summary refs log tree commit diff
path: root/gnu/packages/gd.scm
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-08-30 23:41:08 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-08-31 02:49:43 +0200
commit4f6815614097630dfe507df7bae768d37f3f0627 (patch)
tree807ee60a94752d6fb2b83b197de50b031db6863f /gnu/packages/gd.scm
parentcad88b853375089f22da0ebb436fd38eb23aa593 (diff)
downloadguix-4f6815614097630dfe507df7bae768d37f3f0627.tar.gz
gnu: gd: Replace with 2.2.5.
Fixes CVE-2017-6362 and CVE-2017-7890.

* gnu/packages/gd.scm (gd)[replacement]: New field.
(gd-2.2.5): New variable.
* gnu/packages/php.scm (gd-for-php): Remove variable
(php)[inputs]: Replace GD-FOR-PHP with GD-2.2.5.
* gnu/packages/patches/gd-CVE-2017-7890.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages/gd.scm')
-rw-r--r--gnu/packages/gd.scm20
1 files changed, 18 insertions, 2 deletions
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index b4e6ce435b..169f040ee4 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,12 +38,11 @@
 (define-public gd
   (package
     (name "gd")
-
+    (replacement gd-2.2.5)
     ;; Note: With libgd.org now pointing to github.com, genuine old
     ;; tarballs are no longer available.  Notably, versions 2.0.x are
     ;; missing.
     (version "2.2.4")
-
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -93,6 +93,22 @@ most common applications of GD involve website development.")
                            "See COPYING file in the distribution."))
     (properties '((cpe-name . "libgd")))))
 
+;; For CVE-2017-6362 and CVE-2017-7890.
+(define-public gd-2.2.5
+  (package
+    (inherit gd)
+    (version "2.2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/libgd/libgd/releases/download/gd-"
+                    version "/libgd-" version ".tar.xz"))
+              (patches (search-patches "gd-fix-tests-on-i686.patch"
+                                       "gd-freetype-test-failure.patch"))
+              (sha256
+               (base32
+                "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c"))))))
+
 (define-public perl-gd
   (package
     (name "perl-gd")