Update to 2.2.5
fix double-free in gdImagePngPtr(). CVE-2017-6362 fix buffer over-read into uninitialized memory. CVE-2017-7890
This commit is contained in:
parent
61160bb118
commit
49b4f7faf0
|
@ -8,3 +8,4 @@ gd-2.0.35.tar.bz2
|
||||||
/libgd-2.2.2.tar.xz
|
/libgd-2.2.2.tar.xz
|
||||||
/libgd-2.2.3.tar.xz
|
/libgd-2.2.3.tar.xz
|
||||||
/libgd-2.2.4.tar.xz
|
/libgd-2.2.4.tar.xz
|
||||||
|
/libgd-2.2.5.tar.xz
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
From 2b3dd57a6ccb2940f2e9119ae04e14362e2a1f61 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Remi Collet <fedora@famillecollet.com>
|
|
||||||
Date: Fri, 22 Jul 2016 08:14:12 +0200
|
|
||||||
Subject: [PATCH] Fix gd2/gd2_read.c:8:6: error: 'error' may be used
|
|
||||||
uninitialized in this function [-Werror=maybe-uninitialized]
|
|
||||||
|
|
||||||
Also report about any error, not only the last one.
|
|
||||||
---
|
|
||||||
tests/gd2/gd2_read.c | 6 +-----
|
|
||||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/gd2/gd2_read.c b/tests/gd2/gd2_read.c
|
|
||||||
index 94fe069..8ce8bd1 100644
|
|
||||||
--- a/tests/gd2/gd2_read.c
|
|
||||||
+++ b/tests/gd2/gd2_read.c
|
|
||||||
@@ -5,7 +5,7 @@
|
|
||||||
|
|
||||||
int main(int argc, char *argv[])
|
|
||||||
{
|
|
||||||
- int error, i = 0;
|
|
||||||
+ int error = 0, i = 0;
|
|
||||||
gdImagePtr im, exp;
|
|
||||||
FILE *fp;
|
|
||||||
char *path[] = {
|
|
||||||
@@ -40,8 +40,6 @@ int main(int argc, char *argv[])
|
|
||||||
gdTestErrorMsg("image %s differs from expected result\n", path[i]);
|
|
||||||
gdImageDestroy(im);
|
|
||||||
error = 1;
|
|
||||||
- } else {
|
|
||||||
- error = 0;
|
|
||||||
}
|
|
||||||
if (exp) {
|
|
||||||
gdImageDestroy(exp);
|
|
||||||
@@ -52,8 +50,6 @@ int main(int argc, char *argv[])
|
|
||||||
gdTestErrorMsg("image %s should have failed to be loaded\n", path[i]);
|
|
||||||
gdImageDestroy(im);
|
|
||||||
error = 1;
|
|
||||||
- } else {
|
|
||||||
- error = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
i++;
|
|
|
@ -1,50 +0,0 @@
|
||||||
From c9b601a658a79e6ea2aad29fbf60ca6e24ccef1e Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
|
||||||
Date: Wed, 18 Jan 2017 13:59:02 +0100
|
|
||||||
Subject: [PATCH] Fix build issue regarding INT_MAX
|
|
||||||
|
|
||||||
For portability gd_gd2.c needs to include <limits.h>.
|
|
||||||
---
|
|
||||||
src/gd_gd2.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
|
|
||||||
index c2904ca..049c4c5 100644
|
|
||||||
--- a/src/gd_gd2.c
|
|
||||||
+++ b/src/gd_gd2.c
|
|
||||||
@@ -74,6 +74,7 @@
|
|
||||||
|
|
||||||
/* 2.0.29: no more errno.h, makes windows happy */
|
|
||||||
#include <math.h>
|
|
||||||
+#include <limits.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include "gd.h"
|
|
||||||
#include "gd_errors.h"
|
|
||||||
|
|
||||||
|
|
||||||
From 55ac28a293eaa8c531870c8bb8ecc04b333975f4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
|
||||||
Date: Thu, 19 Jan 2017 01:02:58 +0100
|
|
||||||
Subject: [PATCH] Fix #357: 2.2.4: Segfault in test suite.
|
|
||||||
|
|
||||||
We make sure to never pass a negative `int` as argument to a `size_t`
|
|
||||||
parameter.
|
|
||||||
---
|
|
||||||
src/gd_io_dp.c | 4 ++++
|
|
||||||
1 file changed, 4 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
|
|
||||||
index eda2eeb..cb38794 100644
|
|
||||||
--- a/src/gd_io_dp.c
|
|
||||||
+++ b/src/gd_io_dp.c
|
|
||||||
@@ -292,6 +292,10 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
|
|
||||||
rlen = dp->realSize - dp->pos;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (rlen < 0) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
memcpy(buf, (void *) ((char *)dp->data + dp->pos), rlen);
|
|
||||||
dp->pos += rlen;
|
|
||||||
|
|
26
gd.spec
26
gd.spec
|
@ -4,8 +4,8 @@
|
||||||
|
|
||||||
Summary: A graphics library for quick creation of PNG or JPEG images
|
Summary: A graphics library for quick creation of PNG or JPEG images
|
||||||
Name: gd
|
Name: gd
|
||||||
Version: 2.2.4
|
Version: 2.2.5
|
||||||
Release: 5%{?prever}%{?short}%{?dist}
|
Release: 1%{?prever}%{?short}%{?dist}
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://libgd.github.io/
|
URL: http://libgd.github.io/
|
||||||
|
@ -18,8 +18,6 @@ Source0: https://github.com/libgd/libgd/releases/download/gd-%{version}/li
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Patch1: gd-2.1.0-multilib.patch
|
Patch1: gd-2.1.0-multilib.patch
|
||||||
Patch2: gd-2.2.3-tests.patch
|
|
||||||
Patch3: gd-2.2.4-upstream.patch
|
|
||||||
|
|
||||||
BuildRequires: freetype-devel
|
BuildRequires: freetype-devel
|
||||||
BuildRequires: fontconfig-devel
|
BuildRequires: fontconfig-devel
|
||||||
|
@ -80,16 +78,6 @@ files for gd, a graphics library for creating PNG and JPEG graphics.
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n libgd-%{version}%{?prever:-%{prever}}
|
%setup -q -n libgd-%{version}%{?prever:-%{prever}}
|
||||||
%patch1 -p1 -b .mlib
|
%patch1 -p1 -b .mlib
|
||||||
%patch2 -p1 -b .build
|
|
||||||
%patch3 -p1 -b .upstream
|
|
||||||
|
|
||||||
%if 0%{?fedora} >= 26
|
|
||||||
# TODO - tests using freetype 2.7 are failing
|
|
||||||
# https://github.com/libgd/libgd/issues/302
|
|
||||||
# https://github.com/libgd/libgd/issues/217
|
|
||||||
sed -i -e "s|libgd_test_programs +=|libgd_freetype_test_program =|" tests/freetype/Makemodule.am
|
|
||||||
sed -i -e "s|libgd_test_programs +=|libgd_freetype_test_program +=|" tests/gdimagestringft/Makemodule.am
|
|
||||||
%endif
|
|
||||||
|
|
||||||
: $(perl config/getver.pl)
|
: $(perl config/getver.pl)
|
||||||
|
|
||||||
|
@ -138,11 +126,6 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libgd.a
|
||||||
# See https://github.com/libgd/libgd/issues/359
|
# See https://github.com/libgd/libgd/issues/359
|
||||||
XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS"
|
XFAIL_TESTS="gdimagegrayscale/basic $XFAIL_TESTS"
|
||||||
%endif
|
%endif
|
||||||
%if 0%{?fedora} >= 26
|
|
||||||
# See https://github.com/libgd/libgd/issues/363
|
|
||||||
XFAIL_TESTS="freetype/bug00132 $XFAIL_TESTS"
|
|
||||||
XFAIL_TESTS="gdimagestringft/gdimagestringft_bbox $XFAIL_TESTS"
|
|
||||||
%endif
|
|
||||||
|
|
||||||
export XFAIL_TESTS
|
export XFAIL_TESTS
|
||||||
|
|
||||||
|
@ -175,6 +158,11 @@ grep %{version} $RPM_BUILD_ROOT%{_libdir}/pkgconfig/gdlib.pc
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 30 2017 Remi Collet <remi@fedoraproject.org> - 2.2.5-1
|
||||||
|
- Update to 2.2.5
|
||||||
|
- fix double-free in gdImagePngPtr(). CVE-2017-6362
|
||||||
|
- fix buffer over-read into uninitialized memory. CVE-2017-7890
|
||||||
|
|
||||||
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.4-5
|
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.4-5
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
||||||
SHA512 (libgd-2.2.4.tar.xz) = 07903f322c4f6ab392508b0f60c38ca133699111ea92995dc6cd9379210d598bcb24a46c19657884d9e252f8663d0ee8c89c600e3a382a5ae598198c190f39b5
|
SHA512 (libgd-2.2.5.tar.xz) = 946675b0a9dbecdee3dda927d496a35d6b5b071d3252a82cd649db0d959a82fcc65ce067ec34d07eed0e0497cd92cc0d93803609a4854f42d284e950764044d0
|
||||||
|
|
Loading…
Reference in New Issue