[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
libgd security update / i686 issues
From: |
Leo Famulari |
Subject: |
libgd security update / i686 issues |
Date: |
Thu, 28 Jul 2016 03:23:37 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
libgd 2.2.3 has been released [0], which includes fixes for
CVE-2016-6207.
I built it on x86_64, and also cross-built to i686-linux. The 32-bit rounding
issue that Mark fixed with commit 27326064 was reported upstream [1],
and the suggested workaround is to add "-msse -mfpmath=sse" to CFLAGS
[2].
Having removed Mark's patch, I can cross-build to i686-linux using those
flags. The patch has gone stale with the 2.2.3 release:
---
gdimagerotate/bug00067.c: In function ‘main’:
gdimagerotate/bug00067.c:11:14: error: unused variable ‘filename’
[-Werror=unused-variable]
char *path, filename[2048];
^
gdimagerotate/bug00067.c:11:8: error: unused variable ‘path’
[-Werror=unused-variable]
char *path, filename[2048];
^
cc1: all warnings being treated as errors
Makefile:3120: recipe for target 'gdimagerotate/bug00067.o' failed
---
Should these CFLAGS values be applied unconditionally, as in the
attached patch, or should they be applied only while building on or for
specific architectures? Or something else?
[0]
https://github.com/libgd/libgd/releases/tag/gd-2.2.3
[1]
https://github.com/libgd/libgd/issues/242
[2]
https://github.com/libgd/libgd/commit/62ecc651e7780add5e4035bfc0e6cd060e90f6a9
0001-gnu-gd-Update-to-2.2.3.patch
Description: Text Data
- libgd security update / i686 issues,
Leo Famulari <=
- Re: libgd security update / i686 issues, Andreas Enge, 2016/07/28
- Re: libgd security update / i686 issues, Andreas Enge, 2016/07/28
- Re: libgd security update / i686 issues, Leo Famulari, 2016/07/28
- Re: libgd security update / i686 issues, Mark H Weaver, 2016/07/28
- Re: libgd security update / i686 issues, Leo Famulari, 2016/07/28
- Re: libgd security update / i686 issues, Leo Famulari, 2016/07/28
- Re: libgd security update / i686 issues, Leo Famulari, 2016/07/28
- Re: libgd security update / i686 issues, Mark H Weaver, 2016/07/29
- Re: libgd security update / i686 issues, Leo Famulari, 2016/07/29
- Re: libgd security update / i686 issues, Mark H Weaver, 2016/07/29