[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Update gd and php

From: Leo Famulari
Subject: Re: [PATCH] Update gd and php
Date: Fri, 20 Jan 2017 00:53:19 -0500
User-agent: Mutt/1.7.2 (2016-11-26)

On Thu, Jan 19, 2017 at 10:19:19PM +0100, Julien Lepiller wrote:
> A new version of gd and php were released today. Here are patches to
> update them. I could get rid of gd-for-php and use the system one
> instead. Two new tests had to be removed, they are related to already
> failing tests.

> From 502fa6202e8dabed3abdd584f720eb6128fdc127 Mon Sep 17 00:00:00 2001
> From: Julien Lepiller <address@hidden>
> Date: Thu, 19 Jan 2017 22:09:35 +0100
> Subject: [PATCH 1/2] gnu: gd: Update to 2.2.4.
> * gnu/packages/gd.scm (gd): Update to 2.2.4.
> ---
>  gnu/                                |  2 --
>  gnu/packages/gd.scm                         |  8 ++----
>  gnu/packages/patches/gd-CVE-2016-7568.patch | 44 
> -----------------------------
>  gnu/packages/patches/gd-CVE-2016-8670.patch | 38 -------------------------
>  4 files changed, 3 insertions(+), 89 deletions(-)
>  delete mode 100644 gnu/packages/patches/gd-CVE-2016-7568.patch
>  delete mode 100644 gnu/packages/patches/gd-CVE-2016-8670.patch

Thank you for this! Usually I prefer to give feedback and ask the
submitter to revise their patch, but there were so many complicating
factors that I just wrote my own:

Since the new release fixes security issues in a package that
causes many rebuilds when changed, we need to use a graft. [0]

I also noticed a gd-2.2.4 build failure on i686-linux.

And I think that PHP's use of libgd should be updated in the same
commit. Otherwise, after patch 1/2, PHP would require a gd-for-php with
patches that would fail to apply, leaving PHP broken for that commit.

[0] In case you haven't seen it, this is the "rebuilding" strategy:

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]