(address . guix-patches@gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)
Fixes CVE-2017-6362 and CVE-2017-7890.
* gnu/packages/gd.scm (gd)[replacement]: New field.
(gd-2.2.5): New variable.
* gnu/packages/php.scm (gd-for-php): Remove variable
(php)[inputs]: Replace GD-FOR-PHP with GD-2.2.5.
* gnu/packages/patches/gd-CVE-2017-7890.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
gnu/local.mk | 1 -
gnu/packages/gd.scm | 20 +++++++++++++++++--
gnu/packages/patches/gd-CVE-2017-7890.patch | 30 -----------------------------
gnu/packages/php.scm | 13 +------------
4 files changed, 19 insertions(+), 45 deletions(-)
delete mode 100644 gnu/packages/patches/gd-CVE-2017-7890.patch
Toggle diff (130 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 920796685..708b50e8b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -631,7 +631,6 @@ dist_patch_DATA = \
%D%/packages/patches/gcr-disable-failing-tests.patch \
%D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch \
%D%/packages/patches/gdk-pixbuf-list-dir.patch \
- %D%/packages/patches/gd-CVE-2017-7890.patch \
%D%/packages/patches/gd-fix-gd2-read-test.patch \
%D%/packages/patches/gd-fix-tests-on-i686.patch \
%D%/packages/patches/gd-freetype-test-failure.patch \
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index b4e6ce435..169f040ee 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -37,12 +38,11 @@
(define-public gd
(package
(name "gd")
-
+ (replacement gd-2.2.5)
;; Note: With libgd.org now pointing to github.com, genuine old
;; tarballs are no longer available. Notably, versions 2.0.x are
;; missing.
(version "2.2.4")
-
(source (origin
(method url-fetch)
(uri (string-append
@@ -93,6 +93,22 @@ most common applications of GD involve website development.")
"See COPYING file in the distribution."))
(properties '((cpe-name . "libgd")))))
+;; For CVE-2017-6362 and CVE-2017-7890.
+(define-public gd-2.2.5
+ (package
+ (inherit gd)
+ (version "2.2.5")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/libgd/libgd/releases/download/gd-"
+ version "/libgd-" version ".tar.xz"))
+ (patches (search-patches "gd-fix-tests-on-i686.patch"
+ "gd-freetype-test-failure.patch"))
+ (sha256
+ (base32
+ "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c"))))))
+
(define-public perl-gd
(package
(name "perl-gd")
diff --git a/gnu/packages/patches/gd-CVE-2017-7890.patch b/gnu/packages/patches/gd-CVE-2017-7890.patch
deleted file mode 100644
index 66034c570..000000000
--- a/gnu/packages/patches/gd-CVE-2017-7890.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001
-From: LEPILLER Julien <julien@lepiller.eu>
-Date: Thu, 3 Aug 2017 17:04:17 +0200
-Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory.
-
-The stack allocated color map buffers were not zeroed before usage, and
-so undefined palette indexes could cause information leakage.
-
-This is CVE-2017-7890.
----
- src/gd_gif_in.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
-index 008d1ec..c195448 100644
---- a/src/gd_gif_in.c
-+++ b/src/gd_gif_in.c
-@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
-
- gdImagePtr im = 0;
-
-+ memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE);
-+ memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE);
-+
- if(!ReadOK(fd, buf, 6)) {
- return 0;
- }
---
-2.13.3
-
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index d0afab093..44fa78d62 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -49,17 +49,6 @@
#:use-module (guix build-system gnu)
#:use-module ((guix licenses) #:prefix license:))
-(define gd-for-php
- (package
- (inherit gd)
- (source (origin
- (inherit (package-source gd))
- (patches
- (append
- (origin-patches (package-source gd))
- (search-patches "gd-CVE-2017-7890.patch")))))))
-
-
(define-public php
(package
(name "php")
@@ -293,7 +282,7 @@
("curl" ,curl)
("cyrus-sasl" ,cyrus-sasl)
("freetype" ,freetype)
- ("gd" ,gd-for-php)
+ ("gd" ,gd-2.2.5)
("gdbm" ,gdbm)
("glibc" ,glibc)
("gmp" ,gmp)
--
2.14.1