From: ludo@gnu.org (Ludovic Courtès)
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH 1/1] gnu: gd: Replace with gd-2.2.4 [fixes CVE-2016-{6912, 9317} and others].
Date: Fri, 20 Jan 2017 14:49:50 +0100 [thread overview]
Message-ID: <87a8alc03l.fsf@gnu.org> (raw)
In-Reply-To: <dd4412b87fddc2186ab23a392bf8e567340842a6.1484886237.git.leo@famulari.name> (Leo Famulari's message of "Thu, 19 Jan 2017 23:24:01 -0500")
Leo Famulari <leo@famulari.name> skribis:
> 'CHANGELOG.md' in the development repository lists several fixed bugs with
> potential security implications:
>
> https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
>
> * gnu/packages/gd.scm (gd)[replacement]: New field.
> (gd-2.2.4): New variable.
> * gnu/packages/php.scm (gd-for-php): Remove variable.
> (php)[inputs]: Replace gd-for-php with gd.
> * gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch,
> gnu/packages/patches/gd-fix-truecolor-format-correction.patch: Delete files.
> * gnu/local.mk (dist_patch_DATA): Remove them.
[...]
> --- a/gnu/packages/php.scm
> +++ b/gnu/packages/php.scm
> @@ -50,17 +50,6 @@
> #:use-module (guix build-system gnu)
> #:use-module ((guix licenses) #:prefix license:))
>
> -;; This fixes PHP bugs 73155 and 73159. Remove when gd
> -;; is updated to > 2.2.3.
> -(define gd-for-php
> - (package (inherit gd)
> - (source
> - (origin
> - (inherit (package-source gd))
> - (patches (search-patches
> - "gd-fix-truecolor-format-correction.patch"
> - "gd-fix-chunk-size-on-boundaries.patch"))))))
> -
> (define-public php
> (package
> (name "php")
> @@ -291,7 +280,7 @@
> ("curl" ,curl)
> ("cyrus-sasl" ,cyrus-sasl)
> ("freetype" ,freetype)
> - ("gd" ,gd-for-php)
> + ("gd" ,gd)
I don’t think we can do this since gd (not its replacement) is still
2.2.3.
WDYT?
Otherwise LGTM.
Thank you!
Ludo’.
next prev parent reply other threads:[~2017-01-20 13:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-20 4:24 [PATCH 1/1] gnu: gd: Replace with gd-2.2.4 [fixes CVE-2016-{6912, 9317} and others] Leo Famulari
2017-01-20 13:49 ` Ludovic Courtès [this message]
2017-01-20 15:31 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a8alc03l.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=leo@famulari.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.