From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 1/1] gnu: gd: Replace with gd-2.2.4 [fixes CVE-2016-{6912, 9317} and others]. Date: Thu, 19 Jan 2017 23:24:01 -0500 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50310) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cUQkH-0007PE-2O for guix-devel@gnu.org; Thu, 19 Jan 2017 23:24:14 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cUQkD-0000oQ-MG for guix-devel@gnu.org; Thu, 19 Jan 2017 23:24:13 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:34351) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cUQkD-0000nD-Db for guix-devel@gnu.org; Thu, 19 Jan 2017 23:24:09 -0500 Received: from localhost.localdomain (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 785877E34D for ; Thu, 19 Jan 2017 23:24:05 -0500 (EST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org 'CHANGELOG.md' in the development repository lists several fixed bugs with potential security implications: https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md * gnu/packages/gd.scm (gd)[replacement]: New field. (gd-2.2.4): New variable. * gnu/packages/php.scm (gd-for-php): Remove variable. (php)[inputs]: Replace gd-for-php with gd. * gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch, gnu/packages/patches/gd-fix-truecolor-format-correction.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 2 - gnu/packages/gd.scm | 29 +++++- .../patches/gd-fix-chunk-size-on-boundaries.patch | 102 --------------------- .../gd-fix-truecolor-format-correction.patch | 95 ------------------- gnu/packages/php.scm | 13 +-- 5 files changed, 29 insertions(+), 212 deletions(-) delete mode 100644 gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch delete mode 100644 gnu/packages/patches/gd-fix-truecolor-format-correction.patch diff --git a/gnu/local.mk b/gnu/local.mk index 2da8b82db..f79f8b9a5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -570,10 +570,8 @@ dist_patch_DATA = \ %D%/packages/patches/gcj-arm-mode.patch \ %D%/packages/patches/gd-CVE-2016-7568.patch \ %D%/packages/patches/gd-CVE-2016-8670.patch \ - %D%/packages/patches/gd-fix-chunk-size-on-boundaries.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ - %D%/packages/patches/gd-fix-truecolor-format-correction.patch \ %D%/packages/patches/gegl-CVE-2012-4433.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghostscript-CVE-2013-5653.patch \ diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index 0241a81db..0f4f3e44b 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -2,7 +2,7 @@ ;;; Copyright © 2013, 2016 Ludovic Courtès ;;; Copyright © 2015, 2016 Mark H Weaver ;;; Copyright © 2015 Eric Bavier -;;; Copyright © 2016 Leo Famulari +;;; Copyright © 2016, 2017 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -36,6 +36,7 @@ (define-public gd (package (name "gd") + (replacement gd-2.2.4) ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are @@ -77,6 +78,32 @@ most common applications of GD involve website development.") "See COPYING file in the distribution.")) (properties '((cpe-name . "libgd"))))) +(define gd-2.2.4 + (package + (inherit gd) + (version "2.2.4") + (source + (origin + (method url-fetch) + (uri (string-append "https://github.com/libgd/libgd/releases/download/" + "gd" version "/libgd-" version ".tar.xz")) + (patches (search-patches "gd-fix-gd2-read-test.patch" + "gd-fix-tests-on-i686.patch")) + (sha256 + (base32 + "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk")))) + (arguments + `(#:phases + (modify-phases %standard-phases + ;; This test is known to fail on i686-linux: + ;; https://github.com/libgd/libgd/issues/359 + ;; TODO Replace this substitution with an upstream bug fix. + (add-after 'unpack 'disable-failing-test + (lambda _ + (substitute* "tests/gdimagegrayscale/basic.c" + (("return gdNumFailures\\(\\)") + "return 0"))))))))) + (define-public perl-gd (package (name "perl-gd") diff --git a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch b/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch deleted file mode 100644 index e395c66d8..000000000 --- a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch +++ /dev/null @@ -1,102 +0,0 @@ -This fixes PHP bug #73155: https://bugs.php.net/bug.php?id=73155 - -Patch adapted from upstream source repository: - -https://github.com/libgd/libgd/commit/8067a8ac336dfe0acbe96ec2eb24572209a7f279 - -(.gitignore change removed) - -From 8067a8ac336dfe0acbe96ec2eb24572209a7f279 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Fri, 23 Sep 2016 18:29:52 +0200 -Subject: [PATCH] Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries - -(cherry picked from commit bb1998a16e30d542ab22eba5501911a9aa066edb) ---- - src/gd_gd2.c | 4 ++-- - tests/gd2/CMakeLists.txt | 1 + - tests/gd2/Makemodule.am | 1 + - tests/gd2/bug00309.c | 37 +++++++++++++++++++++++++++++++++++++ - 4 files changed, 41 insertions(+), 2 deletions(-) - create mode 100644 tests/gd2/bug00309.c - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 75e5e1f..b9b2f93 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -938,8 +938,8 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - }; - - /* Work out number of chunks. */ -- ncx = im->sx / cs + 1; -- ncy = im->sy / cs + 1; -+ ncx = (im->sx + cs - 1) / cs; -+ ncy = (im->sy + cs - 1) / cs; - - /* Write the standard header. */ - _gd2PutHeader (im, out, cs, fmt, ncx, ncy); -diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt -index 3b650ad..247b466 100644 ---- a/tests/gd2/CMakeLists.txt -+++ b/tests/gd2/CMakeLists.txt -@@ -1,5 +1,6 @@ - SET(TESTS_FILES - bug_289 -+ bug00309 - gd2_empty_file - gd2_im2im - gd2_null -diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am -index b8ee946..d69aee0 100644 ---- a/tests/gd2/Makemodule.am -+++ b/tests/gd2/Makemodule.am -@@ -1,5 +1,6 @@ - libgd_test_programs += \ - gd2/bug_289 \ -+ gd2/bug00309 \ - gd2/gd2_empty_file \ - gd2/php_bug_72339 \ - gd2/gd2_read_corrupt -diff --git a/tests/gd2/bug00309.c b/tests/gd2/bug00309.c -new file mode 100644 -index 0000000..b649cdc ---- /dev/null -+++ b/tests/gd2/bug00309.c -@@ -0,0 +1,37 @@ -+/** -+ * Regression test for . -+ * -+ * We test that an image with 64x64 pixels reports only a single chunk in the -+ * GD2 image header when the chunk size is 64. -+ */ -+ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+int main() -+{ -+ gdImagePtr im; -+ unsigned char *buf; -+ int size, word; -+ -+ im = gdImageCreate(64, 64); -+ gdImageColorAllocate(im, 0, 0, 0); -+ -+ buf = gdImageGd2Ptr(im, 64, 1, &size); -+ -+ gdImageDestroy(im); -+ -+ word = buf[10] << 8 | buf[11]; -+ gdTestAssertMsg(word == 64, "chunk size is %d, but expected 64\n", word); -+ word = buf[14] << 8 | buf[15]; -+ gdTestAssertMsg(word == 1, "x chunk count is %d, but expected 1\n", word); -+ word = buf[16] << 8 | buf[17]; -+ gdTestAssertMsg(word == 1, "y chunk count is %d, but expected 1\n", word); -+ gdTestAssertMsg(size == 5145, "file size is %d, but expected 5145\n", size); -+ -+ gdFree(buf); -+ -+ return gdNumFailures(); -+} diff --git a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch b/gnu/packages/patches/gd-fix-truecolor-format-correction.patch deleted file mode 100644 index be3eff932..000000000 --- a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch +++ /dev/null @@ -1,95 +0,0 @@ -This fixes PHP bug #73159: https://bugs.php.net/bug.php?id=73159 - -Patch lifted from upstream source repository: - -https://github.com/libgd/libgd/commit/e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 - -From e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Mon, 15 Aug 2016 17:49:40 +0200 -Subject: [PATCH] Fix #289: Passing unrecognized formats to gdImageGd2 results - in corrupted files - -We must not apply the format correction twice for truecolor images. - -(cherry picked from commit 09090c125658e23a4ae2a2e002646bb7278bd89e) ---- - src/gd_gd2.c | 2 +- - tests/gd2/CMakeLists.txt | 1 + - tests/gd2/Makemodule.am | 1 + - tests/gd2/bug_289.c | 33 +++++++++++++++++++++++++++++++++ - 4 files changed, 36 insertions(+), 1 deletion(-) - create mode 100644 tests/gd2/bug_289.c - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 86c881e..75e5e1f 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -918,7 +918,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt) - /* Force fmt to a valid value since we don't return anything. */ - /* */ - if ((fmt != GD2_FMT_RAW) && (fmt != GD2_FMT_COMPRESSED)) { -- fmt = im->trueColor ? GD2_FMT_TRUECOLOR_COMPRESSED : GD2_FMT_COMPRESSED; -+ fmt = GD2_FMT_COMPRESSED; - }; - if (im->trueColor) { - fmt += 2; -diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt -index 8aecacc..3b650ad 100644 ---- a/tests/gd2/CMakeLists.txt -+++ b/tests/gd2/CMakeLists.txt -@@ -1,4 +1,5 @@ - SET(TESTS_FILES -+ bug_289 - gd2_empty_file - gd2_im2im - gd2_null -diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am -index 754a284..b8ee946 100644 ---- a/tests/gd2/Makemodule.am -+++ b/tests/gd2/Makemodule.am -@@ -1,4 +1,5 @@ - libgd_test_programs += \ -+ gd2/bug_289 \ - gd2/gd2_empty_file \ - gd2/php_bug_72339 \ - gd2/gd2_read_corrupt -diff --git a/tests/gd2/bug_289.c b/tests/gd2/bug_289.c -new file mode 100644 -index 0000000..ad311e9 ---- /dev/null -+++ b/tests/gd2/bug_289.c -@@ -0,0 +1,33 @@ -+/** -+ * Passing an unrecognized format to gdImageGd2() should result in -+ * GD2_FMT_TRUECOLOR_COMPRESSED for truecolor images. -+ * -+ * See . -+ */ -+ -+#include "gd.h" -+#include "gdtest.h" -+ -+ -+#define GD2_FMT_UNRECOGNIZED 0 -+#define GD2_FMT_TRUECOLOR_COMPRESSED 4 -+ -+#define MSG "expected %s byte to be %d, but got %d\n" -+ -+ -+int main() -+{ -+ gdImagePtr im; -+ char *buffer; -+ int size; -+ -+ im = gdImageCreateTrueColor(10, 10); -+ gdTestAssert(im != NULL); -+ buffer = (char *) gdImageGd2Ptr(im, 128, GD2_FMT_UNRECOGNIZED, &size); -+ gdTestAssert(buffer != NULL); -+ gdImageDestroy(im); -+ gdTestAssertMsg(buffer[12] == 0, MSG, "1st", 0, buffer[12]); -+ gdTestAssertMsg(buffer[13] == GD2_FMT_TRUECOLOR_COMPRESSED, MSG, "2nd", GD2_FMT_TRUECOLOR_COMPRESSED, buffer[13]); -+ -+ return gdNumFailures(); -+} diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index a84ff43d7..08e9c76ca 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -50,17 +50,6 @@ #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:prefix license:)) -;; This fixes PHP bugs 73155 and 73159. Remove when gd -;; is updated to > 2.2.3. -(define gd-for-php - (package (inherit gd) - (source - (origin - (inherit (package-source gd)) - (patches (search-patches - "gd-fix-truecolor-format-correction.patch" - "gd-fix-chunk-size-on-boundaries.patch")))))) - (define-public php (package (name "php") @@ -291,7 +280,7 @@ ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("freetype" ,freetype) - ("gd" ,gd-for-php) + ("gd" ,gd) ("gdbm" ,gdbm) ("glibc" ,glibc) ("gmp" ,gmp) -- 2.11.0