diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/gd.scm | 20 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2017-7890.patch | 30 | ||||
-rw-r--r-- | gnu/packages/php.scm | 13 |
4 files changed, 19 insertions, 45 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 9207966859..708b50e8b6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -631,7 +631,6 @@ dist_patch_DATA = \ %D%/packages/patches/gcr-disable-failing-tests.patch \ %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch \ %D%/packages/patches/gdk-pixbuf-list-dir.patch \ - %D%/packages/patches/gd-CVE-2017-7890.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index b4e6ce435b..169f040ee4 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -37,12 +38,11 @@ (define-public gd (package (name "gd") - + (replacement gd-2.2.5) ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are ;; missing. (version "2.2.4") - (source (origin (method url-fetch) (uri (string-append @@ -93,6 +93,22 @@ most common applications of GD involve website development.") "See COPYING file in the distribution.")) (properties '((cpe-name . "libgd"))))) +;; For CVE-2017-6362 and CVE-2017-7890. +(define-public gd-2.2.5 + (package + (inherit gd) + (version "2.2.5") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/libgd/libgd/releases/download/gd-" + version "/libgd-" version ".tar.xz")) + (patches (search-patches "gd-fix-tests-on-i686.patch" + "gd-freetype-test-failure.patch")) + (sha256 + (base32 + "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c")))))) + (define-public perl-gd (package (name "perl-gd") diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch deleted file mode 100644 index 66034c5703..0000000000 --- a/gnu/packages/patches/gd-CVE-2017-7890.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001 -From: LEPILLER Julien <julien@lepiller.eu> -Date: Thu, 3 Aug 2017 17:04:17 +0200 -Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory. - -The stack allocated color map buffers were not zeroed before usage, and -so undefined palette indexes could cause information leakage. - -This is CVE-2017-7890. ---- - src/gd_gif_in.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c -index 008d1ec..c195448 100644 ---- a/src/gd_gif_in.c -+++ b/src/gd_gif_in.c -@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) - - gdImagePtr im = 0; - -+ memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE); -+ memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE); -+ - if(!ReadOK(fd, buf, 6)) { - return 0; - } --- -2.13.3 - diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index d0afab0931..44fa78d624 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -49,17 +49,6 @@ #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:prefix license:)) -(define gd-for-php - (package - (inherit gd) - (source (origin - (inherit (package-source gd)) - (patches - (append - (origin-patches (package-source gd)) - (search-patches "gd-CVE-2017-7890.patch"))))))) - - (define-public php (package (name "php") @@ -293,7 +282,7 @@ ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("freetype" ,freetype) - ("gd" ,gd-for-php) + ("gd" ,gd-2.2.5) ("gdbm" ,gdbm) ("glibc" ,glibc) ("gmp" ,gmp) |