Merge pull request #15323 from joachifm/libgd

gd: 2.0.35 -> 2.1.1

pkgs/development/libraries/gd/CVE-2016-3074.patch

@@ -0,0 +1,13 @@
+diff --git a/src/gd_gd2.c b/src/gd_gd2.c
+index 6f28461..a50b33d 100644
+--- a/src/gd_gd2.c
++++ b/src/gd_gd2.c
+@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
+ 			if (gdGetInt (&cidx[i].size, in) != 1) {
+ 				goto fail2;
+ 			};
++			if (cidx[i].offset < 0 || cidx[i].size < 0)
++				goto fail2;
+ 		};
+ 		*chunkIdx = cidx;
+ 	};

pkgs/development/libraries/gd/default.nix

@@ -1,21 +1,34 @@
-{stdenv, fetchurl, zlib, libpng, freetype, libjpeg, fontconfig}:
+{ stdenv, fetchurl
+, pkgconfig
+, zlib
+, libjpeg
+, libpng
+, libtiff ? null
+, libXpm ? null
+, fontconfig
+, freetype
+}:
+
+stdenv.mkDerivation rec {
+  name = "gd-${version}";
+  version = "2.1.1";
 
-stdenv.mkDerivation {
-  name = "gd-2.0.35";
-  
   src = fetchurl {
-    url = http://www.libgd.org/releases/gd-2.0.35.tar.bz2;
-    sha256 = "1y80lcmb8qbzf0a28841zxhq9ndfapmh2fsrqfd9lalxfj8288mz";
+    url = "https://github.com/libgd/libgd/releases/download/${name}/libgd-${version}.tar.xz";
+    sha256 = "11djy9flzxczphigqgp7fbbblbq35gqwwhn9xfcckawlapa1xnls";
   };
-  
-  buildInputs = [zlib libpng freetype];
 
-  propagatedBuildInputs = [libjpeg fontconfig]; # urgh
+  patches = [
+    ./CVE-2016-3074.patch
+  ];
 
-  configureFlags = "--without-x";
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ zlib fontconfig freetype libjpeg libpng libtiff libXpm ];
 
-  meta = {
-    homepage = http://www.libgd.org/;
-    description = "An open source code library for the dynamic creation of images by programmers";
+  meta = with stdenv.lib; {
+    homepage = https://libgd.github.io/;
+    description = "A dynamic image creation library";
+    license = licenses.free; # some custom license
+    platforms = platforms.unix;
   };
 }