From 4f6815614097630dfe507df7bae768d37f3f0627 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Wed, 30 Aug 2017 23:41:08 +0200
Subject: gnu: gd: Replace with 2.2.5.

Fixes CVE-2017-6362 and CVE-2017-7890.

* gnu/packages/gd.scm (gd)[replacement]: New field.
(gd-2.2.5): New variable.
* gnu/packages/php.scm (gd-for-php): Remove variable
(php)[inputs]: Replace GD-FOR-PHP with GD-2.2.5.
* gnu/packages/patches/gd-CVE-2017-7890.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/packages/php.scm | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

(limited to 'gnu/packages/php.scm')

diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index d0afab0931..44fa78d624 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -49,17 +49,6 @@ (define-module (gnu packages php)
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:))
 
-(define gd-for-php
-  (package
-    (inherit gd)
-    (source (origin
-             (inherit (package-source gd))
-             (patches 
-               (append
-                 (origin-patches (package-source gd))
-                 (search-patches "gd-CVE-2017-7890.patch")))))))
-
-
 (define-public php
   (package
     (name "php")
@@ -293,7 +282,7 @@ (define-public php
        ("curl" ,curl)
        ("cyrus-sasl" ,cyrus-sasl)
        ("freetype" ,freetype)
-       ("gd" ,gd-for-php)
+       ("gd" ,gd-2.2.5)
        ("gdbm" ,gdbm)
        ("glibc" ,glibc)
        ("gmp" ,gmp)
-- 
cgit v1.2.3