Re: libgd security update / i686 issues

[Leo Famulari]

On Fri, Jul 29, 2016 at 05:00:38PM +0200, Ludovic Courtès wrote:
> Leo Famulari <address@hidden> skribis:
> > Instead of updating to 2.2.3, we could also try cherry-picking the
> > upstream commits that address this bug, as attached.
> 
> Are there any good reasons not to update?
> 
> I would tend to update, which sounds simpler and will have to be done
> anyway, but maybe I’m overlooking something.

I tried the update, because it's indeed simpler, but that breaks the
libgd build on i686-linux due to a test failure. Upstream suggests to
build with '-msse -mfpmath-sse'. But, as Mark pointed out, this would
mean we drop support for older i686 hardware without SSE, at least for
software that uses libgd.

The patch that Mark has in the current package tree works around this,
and he also updated his patch for the new version of libgd.

Unfortunately, it seems that the upstream developers have turned on
-Werror. So, Mark's approach makes the build fail on, at least, x86_64,
due to warnings about unused variables being treated as errors. I pasted
these error messages elsehwere in this thread.

I don't really like cherry-picking these commits; they are not from the
correct gd-2.2.2 branch.

We could also try deleting the test, disabling -Werror, complaining to
upstream, take another approach at disabling the test conditionally, or
... something else?