Re: [INTERNALS-WIN] ext/gd: drop XPM support on Windows
On 11.09.2024 at 23:27, JB wrote:
> The GD PHP extension defines "imagecreatefromxpm" functions. How do you
> manage it if XPM support is disabled?
Oh, wow, gd/config.w32 needs to be fixed (anyway). As is, if libxpm is
not available, ext/gd can't be built, what makes no sense, since the
code which needs libxpm is already guarded by HAVE_GD_XPM.
> GD (libxpm) must be updated for the currently supported PHP versions to
> provide a security fix.
Yeah, although I'm not really concerned about this, since I consider it
highly unlikely that any PHP code running on Windows accepts XPM images
from untrusted sources.
> I have applied 5 patches on the master branch of winlibs/libxpm on
> php-win-ext fork [1] and tagged "libxpm-3.5.12-1". The patch for the
> last CVE has been manually integrated.
>
> How do we integrate this fix? Patch on winlibs-builder? PR on
> winlibs/libxpm repository?
This should be fixed in winlibs/libxpm. The patch in winlib-builder
doesn't make sense; I think I did this to make it easier to update
libxpm, though in hindsight this was probably a bad idea.
Christoph
Thread (8 messages)