diff options
author | Marius Bakke <mbakke@fastmail.com> | 2017-08-30 23:41:08 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2017-08-31 02:49:43 +0200 |
commit | 4f6815614097630dfe507df7bae768d37f3f0627 (patch) | |
tree | 807ee60a94752d6fb2b83b197de50b031db6863f | |
parent | cad88b853375089f22da0ebb436fd38eb23aa593 (diff) | |
download | patches-4f6815614097630dfe507df7bae768d37f3f0627.tar patches-4f6815614097630dfe507df7bae768d37f3f0627.tar.gz |
gnu: gd: Replace with 2.2.5.
Fixes CVE-2017-6362 and CVE-2017-7890.
* gnu/packages/gd.scm (gd)[replacement]: New field.
(gd-2.2.5): New variable.
* gnu/packages/php.scm (gd-for-php): Remove variable
(php)[inputs]: Replace GD-FOR-PHP with GD-2.2.5.
* gnu/packages/patches/gd-CVE-2017-7890.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/gd.scm | 20 | ||||
-rw-r--r-- | gnu/packages/patches/gd-CVE-2017-7890.patch | 30 | ||||
-rw-r--r-- | gnu/packages/php.scm | 13 |
4 files changed, 19 insertions, 45 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 9207966859..708b50e8b6 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -631,7 +631,6 @@ dist_patch_DATA = \ %D%/packages/patches/gcr-disable-failing-tests.patch \ %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch \ %D%/packages/patches/gdk-pixbuf-list-dir.patch \ - %D%/packages/patches/gd-CVE-2017-7890.patch \ %D%/packages/patches/gd-fix-gd2-read-test.patch \ %D%/packages/patches/gd-fix-tests-on-i686.patch \ %D%/packages/patches/gd-freetype-test-failure.patch \ diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm index b4e6ce435b..169f040ee4 100644 --- a/gnu/packages/gd.scm +++ b/gnu/packages/gd.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name> ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -37,12 +38,11 @@ (define-public gd (package (name "gd") - + (replacement gd-2.2.5) ;; Note: With libgd.org now pointing to github.com, genuine old ;; tarballs are no longer available. Notably, versions 2.0.x are ;; missing. (version "2.2.4") - (source (origin (method url-fetch) (uri (string-append @@ -93,6 +93,22 @@ most common applications of GD involve website development.") "See COPYING file in the distribution.")) (properties '((cpe-name . "libgd"))))) +;; For CVE-2017-6362 and CVE-2017-7890. +(define-public gd-2.2.5 + (package + (inherit gd) + (version "2.2.5") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/libgd/libgd/releases/download/gd-" + version "/libgd-" version ".tar.xz")) + (patches (search-patches "gd-fix-tests-on-i686.patch" + "gd-freetype-test-failure.patch")) + (sha256 + (base32 + "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c")))))) + (define-public perl-gd (package (name "perl-gd") diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch deleted file mode 100644 index 66034c5703..0000000000 --- a/gnu/packages/patches/gd-CVE-2017-7890.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001 -From: LEPILLER Julien <julien@lepiller.eu> -Date: Thu, 3 Aug 2017 17:04:17 +0200 -Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory. - -The stack allocated color map buffers were not zeroed before usage, and -so undefined palette indexes could cause information leakage. - -This is CVE-2017-7890. ---- - src/gd_gif_in.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c -index 008d1ec..c195448 100644 ---- a/src/gd_gif_in.c -+++ b/src/gd_gif_in.c -@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd) - - gdImagePtr im = 0; - -+ memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE); -+ memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE); -+ - if(!ReadOK(fd, buf, 6)) { - return 0; - } --- -2.13.3 - diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm index d0afab0931..44fa78d624 100644 --- a/gnu/packages/php.scm +++ b/gnu/packages/php.scm @@ -49,17 +49,6 @@ #:use-module (guix build-system gnu) #:use-module ((guix licenses) #:prefix license:)) -(define gd-for-php - (package - (inherit gd) - (source (origin - (inherit (package-source gd)) - (patches - (append - (origin-patches (package-source gd)) - (search-patches "gd-CVE-2017-7890.patch"))))))) - - (define-public php (package (name "php") @@ -293,7 +282,7 @@ ("curl" ,curl) ("cyrus-sasl" ,cyrus-sasl) ("freetype" ,freetype) - ("gd" ,gd-for-php) + ("gd" ,gd-2.2.5) ("gdbm" ,gdbm) ("glibc" ,glibc) ("gmp" ,gmp) |