From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Lepiller Subject: [PATCH] Update gd and php Date: Thu, 19 Jan 2017 22:19:19 +0100 Message-ID: <20170119221919.7a74f45a@lepiller.eu> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/W8OHQgpxNWLPluZZ7N=fwId" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40813) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cUK7V-00012z-6Q for guix-devel@gnu.org; Thu, 19 Jan 2017 16:19:47 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cUK7Q-0002ml-Vp for guix-devel@gnu.org; Thu, 19 Jan 2017 16:19:45 -0500 Received: from dau94-h03-89-91-205-84.dsl.sta.abo.bbox.fr ([89.91.205.84]:43365 helo=skaro.lepiller.eu) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cUK7Q-0002lZ-8L for guix-devel@gnu.org; Thu, 19 Jan 2017 16:19:40 -0500 Received: from localhost (localhost [127.0.0.1]) by skaro.lepiller.eu (Postfix) with ESMTP id 1BB247FFE1 for ; Thu, 19 Jan 2017 22:19:36 +0100 (CET) Received: from skaro.lepiller.eu ([127.0.0.1]) by localhost (lepiller.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xN3NxSoJVRvR for ; Thu, 19 Jan 2017 22:19:25 +0100 (CET) Received: from localhost (128-79-116-134.hfc.dyn.abo.bbox.fr [128.79.116.134]) by skaro.lepiller.eu (Postfix) with ESMTPSA id 049597FA5F for ; Thu, 19 Jan 2017 22:19:24 +0100 (CET) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --MP_/W8OHQgpxNWLPluZZ7N=fwId Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline A new version of gd and php were released today. Here are patches to update them. I could get rid of gd-for-php and use the system one instead. Two new tests had to be removed, they are related to already failing tests. --MP_/W8OHQgpxNWLPluZZ7N=fwId Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0001-gnu-gd-Update-to-2.2.4.patch >From 502fa6202e8dabed3abdd584f720eb6128fdc127 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Thu, 19 Jan 2017 22:09:35 +0100 Subject: [PATCH 1/2] gnu: gd: Update to 2.2.4. * gnu/packages/gd.scm (gd): Update to 2.2.4. --- gnu/local.mk | 2 -- gnu/packages/gd.scm | 8 ++---- gnu/packages/patches/gd-CVE-2016-7568.patch | 44 ----------------------------- gnu/packages/patches/gd-CVE-2016-8670.patch | 38 ------------------------- 4 files changed, 3 insertions(+), 89 deletions(-) delete mode 100644 gnu/packages/patches/gd-CVE-2016-7568.patch delete mode 100644 gnu/packages/patches/gd-CVE-2016-8670.patch diff --git a/gnu/local.mk b/gnu/local.mk index 2da8b82db..616e476a1 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -568,8 +568,6 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch \ %D%/packages/patches/gcc-6-cross-environment-variables.patch \ %D%/packages/patches/gcj-arm-mode.patch \ - %D%/packages/patches/gd-CVE-2016-7568.patch \ - %D%/packages/patches/gd-CVE-2016-8670.patch \ %D%/packages/patches/gd-fix-chunk-size-on-boundaries.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index 0241a81db..d564955d4 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -40,7 +40,7 @@ ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are ;; missing. - (version "2.2.3") + (version "2.2.4") (source (origin (method url-fetch) @@ -49,10 +49,8 @@ version "/libgd-" version ".tar.xz")) (sha256 (base32 - "0g3xz8jpz1pl2zzmssglrpa9nxiaa7rmcmvgpbrjz8k9cyynqsvl")) - (patches (search-patches "gd-CVE-2016-7568.patch" - "gd-CVE-2016-8670.patch" - "gd-fix-gd2-read-test.patch" + "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk")) + (patches (search-patches "gd-fix-gd2-read-test.patch" "gd-fix-tests-on-i686.patch")))) (build-system gnu-build-system) (native-inputs diff --git a/gnu/packages/patches/gd-CVE-2016-7568.patch b/gnu/packages/patches/gd-CVE-2016-7568.patch deleted file mode 100644 index 6a1a63296..000000000 --- a/gnu/packages/patches/gd-CVE-2016-7568.patch +++ /dev/null @@ -1,44 +0,0 @@ -Fix CVE-2016-7568 (integer overflow in gdImageWebpCtx()): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f - -From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001 -From: trylab -Date: Tue, 6 Sep 2016 18:35:32 +0800 -Subject: [PATCH] Fix integer overflow in gdImageWebpCtx - -Integer overflow can be happened in expression gdImageSX(im) * 4 * -gdImageSY(im). It could lead to heap buffer overflow in the following -code. This issue has been reported to the PHP Bug Tracking System. The -proof-of-concept file will be supplied some days later. This issue was -discovered by Ke Liu of Tencent's Xuanwu LAB. ---- - src/gd_webp.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/gd_webp.c b/src/gd_webp.c -index 8eb4dee..9886399 100644 ---- a/src/gd_webp.c -+++ b/src/gd_webp.c -@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality) - quality = 80; - } - -+ if (overflow2(gdImageSX(im), 4)) { -+ return; -+ } -+ -+ if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) { -+ return; -+ } -+ - argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im)); - if (!argb) { - return; --- -2.10.0 - diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch deleted file mode 100644 index 39ee99ac3..000000000 --- a/gnu/packages/patches/gd-CVE-2016-8670.patch +++ /dev/null @@ -1,38 +0,0 @@ -Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670 -http://seclists.org/oss-sec/2016/q4/138 - -Patch copied from upstream source repository: - -https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 - -From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Wed, 12 Oct 2016 11:15:32 +0200 -Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion - -We make sure to never pass a negative `rlen` as size to memcpy(). See -also . - -Patch provided by Emmanuel Law. ---- - src/gd_io_dp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c -index 135eda3..228bfa5 100644 ---- a/src/gd_io_dp.c -+++ b/src/gd_io_dp.c -@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len) - if(remain >= len) { - rlen = len; - } else { -- if(remain == 0) { -+ if(remain <= 0) { - /* 2.0.34: EOF is incorrect. We use 0 for - * errors and EOF, just like fileGetbuf, - * which is a simple fread() wrapper. --- -2.10.1 - -- 2.11.0 --MP_/W8OHQgpxNWLPluZZ7N=fwId Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-php-Update-to-7.1.1.patch >From edf980daea884e8d23b8f034ad8b7e8ad4ba8bbb Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Thu, 19 Jan 2017 22:10:22 +0100 Subject: [PATCH 2/2] gnu: php: Update to 7.1.1. * gnu/packages/php.scm (php): Update to 7.1.1. --- gnu/local.mk | 2 - .../patches/gd-fix-chunk-size-on-boundaries.patch | 102 --------------------- .../gd-fix-truecolor-format-correction.patch | 95 ------------------- gnu/packages/php.scm | 19 +--- 4 files changed, 5 insertions(+), 213 deletions(-) delete mode 100644 gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch delete mode 100644 gnu/packages/patches/gd-fix-truecolor-format-correction.patch diff --git a/gnu/local.mk b/gnu/local.mk index 616e476a1..5e4a59f49 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -568,10 +568,8 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch \ %D%/packages/patches/gcc-6-cross-environment-variables.patch \ %D%/packages/patches/gcj-arm-mode.patch \ - %D%/packages/patches/gd-fix-chunk-size-on-boundaries.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ - %D%/packages/patches/gd-fix-truecolor-format-correction.patch \ %D%/packages/patches/gegl-CVE-2012-4433.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghostscript-CVE-2013-5653.patch \ diff --git a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch b/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch deleted file mode 100644 index e395c66d8..000000000 --- a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch +++ /dev/null @@ -1,102 +0,0 @@ -This fixes PHP bug #73155: https://bugs.php.net/bug.php?id=73155 - -Patch adapted from upstream source repository: - -https://github.com/libgd/libgd/commit/8067a8ac336dfe0acbe96ec2eb24572209a7f279 - -(.gitignore change removed) - -From 8067a8ac336dfe0acbe96ec2eb24572209a7f279 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Fri, 23 Sep 2016 18:29:52 +0200 -Subject: [PATCH] Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries - -(cherry picked from commit bb1998a16e30d542ab22eba5501911a9aa066edb) ---- - src/gd_gd2.c | 4 ++-- - tests/gd2/CMakeLists.txt | 1 + - tests/gd2/Makemodule.am | 1 + - tests/gd2/bug00309.c | 37 +++++++++++++++++++++++++++++++++++++ - 4 files changed, 41 insertions(+), 2 deletions(-) - create mode 100644 tests/gd2/bug00309.c - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 75e5e1f..b9b2f93 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -938,8 +938,8 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - }; - - /* Work out number of chunks. */ -- ncx = im->sx / cs + 1; -- ncy = im->sy / cs + 1; -+ ncx = (im->sx + cs - 1) / cs; -+ ncy = (im->sy + cs - 1) / cs; - - /* Write the standard header. */ - _gd2PutHeader (im, out, cs, fmt, ncx, ncy); -diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt -index 3b650ad..247b466 100644 ---- a/tests/gd2/CMakeLists.txt -+++ b/tests/gd2/CMakeLists.txt -@@ -1,5 +1,6 @@ - SET(TESTS_FILES - bug_289 -+ bug00309 - gd2_empty_file - gd2_im2im - gd2_null -diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am -index b8ee946..d69aee0 100644 ---- a/tests/gd2/Makemodule.am -+++ b/tests/gd2/Makemodule.am -@@ -1,5 +1,6 @@ - libgd_test_programs += \ - gd2/bug_289 \ -+ gd2/bug00309 \ - gd2/gd2_empty_file \ - gd2/php_bug_72339 \ - gd2/gd2_read_corrupt -diff --git a/tests/gd2/bug00309.c b/tests/gd2/bug00309.c -new file mode 100644 -index 0000000..b649cdc ---- /dev/null -+++ b/tests/gd2/bug00309.c -@@ -0,0 +1,37 @@ -+/** -+ * Regression test for . -+ * -+ * We test that an image with 64x64 pixels reports only a single chunk in the -+ * GD2 image header when the chunk size is 64. -+ */ -+ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+int main() -+{ -+ gdImagePtr im; -+ unsigned char *buf; -+ int size, word; -+ -+ im = gdImageCreate(64, 64); -+ gdImageColorAllocate(im, 0, 0, 0); -+ -+ buf = gdImageGd2Ptr(im, 64, 1, &size); -+ -+ gdImageDestroy(im); -+ -+ word = buf[10] << 8 | buf[11]; -+ gdTestAssertMsg(word == 64, "chunk size is %d, but expected 64\n", word); -+ word = buf[14] << 8 | buf[15]; -+ gdTestAssertMsg(word == 1, "x chunk count is %d, but expected 1\n", word); -+ word = buf[16] << 8 | buf[17]; -+ gdTestAssertMsg(word == 1, "y chunk count is %d, but expected 1\n", word); -+ gdTestAssertMsg(size == 5145, "file size is %d, but expected 5145\n", size); -+ -+ gdFree(buf); -+ -+ return gdNumFailures(); -+} diff --git a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch b/gnu/packages/patches/gd-fix-truecolor-format-correction.patch deleted file mode 100644 index be3eff932..000000000 --- a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch +++ /dev/null @@ -1,95 +0,0 @@ -This fixes PHP bug #73159: https://bugs.php.net/bug.php?id=73159 - -Patch lifted from upstream source repository: - -https://github.com/libgd/libgd/commit/e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 - -From e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Mon, 15 Aug 2016 17:49:40 +0200 -Subject: [PATCH] Fix #289: Passing unrecognized formats to gdImageGd2 results - in corrupted files - -We must not apply the format correction twice for truecolor images. - -(cherry picked from commit 09090c125658e23a4ae2a2e002646bb7278bd89e) ---- - src/gd_gd2.c | 2 +- - tests/gd2/CMakeLists.txt | 1 + - tests/gd2/Makemodule.am | 1 + - tests/gd2/bug_289.c | 33 +++++++++++++++++++++++++++++++++ - 4 files changed, 36 insertions(+), 1 deletion(-) - create mode 100644 tests/gd2/bug_289.c - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 86c881e..75e5e1f 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -918,7 +918,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - /* Force fmt to a valid value since we don't return anything. */ - /* */ - if ((fmt != GD2_FMT_RAW) && (fmt != GD2_FMT_COMPRESSED)) { -- fmt = im->trueColor ? GD2_FMT_TRUECOLOR_COMPRESSED : GD2_FMT_COMPRESSED; -+ fmt = GD2_FMT_COMPRESSED; - }; - if (im->trueColor) { - fmt += 2; -diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt -index 8aecacc..3b650ad 100644 ---- a/tests/gd2/CMakeLists.txt -+++ b/tests/gd2/CMakeLists.txt -@@ -1,4 +1,5 @@ - SET(TESTS_FILES -+ bug_289 - gd2_empty_file - gd2_im2im - gd2_null -diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am -index 754a284..b8ee946 100644 ---- a/tests/gd2/Makemodule.am -+++ b/tests/gd2/Makemodule.am -@@ -1,4 +1,5 @@ - libgd_test_programs += \ -+ gd2/bug_289 \ - gd2/gd2_empty_file \ - gd2/php_bug_72339 \ - gd2/gd2_read_corrupt -diff --git a/tests/gd2/bug_289.c b/tests/gd2/bug_289.c -new file mode 100644 -index 0000000..ad311e9 ---- /dev/null -+++ b/tests/gd2/bug_289.c -@@ -0,0 +1,33 @@ -+/** -+ * Passing an unrecognized format to gdImageGd2() should result in -+ * GD2_FMT_TRUECOLOR_COMPRESSED for truecolor images. -+ * -+ * See . -+ */ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+#define GD2_FMT_UNRECOGNIZED 0 -+#define GD2_FMT_TRUECOLOR_COMPRESSED 4 -+ -+#define MSG "expected %s byte to be %d, but got %d\n" -+ -+ -+int main() -+{ -+ gdImagePtr im; -+ char *buffer; -+ int size; -+ -+ im = gdImageCreateTrueColor(10, 10); -+ gdTestAssert(im != NULL); -+ buffer = (char *) gdImageGd2Ptr(im, 128, GD2_FMT_UNRECOGNIZED, &size); -+ gdTestAssert(buffer != NULL); -+ gdImageDestroy(im); -+ gdTestAssertMsg(buffer[12] == 0, MSG, "1st", 0, buffer[12]); -+ gdTestAssertMsg(buffer[13] == GD2_FMT_TRUECOLOR_COMPRESSED, MSG, "2nd", GD2_FMT_TRUECOLOR_COMPRESSED, buffer[13]); -+ -+ return gdNumFailures(); -+} diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index a84ff43d7..94ea8436a 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -50,21 +50,10 @@ #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:prefix license:)) -;; This fixes PHP bugs 73155 and 73159. Remove when gd -;; is updated to > 2.2.3. -(define gd-for-php - (package (inherit gd) - (source - (origin - (inherit (package-source gd)) - (patches (search-patches - "gd-fix-truecolor-format-correction.patch" - "gd-fix-chunk-size-on-boundaries.patch")))))) - (define-public php (package (name "php") - (version "7.0.14") + (version "7.1.1") (home-page "https://secure.php.net/") (source (origin (method url-fetch) @@ -72,7 +61,7 @@ name "-" version ".tar.xz")) (sha256 (base32 - "12ccgbrfchgvmcfb88rcknq7xmrf19c5ysdr4v8jxk51j9izy78g")) + "0w7ybwm2q34hin4qc4l8zymnfwzcy66n08a842x4w1j12h65nmmk")) (modules '((guix build utils))) (snippet '(with-directory-excursion "ext" @@ -258,8 +247,10 @@ "ext/gd/tests/bug43073.phpt" ;; imagettftext() returns wrong coordinates. "ext/gd/tests/bug48732.phpt" + "ext/gd/tests/bug48732-mb.phpt" ;; Similarly for imageftbbox(). "ext/gd/tests/bug48801.phpt" + "ext/gd/tests/bug48801-mb.phpt" ;; Different expected output from imagecolorallocate(). "ext/gd/tests/bug53504.phpt" ;; Wrong image size after scaling an image. @@ -291,7 +282,7 @@ ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("freetype" ,freetype) - ("gd" ,gd-for-php) + ("gd" ,gd) ("gdbm" ,gdbm) ("glibc" ,glibc) ("gmp" ,gmp) -- 2.11.0 --MP_/W8OHQgpxNWLPluZZ7N=fwId--