~ruther/guix-local

77ab6983a19ef307558ab2607920158d6bb94ba8 — Marius Bakke 9 years ago 7fdca77 
gnu: devil: Update to 1.8.0.

* gnu/packages/patches/devil-CVE-2009-3994.patch,
gnu/packages/patches/devil-fix-libpng.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/image.scm (devil): Update to 1.8.0.
[source]: Remove patches and snippet.
[build-system]: Change to CMAKE-BUILD-SYSTEM.
[arguments]: Disable tests. Remove #:configure-flags and add a
'change-directory' phase. Remove 'fix-tests' phase.
[inputs]: Change LIBJPEG to LIBJPEG-TURBO.
patch browse .tar.gz 
4 files changed, 9 insertions(+), 87 deletions(-)

M gnu/local.mk
M gnu/packages/image.scm
D gnu/packages/patches/devil-CVE-2009-3994.patch
D gnu/packages/patches/devil-fix-libpng.patch

M gnu/local.mk => gnu/local.mk +0 -2
@@ 526,8 526,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/cursynth-wave-rand.patch			\
  %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch		\
  %D%/packages/patches/dbus-helper-search-path.patch		\
  %D%/packages/patches/devil-CVE-2009-3994.patch		\
  %D%/packages/patches/devil-fix-libpng.patch			\
  %D%/packages/patches/dfu-programmer-fix-libusb.patch		\
  %D%/packages/patches/diffutils-gets-undeclared.patch		\
  %D%/packages/patches/doc++-include-directives.patch		\


M gnu/packages/image.scm => gnu/packages/image.scm +9 -25
@@ 860,44 860,28 @@ and XMP metadata of images in various formats.")
(define-public devil
  (package
    (name "devil")
    (version "1.7.8")
    (version "1.8.0")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://downloads.sourceforge.net/openil/"
                                  "DevIL-" version ".tar.gz"))
              (sha256
               (base32
                "1zd850nn7nvkkhasrv7kn17kzgslr5ry933v6db62s4lr0zzlbv8"))
              ;; Backported from upstream:
              ;; https://github.com/DentonW/DevIL/commit/724194d7a9a91221a564579f64bdd6f0abd64219.patch
              (patches (search-patches "devil-fix-libpng.patch"
                                       "devil-CVE-2009-3994.patch"))
              (modules '((guix build utils)))
              (snippet
               ;; Fix old lcms include directives and lib flags.
               '(substitute* '("configure" "src-IL/src/il_profiles.c")
                  (("-llcms") "-llcms2")
                  (("lcms/lcms\\.h") "lcms2/lcms2.h")
                  (("lcms\\.h") "lcms2.h")))))
    (build-system gnu-build-system)
                "02dpzvi493r09c9hfjnk54nladl3qw55iqkkg18g12fxwwz9fx80"))))
    (build-system cmake-build-system)
    (arguments
     '(#:configure-flags '("--enable-ILUT=yes") ; build utility library
     '(;; XXX: Not supported in the released CMakeLists.txt.
       ;; Enable this for > 1.8.0.
       #:tests? #f
       #:phases
       (modify-phases %standard-phases
         (add-before 'check 'fix-tests
           (lambda* (#:key inputs #:allow-other-keys)
             ;; Fix hard-coded /bin/bash reference.
             (substitute* '("test/Makefile")
               (("TESTS_ENVIRONMENT = /bin/bash")
                (string-append "TESTS_ENVIRONMENT = "
                               (assoc-ref inputs "bash")
                               "/bin/bash")))
             #t)))))
         (add-before 'configure 'change-directory
           (lambda _ (chdir "DevIL") #t)))))
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (inputs
     `(("lcms" ,lcms)
       ("libjpeg" ,libjpeg)
       ("libjpeg" ,libjpeg-turbo)
       ("libmng" ,libmng)
       ("libpng" ,libpng)
       ("libtiff" ,libtiff)


D gnu/packages/patches/devil-CVE-2009-3994.patch => gnu/packages/patches/devil-CVE-2009-3994.patch +0 -24
@@ 1,24 0,0 @@
Fix CVE-2009-3994 (buffer overflow in GetUID() allows remote DOS or
arbitrary code execution via crafted DICOM file).

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3994

Copied from Fedora
https://pkgs.fedoraproject.org/cgit/rpms/DevIL.git/tree/DevIL-1.7.8-CVE-2009-3994.patch?id=9c656a75393d6c455aef9f4968fbbee9c53f4fdb

diff -up devil-1.7.8/src-IL/src/il_dicom.c~ devil-1.7.8/src-IL/src/il_dicom.c
--- devil-1.7.8/src-IL/src/il_dicom.c~	2009-03-08 08:10:09.000000000 +0100
+++ devil-1.7.8/src-IL/src/il_dicom.c	2009-12-03 12:07:45.000000000 +0100
@@ -427,9 +427,11 @@ ILboolean GetUID(ILubyte *UID)
 		return IL_FALSE;
 
 	ValLen = GetLittleUShort();
+	if (ValLen > 64)
+		return IL_FALSE;
 	if (iread(UID, ValLen, 1) != 1)
 		return IL_FALSE;
-	UID[64] = 0;  // Just to make sure that our string is terminated.
+	UID[ValLen] = 0;  // Just to make sure that our string is terminated.
 
 	return IL_TRUE;
 }


D gnu/packages/patches/devil-fix-libpng.patch => gnu/packages/patches/devil-fix-libpng.patch +0 -36
@@ 1,36 0,0 @@
From 724194d7a9a91221a564579f64bdd6f0abd64219 Mon Sep 17 00:00:00 2001
From: Noah Mayr <max96at@gmail.com>
Date: Sun, 1 Mar 2015 10:10:56 +0100
Subject: [PATCH] Fixed deprecated libpng API usage.

---
 src-IL/src/il_icon.c | 2 +-
 src-IL/src/il_png.c  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src-IL/src/il_icon.c b/src-IL/src/il_icon.c
index 2ccb1a3..fd9475d 100644
--- a/src-IL/src/il_icon.c
+++ b/src-IL/src/il_icon.c
@@ -525,7 +525,7 @@ ILboolean ico_readpng_get_image(ICOIMAGE *Icon, ILdouble display_exponent)

 	// Expand low-bit-depth grayscale images to 8 bits
 	if (ico_color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8) {
-		png_set_gray_1_2_4_to_8(ico_png_ptr);
+		png_set_expand_gray_1_2_4_to_8(ico_png_ptr);
 	}

 	// Expand RGB images with transparency to full alpha channels
diff --git a/src-IL/src/il_png.c b/src-IL/src/il_png.c
index da9517d..2866508 100644
--- a/src-IL/src/il_png.c
+++ b/src-IL/src/il_png.c
@@ -277,7 +277,7 @@ ILboolean readpng_get_image(ILdouble display_exponent)

 	// Expand low-bit-depth grayscale images to 8 bits
 	if (png_color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8) {
-		png_set_gray_1_2_4_to_8(png_ptr);
+		png_set_expand_gray_1_2_4_to_8(png_ptr);
 	}

 	// Expand RGB images with transparency to full alpha channels