0108d68741f52d81e16bebcb2836332 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Sun, 24 Nov 2019 16:17:39 +0200
Subject: gnu: imlib2: Sort inputs alphabetically.
* gnu/packages/image.scm (imlib2)[inputs]: Sort alphabetically.
---
gnu/packages/image.scm | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
(limited to 'gnu/packages/image.scm')
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index b96f2cd934..ade3ea63dd 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -867,16 +867,16 @@ (define-public imlib2
(native-inputs
`(("pkgconfig" ,pkg-config)))
(inputs
- `(("libx11" ,libx11)
- ("libxext" ,libxext)
+ `(("bzip2" ,bzip2)
("freetype" ,freetype)
+ ("giflib" ,giflib)
+ ("libid3tag" ,libid3tag)
("libjpeg" ,libjpeg)
("libpng" ,libpng)
("libtiff" ,libtiff)
- ("giflib" ,giflib)
- ("libwebp" ,libwebp)
- ("libid3tag" ,libid3tag)
- ("bzip2" ,bzip2)))
+ ("libx11" ,libx11)
+ ("libxext" ,libxext)
+ ("libwebp" ,libwebp)))
(home-page "https://sourceforge.net/projects/enlightenment/")
(synopsis
"Loading, saving, rendering and manipulating image files")
--
cgit v1.2.3
From 77e7158c1bae3f2f13ff9048d1b29ad90b2c39a5 Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <rekado@elephly.net>
Date: Thu, 28 Nov 2019 18:03:44 +0100
Subject: gnu: r-jpeg: Move to (gnu packages cran).
* gnu/packages/image.scm (r-jpeg): Move from here...
* gnu/packages/cran.scm (r-jpeg): ...to here.
---
gnu/packages/cran.scm | 20 ++++++++++++++++++++
gnu/packages/image.scm | 21 ---------------------
2 files changed, 20 insertions(+), 21 deletions(-)
(limited to 'gnu/packages/image.scm')
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index e8728a9513..7761135b28 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -1305,6 +1305,26 @@ (define-public r-geosphere
(longitude/latitude) locations.")
(license license:gpl3+)))
+(define-public r-jpeg
+ (package
+ (name "r-jpeg")
+ (version "0.1-8.1")
+ (source
+ (origin
+ (method url-fetch)
+ (uri (cran-uri "jpeg" version))
+ (sha256
+ (base32
+ "1a8mi70x79a691r40yiw684jkg1mr9n8agkxlcksxcnrdybs9c0x"))))
+ (build-system r-build-system)
+ (inputs `(("libjpeg" ,libjpeg)))
+ (home-page "http://www.rforge.net/jpeg/")
+ (synopsis "Read and write JPEG images with R")
+ (description "This package provides a way to read, write and display
+bitmap images stored in the JPEG format with R. It can read and write both
+files and in-memory raw vectors.")
+ (license license:gpl2+)))
+
(define-public r-ggmap
(package
(name "r-ggmap")
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index ade3ea63dd..078f12ac58 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -81,7 +81,6 @@ (define-module (gnu packages image)
#:use-module (guix build-system cmake)
#:use-module (guix build-system meson)
#:use-module (guix build-system python)
- #:use-module (guix build-system r)
#:use-module (guix build-system scons)
#:use-module (srfi srfi-1))
@@ -1671,26 +1670,6 @@ (define-public flameshot
@end itemize\n")
(license license:gpl3+)))
-(define-public r-jpeg
- (package
- (name "r-jpeg")
- (version "0.1-8.1")
- (source
- (origin
- (method url-fetch)
- (uri (cran-uri "jpeg" version))
- (sha256
- (base32
- "1a8mi70x79a691r40yiw684jkg1mr9n8agkxlcksxcnrdybs9c0x"))))
- (build-system r-build-system)
- (inputs `(("libjpeg" ,libjpeg)))
- (home-page "http://www.rforge.net/jpeg/")
- (synopsis "Read and write JPEG images with R")
- (description "This package provides a way to read, write and display bitmap
-images stored in the JPEG format with R. It can read and write both files and
-in-memory raw vectors.")
- (license license:gpl2+)))
-
(define-public gifsicle
(package
(name "gifsicle")
--
cgit v1.2.3
From dc7e57833e6817adb9c799b2fda8b10921f1b050 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Tue, 3 Dec 2019 11:02:34 +0200
Subject: gnu: jp2a: Downgrade to 1.0.6.
* gnu/packages/image.scm (jp2a): Downgrade to 1.0.6.
[source]: Download from Debian's sources.
[inputs]: Add ncurses.
[native-inputs]: Remove autoconf, automake, pkg-config.
---
gnu/packages/image.scm | 27 ++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
(limited to 'gnu/packages/image.scm')
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 078f12ac58..bdf0253476 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -64,6 +64,7 @@ (define-module (gnu packages image)
#:use-module (gnu packages maths)
#:use-module (gnu packages mcrypt)
#:use-module (gnu packages mp3)
+ #:use-module (gnu packages ncurses)
#:use-module (gnu packages perl)
#:use-module (gnu packages photo)
#:use-module (gnu packages pkg-config)
@@ -1716,28 +1717,24 @@ (define-public gifsicle
identical visual appearance.")
(license license:gpl2+)))
+;; 1.0.7 is buggy and reverted in git repository.
(define-public jp2a
(package
(name "jp2a")
- (version "1.0.7")
+ (version "1.0.6")
(source
(origin
- (method git-fetch)
- (uri (git-reference
- (url "https://github.com/cslarsen/jp2a.git")
- (commit (string-append "v" version))))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "12a1z9ba2j16y67f41y8ax5sgv1wdjd71pg7circdxkj263n78ql"))))
+ (method url-fetch)
+ (uri (string-append "mirror://debian/pool/main/j/jp2a/jp2a_"
+ version ".orig.tar.gz"))
+ (sha256
+ (base32
+ "076frk3pa16s4r1b10zgy81vdlz0385zh3ykbnkaij25jn5aqc09"))))
(build-system gnu-build-system)
(inputs
- `(("libjpeg" ,libjpeg)
- ("curl" ,curl)))
- (native-inputs
- `(("autoconf" ,autoconf)
- ("automake" ,automake)
- ("pkg-config" ,pkg-config)))
+ `(("curl" ,curl)
+ ("libjpeg" ,libjpeg)
+ ("ncurses" ,ncurses)))
(home-page "https://csl.name/jp2a/")
(synopsis "Convert JPEG images to ASCII")
(description
--
cgit v1.2.3
From 0fa9f29a5100f19a8494521659a1fa3baaa7fd0e Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 4 Dec 2019 22:18:43 +0100
Subject: gnu: libjpeg-turbo: Fix CVE-2019-13960 and CVE-2019-2201.
* gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/image.scm (libjpeg-turbo/fixed): New variable.
(libjpeg-turbo)[replacement]: New field.
---
gnu/local.mk | 1 +
gnu/packages/image.scm | 17 +++++++++++-
.../patches/libjpeg-turbo-CVE-2019-2201.patch | 31 ++++++++++++++++++++++
3 files changed, 48 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch
(limited to 'gnu/packages/image.scm')
diff --git a/gnu/local.mk b/gnu/local.mk
index 0494f1d05d..6c484e2046 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1062,6 +1062,7 @@ dist_patch_DATA = \
%D%/packages/patches/libgnomeui-utf8.patch \
%D%/packages/patches/libgpg-error-gawk-compat.patch \
%D%/packages/patches/libffi-3.2.1-complex-alpha.patch \
+ %D%/packages/patches/libjpeg-turbo-CVE-2019-2201.patch \
%D%/packages/patches/libjxr-fix-function-signature.patch \
%D%/packages/patches/libjxr-fix-typos.patch \
%D%/packages/patches/libotr-test-auth-fix.patch \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 731a1e8aed..71bd381cef 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -19,7 +19,7 @@
;;; Copyright © 2018 Joshua Sierles, Nextjournal <joshua@nextjournal.com>
;;; Copyright © 2018 Fis Trivial <ybbs.daans@hotmail.com>
;;; Copyright © 2018 Pierre Neidhardt <mail@ambrevar.xyz>
-;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2018, 2019 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2018 Pierre-Antoine Rouby <contact@parouby.fr>
;;; Copyright © 2018 Alex Vong <alexvong1995@gmail.com>
;;; Copyright © 2018 Rutger Helling <rhelling@mykolab.com>
@@ -1489,6 +1489,7 @@ (define-public libjpeg-turbo
(package
(name "libjpeg-turbo")
(version "2.0.2")
+ (replacement libjpeg-turbo/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/libjpeg-turbo/"
@@ -1518,6 +1519,20 @@ (define-public libjpeg-turbo
license:ijg ;the libjpeg library and associated tools
license:zlib)))) ;the libjpeg-turbo SIMD extensions
+;; Replacement package to fix CVE-2019-13960 and CVE-2019-2201.
+(define libjpeg-turbo/fixed
+ (package
+ (inherit libjpeg-turbo)
+ (version "2.0.3")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "mirror://sourceforge/libjpeg-turbo/"
+ version "/libjpeg-turbo-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1ds16bnj17v6hzd43w8pzijz3imd9am4hw75ir0fxm240m8dwij2"))
+ (patches (search-patches "libjpeg-turbo-CVE-2019-2201.patch"))))))
+
(define-public niftilib
(package
(name "niftilib")
diff --git a/gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch b/gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch
new file mode 100644
index 0000000000..35f2bf5963
--- /dev/null
+++ b/gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch
@@ -0,0 +1,31 @@
+Fix integer overflow which can potentially lead to RCE.
+
+https://www.openwall.com/lists/oss-security/2019/11/11/1
+https://nvd.nist.gov/vuln/detail/CVE-2019-2201
+
+The problem was partially fixed in 2.0.3. This patch is a follow-up.
+https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad
+
+diff --git a/tjbench.c b/tjbench.c
+index a7d397318..13a5bde62 100644
+--- a/tjbench.c
++++ b/tjbench.c
+@@ -171,7 +171,7 @@ static int decomp(unsigned char *srcBuf, unsigned char **jpegBuf,
+ }
+ /* Set the destination buffer to gray so we know whether the decompressor
+ attempted to write to it */
+- memset(dstBuf, 127, pitch * scaledh);
++ memset(dstBuf, 127, (size_t)pitch * scaledh);
+
+ if (doYUV) {
+ int width = doTile ? tilew : scaledw;
+@@ -193,7 +193,7 @@ static int decomp(unsigned char *srcBuf, unsigned char **jpegBuf,
+ double start = getTime();
+
+ for (row = 0, dstPtr = dstBuf; row < ntilesh;
+- row++, dstPtr += pitch * tileh) {
++ row++, dstPtr += (size_t)pitch * tileh) {
+ for (col = 0, dstPtr2 = dstPtr; col < ntilesw;
+ col++, tile++, dstPtr2 += ps * tilew) {
+ int width = doTile ? min(tilew, w - col * tilew) : scaledw;
--
cgit v1.2.3
From 29e621a0134841705c007917e9a107013c8b0adb Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 4 Dec 2019 23:12:17 +0100
Subject: gnu: Remove unused module import.
* gnu/packages/image.scm: Do not import (gnu packages gcc).
---
gnu/packages/image.scm | 2 --
1 file changed, 2 deletions(-)
(limited to 'gnu/packages/image.scm')
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 71bd381cef..79b79cf082 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -51,8 +51,6 @@ (define-module (gnu packages image)
#:use-module (gnu packages documentation)
#:use-module (gnu packages fontutils)
#:use-module (gnu packages freedesktop)
- ;; To provide gcc@5 and gcc@6, to work around <http://bugs.gnu.org/24703>.
- #:use-module (gnu packages gcc)
#:use-module (gnu packages gettext)
#:use-module (gnu packages ghostscript)
#:use-module (gnu packages gl)
--
cgit v1.2.3
From ba362ec867af7781fc8a48e45c93208c88d5058b Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Wed, 4 Dec 2019 01:44:45 +0100
Subject: gnu: libimagequant: Update to 2.12.5.
* gnu/packages/image.scm (libimagequant): Update to 2.12.5.
---
gnu/packages/image.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
(limited to 'gnu/packages/image.scm')
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 79b79cf082..0536779b64 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -297,7 +297,7 @@ (define-public pnglite
(define-public libimagequant
(package
(name "libimagequant")
- (version "2.12.3")
+ (version "2.12.5")
(source
(origin
(method git-fetch)
@@ -306,17 +306,17 @@ (define-public libimagequant
(commit version)))
(file-name (git-file-name name version))
(sha256
- (base32 "0qsfq1kv1m5jzn9v9iz0bac66k4clcis1c9877qabnwzwmwma5v0"))))
+ (base32 "0cp68w04ja5pv77ssfafsn958w9hh9zb8crrlb5j3gsrcmdc032k"))))
(build-system gnu-build-system)
(arguments
- '(#:tests? #f)) ; no check target
+ '(#:tests? #f)) ; no check target
(home-page "https://pngquant.org/lib/")
(synopsis "Image palette quantization library")
(description "libimagequant is a small, portable C library for
high-quality conversion of RGBA images to 8-bit indexed-color (palette)
images. This library can significantly reduces file sizes and powers pngquant
and other PNG optimizers.")
- (license license:gpl3+)))
+ (license license:gpl3+)))
(define-public pngquant
(package
--
cgit v1.2.3