diff options
Diffstat (limited to 'pkgs/development/libraries/gd')
-rw-r--r-- | pkgs/development/libraries/gd/CVE-2016-3074.patch | 13 | ||||
-rw-r--r-- | pkgs/development/libraries/gd/default.nix | 37 |
2 files changed, 38 insertions, 12 deletions
diff --git a/pkgs/development/libraries/gd/CVE-2016-3074.patch b/pkgs/development/libraries/gd/CVE-2016-3074.patch new file mode 100644 index 0000000000000..76994697729bf --- /dev/null +++ b/pkgs/development/libraries/gd/CVE-2016-3074.patch @@ -0,0 +1,13 @@ +diff --git a/src/gd_gd2.c b/src/gd_gd2.c +index 6f28461..a50b33d 100644 +--- a/src/gd_gd2.c ++++ b/src/gd_gd2.c +@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy, + if (gdGetInt (&cidx[i].size, in) != 1) { + goto fail2; + }; ++ if (cidx[i].offset < 0 || cidx[i].size < 0) ++ goto fail2; + }; + *chunkIdx = cidx; + }; diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index b581bce24b190..47218a803c024 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -1,23 +1,36 @@ -{stdenv, fetchurl, zlib, libpng, freetype, libjpeg, fontconfig}: +{ stdenv, fetchurl +, pkgconfig +, zlib +, libjpeg +, libpng +, libtiff ? null +, libXpm ? null +, fontconfig +, freetype +}: -stdenv.mkDerivation { - name = "gd-2.0.35"; +stdenv.mkDerivation rec { + name = "gd-${version}"; + version = "2.1.1"; src = fetchurl { - url = http://www.libgd.org/releases/gd-2.0.35.tar.bz2; - sha256 = "1y80lcmb8qbzf0a28841zxhq9ndfapmh2fsrqfd9lalxfj8288mz"; + url = "https://github.com/libgd/libgd/releases/download/${name}/libgd-${version}.tar.xz"; + sha256 = "11djy9flzxczphigqgp7fbbblbq35gqwwhn9xfcckawlapa1xnls"; }; - buildInputs = [zlib libpng freetype]; - - propagatedBuildInputs = [libjpeg fontconfig]; # urgh + patches = [ + ./CVE-2016-3074.patch + ]; hardeningDisable = [ "format" ]; - configureFlags = "--without-x"; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ zlib fontconfig freetype libjpeg libpng libtiff libXpm ]; - meta = { - homepage = http://www.libgd.org/; - description = "An open source code library for the dynamic creation of images by programmers"; + meta = with stdenv.lib; { + homepage = https://libgd.github.io/; + description = "A dynamic image creation library"; + license = licenses.free; # some custom license + platforms = platforms.unix; }; } |