Newsgroups: php.internals,php.internals.win Path: news.php.net Xref: news.php.net php.internals:125515 php.internals.win:1304 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 419CD1A00BD; Wed, 11 Sep 2024 22:03:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1726092357; bh=0MHdMRUE2zBUKI5PVsBM6+MSxIQ34zEErkpAr2B/+/Q=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=TjRXRkwrl+PMDNXSC95Jm1qKC1Z3EM6Wetn6UFRY8J/rwvimdo3rBpURd8c4GizHl +28WvRo8/tA0TeKHn4OsLxzIoo1nNuHvPx+vaol4KM6lY7hv/riqsJIYWQST9i8DjX buyzC9nzh4TuPGPP0djk5S8sHDLKLM79MEK7ZZrjvKF+GJMBWRKscBUhmH9IkqgXrO jlKkLDIqFIVLCPHs4i196qOS3aZcCBN9bp23GShKRkDJQExNhs40Eta+pqTocw+lXr fza67s2RinZtxi0ufIT8ek2ZY1nFVWUhak8lGy2hThGGaX6hqGYv9jehi03HlSbqGq t5Rk2dD0pZWFQ== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 2C565180072; Wed, 11 Sep 2024 22:05:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS; Wed, 11 Sep 2024 22:05:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1726092226; x=1726697026; i=cmbecker69@gmx.de; bh=Zx2E2x5aG7hpAhsMm8ENhPQX23Nqq3hh9iITa/qZvV8=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject:To:Cc: References:From:In-Reply-To:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=FRkAKvhQXlnjhPXYwrFvSi1h5UwOw4xCl6YWbsmCkSAJQtFIwe+IQXaOLJBLVHGu s4t1DuyURHxvdKVqnVqYkDJlOokiIKNJZ/Y4sO++k90h3tObevbseeZ4/xE7jvEWS 5jnW6A5xmKPuVwDVtKBagK6tTir/I7wFWR9cYj1Isxm1UZFBF3dAWyxc4dhwBxd1M 2lzt8PR0Q4kTvarED3KkXqSRcqmpt3VMukBl+gy3eZs4swHo4gASOivvBWwCYcoab ibyRNWuTxYtclXkiQUafU73z4wuKV9mhIw8BI1kc2eUxWJWFOeiXEBsycC0aYqoM5 Xhx5mGen8gt4mSKH8Q== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from [192.168.2.130] ([79.251.205.37]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N95iR-1ruMIH0yvv-01674e; Thu, 12 Sep 2024 00:03:46 +0200 Message-ID: <97b554b2-1db2-485e-a706-8dd5dd52ba2d@gmx.de> Date: Thu, 12 Sep 2024 00:03:46 +0200 Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PHP-DEV] Re: [INTERNALS-WIN] ext/gd: drop XPM support on Windows Content-Language: de-DE To: JB , "Christoph M. Becker" , PHP internals list Cc: internals-win References: <218fd308-4fd3-458f-bbf6-d8209e19f3c6@nahan.fr> In-Reply-To: <218fd308-4fd3-458f-bbf6-d8209e19f3c6@nahan.fr> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:YOau45bMbDPFne5YS/LLnoF5MJlBJL8APCUGkEXIKwZA/CKII/Y EPG5vEkEqUhHS/CBYNiuN8+9at387Qhz6POQYNhdwQ5uk2u9mwMXpbZXjrXV68LzMBXLvN8 IZ4Rv8k/MuVW3AoJOPau/K3dTZ6cfxr27tRlwcV5NFw72AkX6lJti1O72Xr+UjiEdVD5dJ2 MGueABbzS4xE2sG/aVLeg== UI-OutboundReport: notjunk:1;M01:P0:1nKZIJstVtc=;sC1j1DcRmHqvQMA4iPg8Rpjizjr h3tg7T4LUMV9y6QEWKV02QAF6EakkLWwk4h/xsEwRXzx5GAaXa0cIWXYwm9BkWsN9dOvSwQsa 7SBKh8I+cCAUxJOAsXzSQ5sse6jYQoQvXjsH7UwG/jIhgKFDx9ABaJ/h1G4q41UONYRB+jhiz /16V+B4G1mPzGndU38BI53FkTYRQ5kvV2+FoKeIpE7lO0mCG+XJVgcOOUWVuoBHaIoiYHe2yX HGOMdjtT1pa63pGULcdTaUF9IZkyWfF0c760Fb3bwjk0+Zt+6erdAHYE3h3gMFx/TTijq6rmD GELQi07/xj4q+coTM9bMwRu42KWuddNfnAEz3zqwd4q4Mqm5aeu0HNuV4sVkRDtqVhmMFPtv0 mWOroFRKIYuB2E/REUXvMTzeasDmonFcVHtMmV3SbJYG9athGWmtcFKZ3T7LmVCnjnua+QNNG dEkMYr3pIQKymlsZeJIOVkS+Fz0l+46QzW1+GQQhq9DEwsNFa13WacNkcT4fRLbJOzld0wD+s lcCkoIcDHKBbCQGl+VE0CtjoBLpziscEKD8XWODaOGo7zIb7agLfZmEYQFEwACIjDRIlpzLyk Me9qgCPMwGeW5yBaSbr6lQMD985ODi9B1136J1HfOG7XsR87GVh4V+ZnIS7lKVwX87qgIBKg5 dhw3XywZfz5tlUA8ZIc4QsrmpMDrox1YYSY8+3EYpF6gRBWZYKdpCmgRu+qofKvc/43pmPJcx hf1edcNKr9V9fq3GGgPLONafDgA6TaBmBndS1soW9sceSGGZwmJ9h3D6bddh75varE4xisDKI xetdZwakYKiB4/8E0aFbCWpQ== From: cmbecker69@gmx.de ("Christoph M. Becker") On 11.09.2024 at 23:27, JB wrote: > The GD PHP extension defines "imagecreatefromxpm" functions. How do you > manage it if XPM support is disabled? Oh, wow, gd/config.w32 needs to be fixed (anyway). As is, if libxpm is not available, ext/gd can't be built, what makes no sense, since the code which needs libxpm is already guarded by HAVE_GD_XPM. > GD (libxpm) must be updated for the currently supported PHP versions to > provide a security fix. Yeah, although I'm not really concerned about this, since I consider it highly unlikely that any PHP code running on Windows accepts XPM images from untrusted sources. > I have applied 5 patches on the master branch of winlibs/libxpm on > php-win-ext fork [1] and tagged "libxpm-3.5.12-1". The patch for the > last CVE has been manually integrated. > > How do we integrate this fix? Patch on winlibs-builder? PR on > winlibs/libxpm repository? This should be fixed in winlibs/libxpm. The patch in winlib-builder doesn't make sense; I think I did this to make it easier to update libxpm, though in hindsight this was probably a bad idea. Christoph