From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: [PATCH 1/1] gnu: gd: Replace with gd-2.2.4 [fixes CVE-2016-{6912,
	9317} and others].
Date: Fri, 20 Jan 2017 14:49:50 +0100
Message-ID: <87a8alc03l.fsf@gnu.org>
References: <dd4412b87fddc2186ab23a392bf8e567340842a6.1484886237.git.leo@famulari.name>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57793)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cUZZl-0001xb-3S
	for guix-devel@gnu.org; Fri, 20 Jan 2017 08:49:58 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cUZZh-0007uJ-8X
	for guix-devel@gnu.org; Fri, 20 Jan 2017 08:49:57 -0500
In-Reply-To: <dd4412b87fddc2186ab23a392bf8e567340842a6.1484886237.git.leo@famulari.name>
	(Leo Famulari's message of "Thu, 19 Jan 2017 23:24:01 -0500")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org

Leo Famulari <leo@famulari.name> skribis:

> 'CHANGELOG.md' in the development repository lists several fixed bugs with
> potential security implications:
>
> https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md
>
> * gnu/packages/gd.scm (gd)[replacement]: New field.
> (gd-2.2.4): New variable.
> * gnu/packages/php.scm (gd-for-php): Remove variable.
> (php)[inputs]: Replace gd-for-php with gd.
> * gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch,
> gnu/packages/patches/gd-fix-truecolor-format-correction.patch: Delete fil=
es.
> * gnu/local.mk (dist_patch_DATA): Remove them.

[...]

> --- a/gnu/packages/php.scm
> +++ b/gnu/packages/php.scm
> @@ -50,17 +50,6 @@
>    #:use-module (guix build-system gnu)
>    #:use-module ((guix licenses) #:prefix license:))
>=20=20
> -;; This fixes PHP bugs 73155 and 73159. Remove when gd
> -;; is updated to > 2.2.3.
> -(define gd-for-php
> -  (package (inherit gd)
> -           (source
> -            (origin
> -              (inherit (package-source gd))
> -              (patches (search-patches
> -                        "gd-fix-truecolor-format-correction.patch"
> -                        "gd-fix-chunk-size-on-boundaries.patch"))))))
> -
>  (define-public php
>    (package
>      (name "php")
> @@ -291,7 +280,7 @@
>         ("curl" ,curl)
>         ("cyrus-sasl" ,cyrus-sasl)
>         ("freetype" ,freetype)
> -       ("gd" ,gd-for-php)
> +       ("gd" ,gd)

I don=E2=80=99t think we can do this since gd (not its replacement) is still
2.2.3.

WDYT?

Otherwise LGTM.

Thank you!

Ludo=E2=80=99.