[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/1] gnu: gd: Replace with gd-2.2.4 [fixes CVE-2016-{6912, 93
From: |
Ludovic Courtès |
Subject: |
Re: [PATCH 1/1] gnu: gd: Replace with gd-2.2.4 [fixes CVE-2016-{6912, 9317} and others]. |
Date: |
Fri, 20 Jan 2017 14:49:50 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Leo Famulari <address@hidden> skribis:
> 'CHANGELOG.md' in the development repository lists several fixed bugs with
> potential security implications:
>
> https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
>
> * gnu/packages/gd.scm (gd)[replacement]: New field.
> (gd-2.2.4): New variable.
> * gnu/packages/php.scm (gd-for-php): Remove variable.
> (php)[inputs]: Replace gd-for-php with gd.
> * gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch,
> gnu/packages/patches/gd-fix-truecolor-format-correction.patch: Delete files.
> * gnu/local.mk (dist_patch_DATA): Remove them.
[...]
> --- a/gnu/packages/php.scm
> +++ b/gnu/packages/php.scm
> @@ -50,17 +50,6 @@
> #:use-module (guix build-system gnu)
> #:use-module ((guix licenses) #:prefix license:))
>
> -;; This fixes PHP bugs 73155 and 73159. Remove when gd
> -;; is updated to > 2.2.3.
> -(define gd-for-php
> - (package (inherit gd)
> - (source
> - (origin
> - (inherit (package-source gd))
> - (patches (search-patches
> - "gd-fix-truecolor-format-correction.patch"
> - "gd-fix-chunk-size-on-boundaries.patch"))))))
> -
> (define-public php
> (package
> (name "php")
> @@ -291,7 +280,7 @@
> ("curl" ,curl)
> ("cyrus-sasl" ,cyrus-sasl)
> ("freetype" ,freetype)
> - ("gd" ,gd-for-php)
> + ("gd" ,gd)
I don’t think we can do this since gd (not its replacement) is still
2.2.3.
WDYT?
Otherwise LGTM.
Thank you!
Ludo’.