From b5d08d7c2834610b5243db1795bd4b0724c8ff2a Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 27 May 2016 11:42:22 -0400
Subject: gnu: gd: Update to 2.2.1 [fixes CVE-2015-{8874, 8877}].

* gnu/packages/patches/gd-CVE-2016-3074.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
* gnu/packages/gd.scm (gd): Update to 2.2.1.
[source]: Remove patch. Update source URL.
---
 gnu/packages/patches/gd-CVE-2016-3074.patch | 36 -----------------------------
 1 file changed, 36 deletions(-)
 delete mode 100644 gnu/packages/patches/gd-CVE-2016-3074.patch

(limited to 'gnu/packages/patches')

diff --git a/gnu/packages/patches/gd-CVE-2016-3074.patch b/gnu/packages/patches/gd-CVE-2016-3074.patch
deleted file mode 100644
index a90c51d77b..0000000000
--- a/gnu/packages/patches/gd-CVE-2016-3074.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Adapted from upstream commit 2bb97f407c1145c850416a3bfbcc8cf124e68a19
-(gd2: handle corrupt images better (CVE-2016-3074)).
-
-This patch omits the upstream changes to '.gitignore', and the test
-added in files 'tests/Makefile.am', 'tests/gd2/gd2_read_corrupt.c', and
-'tests/gd2/invalid_neg_size.gd2'.
-
-We omit the test because its input data,
-'tests/gd2/invalid_neg_size.gd2', is provided as a binary Git diff,
-which is not supported by `patch`.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074
-https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
----
- .gitignore                     |   1 +
- src/gd_gd2.c                   |   2 ++
- tests/Makefile.am              |   3 ++-
- tests/gd2/gd2_read_corrupt.c   |  25 +++++++++++++++++++++++++
- tests/gd2/invalid_neg_size.gd2 | Bin 0 -> 1676 bytes
- 5 files changed, 30 insertions(+), 1 deletion(-)
- create mode 100644 tests/gd2/gd2_read_corrupt.c
- create mode 100644 tests/gd2/invalid_neg_size.gd2
-
-diff --git a/src/gd_gd2.c b/src/gd_gd2.c
-index 6f28461..a50b33d 100644
---- a/src/gd_gd2.c
-+++ b/src/gd_gd2.c
-@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
- 			if (gdGetInt (&cidx[i].size, in) != 1) {
- 				goto fail2;
- 			};
-+			if (cidx[i].offset < 0 || cidx[i].size < 0)
-+				goto fail2;
- 		};
- 		*chunkIdx = cidx;
- 	};
-- 
cgit v1.2.3