diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-05-18 17:10:02 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-05-18 17:10:02 +0200 |
commit | f8d481754cf842ca6e6ac1427ce0f571f5a44108 (patch) | |
tree | 70e702285987429aed275e0d5e2dc15c050e1f8c /pkgs/development/libraries/gd | |
parent | 9fbc20e2f89bc045efac7ade41949a2c2d571dec (diff) | |
parent | 3cd63ade1614d4c581735ffb0cebe181bf87dfc8 (diff) | |
download | nixpkgs-f8d481754cf842ca6e6ac1427ce0f571f5a44108.tar nixpkgs-f8d481754cf842ca6e6ac1427ce0f571f5a44108.tar.gz nixpkgs-f8d481754cf842ca6e6ac1427ce0f571f5a44108.tar.bz2 nixpkgs-f8d481754cf842ca6e6ac1427ce0f571f5a44108.tar.lz nixpkgs-f8d481754cf842ca6e6ac1427ce0f571f5a44108.tar.xz nixpkgs-f8d481754cf842ca6e6ac1427ce0f571f5a44108.tar.zst nixpkgs-f8d481754cf842ca6e6ac1427ce0f571f5a44108.zip |
Merge remote-tracking branch 'origin/master' into hardened-stdenv
Diffstat (limited to 'pkgs/development/libraries/gd')
-rw-r--r-- | pkgs/development/libraries/gd/CVE-2016-3074.patch | 13 | ||||
-rw-r--r-- | pkgs/development/libraries/gd/default.nix | 37 |
2 files changed, 38 insertions, 12 deletions
diff --git a/pkgs/development/libraries/gd/CVE-2016-3074.patch b/pkgs/development/libraries/gd/CVE-2016-3074.patch new file mode 100644 index 00000000000..76994697729 --- /dev/null +++ b/pkgs/development/libraries/gd/CVE-2016-3074.patch @@ -0,0 +1,13 @@ +diff --git a/src/gd_gd2.c b/src/gd_gd2.c +index 6f28461..a50b33d 100644 +--- a/src/gd_gd2.c ++++ b/src/gd_gd2.c +@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, + if (gdGetInt (&cidx[i].size, in) != 1) { + goto fail2; + }; ++ if (cidx[i].offset < 0 || cidx[i].size < 0) ++ goto fail2; + }; + *chunkIdx = cidx; + }; diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index b581bce24b1..47218a803c0 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -1,23 +1,36 @@ -{stdenv, fetchurl, zlib, libpng, freetype, libjpeg, fontconfig}: +{ stdenv, fetchurl +, pkgconfig +, zlib +, libjpeg +, libpng +, libtiff ? null +, libXpm ? null +, fontconfig +, freetype +}: -stdenv.mkDerivation { - name = "gd-2.0.35"; +stdenv.mkDerivation rec { + name = "gd-${version}"; + version = "2.1.1"; src = fetchurl { - url = http://www.libgd.org/releases/gd-2.0.35.tar.bz2; - sha256 = "1y80lcmb8qbzf0a28841zxhq9ndfapmh2fsrqfd9lalxfj8288mz"; + url = "https://github.com/libgd/libgd/releases/download/${name}/libgd-${version}.tar.xz"; + sha256 = "11djy9flzxczphigqgp7fbbblbq35gqwwhn9xfcckawlapa1xnls"; }; - buildInputs = [zlib libpng freetype]; - - propagatedBuildInputs = [libjpeg fontconfig]; # urgh + patches = [ + ./CVE-2016-3074.patch + ]; hardeningDisable = [ "format" ]; - configureFlags = "--without-x"; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ zlib fontconfig freetype libjpeg libpng libtiff libXpm ]; - meta = { - homepage = http://www.libgd.org/; - description = "An open source code library for the dynamic creation of images by programmers"; + meta = with stdenv.lib; { + homepage = https://libgd.github.io/; + description = "A dynamic image creation library"; + license = licenses.free; # some custom license + platforms = platforms.unix; }; } |