~ruther/guix-local

63cf5a2a4eb64c31f5811b77e182965fd3320af0 — Hilton Chain 2 years ago 72ce869
gnu: libwebp: Replace with 1.3.1. [fixes CVE-2023-1999]

* gnu/packages/image.scm (libwebp/fixed): New variable.
(libwebp)[replacement]: Assign it to new field.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
1 files changed, 17 insertions(+), 0 deletions(-)

M gnu/packages/image.scm
M gnu/packages/image.scm => gnu/packages/image.scm +17 -0
@@ 1432,6 1432,7 @@ language bindings to VIGRA.")
  (package
    (name "libwebp")
    (version "1.2.4")
    (replacement libwebp/fixed)
    (source
     (origin
       ;; No tarballs are provided for >0.6.1.


@@ 1470,6 1471,22 @@ to PNG when lossy compression is acceptable for the red/green/blue color
channels.")
    (license license:bsd-3)))

(define libwebp/fixed
  (package
    (inherit libwebp)
    (name "libwebp")
    (version "1.3.1")
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://chromium.googlesource.com/webm/libwebp")
             (commit (string-append "v" version))))
       (file-name (git-file-name name version))
       (sha256
        (base32
         "1aas6gwy7kfcq34cil781kcsl286khh9grwcx7k4d2n1g7zcpl3m"))))))

(define-public libmng
  (package
    (name "libmng")