From: Julien Lepiller <julien@lepiller.eu>
To: 27937@debbugs.gnu.org
Subject: [bug#27937] Update php to 7.1.8
Date: Sat, 5 Aug 2017 10:02:13 +0200 [thread overview]
Message-ID: <20170805100209.49f88f07@lepiller.eu> (raw)
In-Reply-To: <20170804150138.GC14950@jasmine.lan>
[-- Attachment #1: Type: text/plain, Size: 787 bytes --]
Le Fri, 4 Aug 2017 11:01:38 -0400,
Leo Famulari <leo@famulari.name> a écrit :
>
> Okay, I'll look into it this weekend, unless somebody beats me to it.
>
> Next time there are lots of Guix people gathered together, I want to
> hold some kind of "security updates workshop", with the goal of
> helping more people feel comfortable working in this area.
>
> For gd in particular, if you have some specific questions, I can
> answer them over email. Surely more people have questions, too. The
> discussion could result in improvements to the manual's section on
> this topic.
>
Hi,
I think this patch fixes gd correctly. I think I'm supposed to
also make a patch for core-updates with the new gd for rebuilds to
occur in that branch, right? How do I proceed?
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-gd-Fix-CVE-2017-7890.patch --]
[-- Type: text/x-patch, Size: 1330 bytes --]
From 828b7458582cd6fae0e7dd2375315b6b52149554 Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Sat, 5 Aug 2017 09:46:13 +0200
Subject: [PATCH] gnu: gd: Fix CVE-2017-7890.
* gnu/packages/gd.scm (gd)[replacement]: New field.
(gd/fixed): New variable.
---
gnu/packages/gd.scm | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index aac0f9664..48db1b247 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -37,6 +37,7 @@
(define-public gd
(package
(name "gd")
+ (replacement gd/fixed)
;; Note: With libgd.org now pointing to github.com, genuine old
;; tarballs are no longer available. Notably, versions 2.0.x are
@@ -93,6 +94,16 @@ most common applications of GD involve website development.")
"See COPYING file in the distribution."))
(properties '((cpe-name . "libgd")))))
+(define-public gd/fixed
+ (package
+ (inherit gd)
+ (source (origin
+ (inherit (package-source gd))
+ (patches
+ (append
+ (origin-patches (package-source gd))
+ (search-patches "gd-CVE-2017-7890.patch")))))))
+
(define-public perl-gd
(package
(name "perl-gd")
--
2.13.4
next prev parent reply other threads:[~2017-08-05 8:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-03 18:22 [bug#27937] Update php to 7.1.8 Julien Lepiller
2017-08-03 22:20 ` Leo Famulari
2017-08-04 6:30 ` Julien Lepiller
2017-08-04 15:01 ` Leo Famulari
2017-08-05 8:02 ` Julien Lepiller [this message]
2017-09-04 13:16 ` bug#27937: " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170805100209.49f88f07@lepiller.eu \
--to=julien@lepiller.eu \
--cc=27937@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).