From 828b7458582cd6fae0e7dd2375315b6b52149554 Mon Sep 17 00:00:00 2001
From: Julien Lepiller <address@hidden>
Date: Sat, 5 Aug 2017 09:46:13 +0200
Subject: [PATCH] gnu: gd: Fix CVE-2017-7890.

* gnu/packages/gd.scm (gd)[replacement]: New field.
(gd/fixed): New variable.
---
 gnu/packages/gd.scm | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index aac0f9664..48db1b247 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -37,6 +37,7 @@
 (define-public gd
   (package
     (name "gd")
+    (replacement gd/fixed)
 
     ;; Note: With libgd.org now pointing to github.com, genuine old
     ;; tarballs are no longer available.  Notably, versions 2.0.x are
@@ -93,6 +94,16 @@ most common applications of GD involve website development.")
                            "See COPYING file in the distribution."))
     (properties '((cpe-name . "libgd")))))
 
+(define-public gd/fixed
+  (package
+    (inherit gd)
+    (source (origin
+             (inherit (package-source gd))
+             (patches 
+               (append
+                 (origin-patches (package-source gd))
+                 (search-patches "gd-CVE-2017-7890.patch")))))))
+
 (define-public perl-gd
   (package
     (name "perl-gd")
-- 
2.13.4