diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/gd.scm | 11 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2016-3074.patch | 36 |
3 files changed, 5 insertions, 43 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index f36389f819..86b56d4047 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -498,7 +498,6 @@ dist_patch_DATA = \ %D%/packages/patches/gcc-cross-environment-variables.patch \ %D%/packages/patches/gcc-libvtv-runpath.patch \ %D%/packages/patches/gcc-5.0-libvtv-runpath.patch \ - %D%/packages/patches/gd-CVE-2016-3074.patch \ %D%/packages/patches/geoclue-config.patch \ %D%/packages/patches/ghostscript-CVE-2015-3228.patch \ %D%/packages/patches/ghostscript-runpath.patch \ diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index e52a030f86..4d6b1a3c89 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -37,20 +37,19 @@ (package (name "gd") - ;; Note: With libgd.org now pointing to bitbucket.org, genuine old + ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are ;; missing. - (version "2.1.1") + (version "2.2.1") (source (origin (method url-fetch) (uri (string-append - "https://bitbucket.org/libgd/gd-libgd/downloads/" - "libgd-" version ".tar.xz")) + "https://github.com/libgd/libgd/releases/download/gd-" + version "/libgd-" version ".tar.xz")) (sha256 (base32 - "11djy9flzxczphigqgp7fbbblbq35gqwwhn9xfcckawlapa1xnls")) - (patches (search-patches "gd-CVE-2016-3074.patch")))) + "0xmrqka1ggqgml84xbmkw1y0r0lg7qn657v5b1my8pry92p651vh")))) (build-system gnu-build-system) (native-inputs `(("pkg-config" ,pkg-config))) diff --git a/gnu/packages/patches/gd-CVE-2016-3074.patch b/gnu/packages/patches/gd-CVE-2016-3074.patch deleted file mode 100644 index a90c51d77b..0000000000 --- a/gnu/packages/patches/gd-CVE-2016-3074.patch +++ /dev/null @@ -1,36 +0,0 @@ -Adapted from upstream commit 2bb97f407c1145c850416a3bfbcc8cf124e68a19 -(gd2: handle corrupt images better (CVE-2016-3074)). - -This patch omits the upstream changes to '.gitignore', and the test -added in files 'tests/Makefile.am', 'tests/gd2/gd2_read_corrupt.c', and -'tests/gd2/invalid_neg_size.gd2'. - -We omit the test because its input data, -'tests/gd2/invalid_neg_size.gd2', is provided as a binary Git diff, -which is not supported by `patch`. - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074 -https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19 ---- - .gitignore | 1 + - src/gd_gd2.c | 2 ++ - tests/Makefile.am | 3 ++- - tests/gd2/gd2_read_corrupt.c | 25 +++++++++++++++++++++++++ - tests/gd2/invalid_neg_size.gd2 | Bin 0 -> 1676 bytes - 5 files changed, 30 insertions(+), 1 deletion(-) - create mode 100644 tests/gd2/gd2_read_corrupt.c - create mode 100644 tests/gd2/invalid_neg_size.gd2 - -diff --git a/src/gd_gd2.c b/src/gd_gd2.c -index 6f28461..a50b33d 100644 ---- a/src/gd_gd2.c -+++ b/src/gd_gd2.c -@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, - if (gdGetInt (&cidx[i].size, in) != 1) { - goto fail2; - }; -+ if (cidx[i].offset < 0 || cidx[i].size < 0) -+ goto fail2; - }; - *chunkIdx = cidx; - }; |