Mark H Weaver writes:
> Leo Famulari writes:
>
>> On Thu, Jul 28, 2016 at 01:22:40PM -0400, Mark H Weaver wrote:
>>> I will adapt my patch to the new version.
>>
>> Unfortunately, this new patch makes libgd fail to build from source on
>> x86_64, like this:
On Fri, Jul 29, 2016 at 01:59:15PM -0400, Mark H Weaver wrote:
> Bah, sorry about that. I just pushed an updated patch that builds
> successfully on x86_64 and i686, and hopefully on the others as well.
Thank you!
Leo Famulari writes:
> On Thu, Jul 28, 2016 at 01:22:40PM -0400, Mark H Weaver wrote:
>> I will adapt my patch to the new version.
>
> Unfortunately, this new patch makes libgd fail to build from source on
> x86_64, like this:
>
> gdimagecopyresampled/basic_alpha.c: In
On Fri, Jul 29, 2016 at 05:00:38PM +0200, Ludovic Courtès wrote:
> Leo Famulari skribis:
> > Instead of updating to 2.2.3, we could also try cherry-picking the
> > upstream commits that address this bug, as attached.
>
> Are there any good reasons not to update?
>
> I would
Leo Famulari skribis:
> On Thu, Jul 28, 2016 at 03:23:37AM -0400, Leo Famulari wrote:
>> libgd 2.2.3 has been released [0], which includes fixes for
>> CVE-2016-6207.
>
> Instead of updating to 2.2.3, we could also try cherry-picking the
> upstream commits that address this
On Thu, Jul 28, 2016 at 03:23:37AM -0400, Leo Famulari wrote:
> libgd 2.2.3 has been released [0], which includes fixes for
> CVE-2016-6207.
Instead of updating to 2.2.3, we could also try cherry-picking the
upstream commits that address this bug, as attached.
>From
On Thu, Jul 28, 2016 at 02:56:06PM -0400, Leo Famulari wrote:
> On Thu, Jul 28, 2016 at 01:22:40PM -0400, Mark H Weaver wrote:
> > I will adapt my patch to the new version.
>
> Unfortunately, this new patch makes libgd fail to build from source on
> x86_64, like this:
I reverted the commit on
On Thu, Jul 28, 2016 at 01:22:40PM -0400, Mark H Weaver wrote:
> I will adapt my patch to the new version.
Unfortunately, this new patch makes libgd fail to build from source on
x86_64, like this:
gdimagecopyresampled/basic_alpha.c: In function ‘main’:
gdimagecopyresampled/basic_alpha.c:37:23:
On Thu, Jul 28, 2016 at 01:22:40PM -0400, Mark H Weaver wrote:
> Not all i686 systems have support for SSE. I don't think we should
> apply the upstream suggested workaround, which effectively amounts to
> dropping support for older systems. If we want to add a requirement for
> SSE for i686
Leo Famulari writes:
> On Thu, Jul 28, 2016 at 10:40:49AM +0200, Andreas Enge wrote:
>> Well, the bug report states that the result is correct on armv7. Apparently
>> i686 is not IEEE compliant by default, while armv7 is. So it should be okay
>> to apply the flags only on
On Thu, Jul 28, 2016 at 10:40:49AM +0200, Andreas Enge wrote:
> Well, the bug report states that the result is correct on armv7. Apparently
> i686 is not IEEE compliant by default, while armv7 is. So it should be okay
> to apply the flags only on i686. We assume that SSE, but not SSE2 or later
>
On Thu, Jul 28, 2016 at 03:23:37AM -0400, Leo Famulari wrote:
> I built it on x86_64, and also cross-built to i686-linux. The 32-bit rounding
> issue that Mark fixed with commit 27326064 was reported upstream [1],
> and the suggested workaround is to add "-msse -mfpmath=sse" to CFLAGS
> [2].
On Thu, Jul 28, 2016 at 03:23:37AM -0400, Leo Famulari wrote:
> Should these CFLAGS values be applied unconditionally, as in the
> attached patch, or should they be applied only while building on or for
> specific architectures? Or something else?
They only work on x86 processors, almost by
libgd 2.2.3 has been released [0], which includes fixes for
CVE-2016-6207.
I built it on x86_64, and also cross-built to i686-linux. The 32-bit rounding
issue that Mark fixed with commit 27326064 was reported upstream [1],
and the suggested workaround is to add "-msse -mfpmath=sse" to CFLAGS
[2].
14 matches
Mail list logo