libwebp: 1.3.0 -> 1.3.1 #240893
libwebp: 1.3.0 -> 1.3.1 #240893
Conversation
ofborg
bot
added
11.by: package-maintainer
|
Successfully created backport PR for |
|
Same with |
|
oops. both fail to link, because they can't find (different) symbols. I'll see if I can find anything. |
|
my pkg-config isn't very good, but there's some differences between 1.3.0 and 1.3.1 in the seems link application bugs, see e.g. artemsen/swayimg@bd3d6c8 edit: and here https://github.com/hpjansson/chafa/blob/a98c086b7b577a4870ca964b566b4ba563ef55ae/configure.ac#L153 needs patching. should probably report upstream |
|
Changing which libs get linked (by |
|
My main motivation for the backport was the (potential) security fix. Plus, I assumed they won't have any breaking changes, since this is a patch release. But this change does indeed sound kind of risky. |
Fixes build of chafa and swayimg. On nixpkgs master we should probably fix those instead. See the discussion on PR #240893
|
I agree it's surprising, given that the release notes explicitly call it "binary compatible release". Upstream ticket for that CVE still isn't public: https://bugs.chromium.org/p/webp/issues/detail?id=603 So on 23.05 (c05ddc6) I reverted just the .pc change. For nixpkgs master we should probably fix the individual packages instead. |
/cc PR #240893 which caused this.
/cc PR #240893 which caused this.
|
alright. thanks for taking care of this! |
Description of changes
https://github.com/webmproject/libwebp/releases/tag/v1.3.1
shouldn't be security relevant, because we already fixed the CVE with the patch that's dropped now
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)